- Getting started
- Data security and compliance
- Organizations
- Authentication and security
- Licensing
- Tenants and services
- Accounts and roles
- About accounts and groups
- Managing accounts and groups
- Roles
- Role management
- External applications
- Notifications
- Logging
- Troubleshooting
- Migrating to Automation Cloud Dedicated
Automation Cloud Dedicated admin guide
You can manage and assign service-level roles from within each service and you need the appropriate permissions in the service.
For example, users with the Administrator role in Orchestrator can create and edit roles, and assign roles to existing accounts.
There are two ways to assign roles to an account:
- Direct provisioning implies manually assigning roles to an existing account. You can do this by adding the account to a group, by assigning service-level roles to the account directly, or a combination of both.
- Auto-provisioning is only applicable if your UiPath organization is integrated with a third-party identity provider (IdP), such as Microsoft Entra ID). In this case, to fully hand off identity and access management to the external provider, you can set up the UiPath platform so that any directory account can receive the appropriate roles without the need for any actions in the UiPath platform. The IdP administrator then has control over a user's access and rights in the UiPath organization by creating and configuring the account in the external provider alone.
Assigning organization-level roles
Organization-level roles are predefined and cannot be changed.
Organization administrators can assign organization-level roles to individual accounts from Admin > Accounts and Groups by adding accounts to a default or custom group.
If you have linked your UiPath organization to a directory, such as Microsoft Entra ID, then it is possible to also assign organization-level roles to directory groups by adding them to groups, same as with accounts. This is not possible with local groups.
Managing service-level roles
You manage and assign service-level roles from within the services. You can assign roles to groups (recommended), or to accounts that have already been added.
For information and instructions, refer to the applicable documentation, as described in the following table:
|
Service |
Details |
|---|---|
|
Orchestrator |
Managed from Orchestrator. |
|
Actions |
Managed from Orchestrator.
|
|
Processes |
Managed from Orchestrator.
|
|
Data Service |
Managed from Data Service.
|
| Document Understanding™ |
Managed from Document Understanding. For more information about which roles are required and instructions for assigning them, refer to Role-based access control . |
|
Test Manager |
Managed from Test Manager. For information and instructions, refer to User and group access management. |
Assigning roles to an account
If you want to control the access a certain account has in a service at a more granular level, but you do not want to add new roles to an entire group, you can explicitly add the account to the service and assign one or more service-level roles to it directly.
For information about the available roles and instructions, refer to the documentation for the target service, as previously described.
Through auto-provisioning, any directory account can be set up with access and rights for using the UiPath platform directly from the external identity provider (IdP).
Auto-provisioning requires a one-time setup after you enable an integration with a third-party IdP: Microsoft Entra ID or other IdPs that are connected used SAML integration.
