- All connections to Orchestrator are made from a single place, the Azure hosted Apps Service application.
- All calls to Orchestrator are authenticated calls in line with the security model exposed by Orchestrator. Please see https://docs.uipath.com/orchestrator/reference/authenticating
- Credential obtained from the user to talk to Orchestrator is used for all communication with Orchestrator both at design time when authoring the app as well as runtime when executing the app. The identity of the user who is designing or running the app itself has no bearing here.
- After initially obtaining the credential from the app designer, the credential is stored in the Apps backend with encryption at rest to enable seamless and uninterrupted design and runtime experience for all users of the app
- Apps service sets up a secure webhook callback over https on process lifecycle events to help detect when processes start, stop, error out etc. This follows the best practices mentioned in the About Webhooks page.
- No process-related data is stored on the Apps backend. The only information that is persisted is metadata around the identity of the process/es that are being used by a specific app.
- Apps can invoke both attended and unattended Orchestrator processes. An app designer can choose to run a process through the connected Orchestrator or directly on the local computer on which the app is running using UiPath RobotJS (see https://robotjs.uipath.com/).
- In the local robot scenario, process execution is invoked from the browser to the locally running robot and communication does not leave computer boundaries.
- In the process execution via Orchestrator option, the complete lifecycle of the process is managed by Orchestrator, and UiPath Apps plays no role in the same other than listening to process lifecycle events using the webhook callback.
The Apps service uses the outgoing IPs for all external communications:
Traffic from this IPs needs to be allowed through the Organization DMZ firewall and any other intermediate firewalls including the firewall on the computer/s in which Orchestrator application is hosted.
Please note that this IPs may change going forward as we continue to enhance the product
- The associated port on which Orchestrator application is hosted needs to be exposed through the DMZ on all relevant firewalls (see previous point)
- An orchestrator user who has read and execute access to relevant processes whose credential will be used from UiPath Apps to talk to Orchestrator
- If using local robot process execution through robotjs, please ensure robotjs is properly configured using instructions provided at https://robotjs.uipath.com/
- Ensure that the On-Premise hosted Orchestrator is only accessible through a secure https channel
- Create a low privilege user in Orchestrator that only has read and execute access to just the desired processes and use that for the integration.
- Are the UiPath Apps outgoing IPs whitelisted?
- Is the Orchestrator port whitelisted?
- Is the correct URL with port being used in the Orchestrator URL field?\
- Has it been confirmed that the credentials provided when connecting to Orchestrator are correct?
- Do the credentials provided have the permissions to list/run processes?
- Does the user whose credential was configured during App Design have read access to the folder in which the desired processes reside?
- Are the UiPath Apps outgoing IPs still whitelisted?
- Is the Orchestrator port still whitelisted?
- Does the user whose credential was configured during App Design still exist?
- Does the user whose credential was configured during App Design still have the same credentials?
- Does the process and the exact version that is executed still exist in Orchestrator in the same folder or anything has changed?
- If running processes locally, is Robotjs configured correctly, and is able to properly handshake with the robot?
- Has the process being executed on the local robot been downloaded to the robot prior to executing the same through the app?
- Does the user whose credential was configured during App Design have to execute access to the process?
Updated 20 days ago