Your organization can use the following models for creating users in Automation Cloud:
- The invitation-based model, which is the default model set for any new organization. The organization administrator manually adds the email addresses of users to send an email invitation to join the Automation Cloud organization. In turn, users create a UiPath account as they accept the invitation, which is the identity they use to sign in to Automation Cloud.
This model is compatible with the other models. If you choose to use any of the other models, you can continue to create users in Automation Cloud by invitation.
- The Azure Active Directory model: If you have a Microsoft Azure or Office 365 subscription, you can integrate Azure with Automation Cloud to use your existing users and groups from Azure Active Directory within Automation Cloud.
- The SAML model lets you integrate Automation Cloud with your chosen identity provider (IdP). This lets your users connect to Automation Cloud with single sign-on (SSO) using the accounts that are already registered with your IdP.
More about cloud identity and authentication
The identity of your users is verified in Automation Cloud, more precisely by the Cloud Portal, based on your organization directory. From here, based on user permissions assigned through roles and groups, they can access all your UiPath cloud services with only one set of credentials.
The below diagram describes the two identity models, how they work with the various user identities, and how federation can be achieved.
In the invitation-based model, identity management is performed on a user reference in the organization directory, while users remain in control of their accounts. But if integrated with Azure Active Directory (Azure AD), it's as simple as looking at the contents of your tenant directory in Azure AD, depicted below with an orange arrow. You can read more about each model in the following sections.
- Go to Admin > Organization > Security tab.
- On the Authentication Settings tab, select the option for the authentication model you want to use.
If you need help choosing the right model, see Authentication options for more information about the available models.
The invitation-based model (selected in the image above) is set by default for any new organization.
If you are switching from the Azure AD model back to the invitation-based model...
There are a few things you must do before changing the athentication model:
- Log in as an organization administrator using a UiPath account. The options are not active otherwise.
- If you removed UiPath user accounts when you moved to the Azure AD model, invite all users to the organization so that users are created again for their UiPath accounts.
- Assign users to groups and, if needed, assign individual roles.
- If you chose an integration-based option, additional configuration is required. Otherwise, skip to the next step.
Follow the instructions for the selected option before moving on to the next step: SAML | Azure Active Directory
- Click Save to change the authentication settings for your organization to the selected option.
Updated a day ago