- First Time Configuration
- Host Administration
- Organization Administration
- Accounts and Roles
- Licensing
Configuring Authentication and Security
As an organization administrator, you can choose the authentication and related security settings for your organization. Some settings are inherited from the host level, but you can override them if different settings should apply for your organization.
Choosing the identity provider for your organization (Admin > Users and Groups > Authentication Settings) affects the way users sign in, and how user and group accounts are created and managed in Automation Suite.
While we offer several authentication settings for you to control access to your instance of Automation Suite, they are all based on two main models: the default model and the Azure Active Directory (Azure AD) model, which lets you leverage more advanced identity management capabilities.
Allow any user to be invited to this organization (Default model)
This model applies to any new organization by default. It is easy to use, quick to set up, and convenient for your users.
With this model, organization administrators create accounts in Automation Suite for employees so that they can log in. Users created may represent a new account in the Automation Suite, or a user in the external directory provider configured at the host level (as documented in Host authentication and security settings.)
Enable enterprise SSO with Microsoft Azure Active Directory (Azure Active Directory model)
The integration with Azure Active Directory (Azure AD) can offer scalable user and access management for your organization, allowing for compliance across all the internal applications used by your employees. If your organization is using Azure AD or Office 365, you can connect your Automation Suite organization directly to your Azure AD tenant to obtain the following benefits:
Automatic user onboarding with seamless migration:
- All users and groups from Azure AD are readily available for any Automation Suite service to assign permissions, without the need to invite and manage Azure AD users in the Automation Suite organization directory.
- You can provide Single Sign-On for users whose corporate username differs from their email address, which is not possible with the invitation model.
- All existing users with UiPath user accounts have their permissions automatically migrated to their connected Azure AD account.
Simplified sign-in experience:
-
Users do not have to accept an invitation or create a UiPath user account to access the Automation Suite organization as in the default model. They sign in with their Azure AD account by selecting the Enterprise SSO option or using their organization-specific URL.
If the user is already signed in to Azure AD or Office 365, they are automatically signed in.
- UiPath Assistant and Studio versions 20.10.3 and higher can be preconfigured to use a custom Orchestrator URL, which leads to the same seamless connection experience.
Scalable governance and access management with existing Azure AD groups:
- Azure AD security groups or Office 365 groups, also known as directory groups, allow you to leverage your existing organizational structure to manage permissions at scale. You no longer need to configure permissions in Automation Suite services for each user.
- You can combine multiple directory groups into one Automation Suite group if you need to manage them together.
-
Auditing Automation Suite access is simple. After you've configured permissions in all Automation Suite services using Azure AD groups, you utilize your existing validation processes associated with Azure AD group membership.
To configure security options for your organization, go to Admin > Accounts and Groups > Authentication Settings and edit the options as needed.
|
Field |
Description |
|---|---|
|
Special characters |
Select to force users to include at least one special character in their password. By default, this checkbox is not selected. |
|
Lowercase characters |
Select to force users to include at least one lowercase character in their password. By default, this checkbox is selected. |
|
Uppercase characters |
Select to force users to include at least one uppercase character in their password. By default, this checkbox is not selected. |
|
Digits |
Select to force users to include at least one digit in their password. By default, this checkbox is selected. |
|
Minimum password length |
Specify the minimum number of characters a password should contain. By default, it is 8. The length cannot be smaller than 1 or greater than 256 characters. |
|
Days before password expiration |
Specify the number of days for which the password is available. After this period, the password expires and needs to be changed. The minimum accepted value is 0 (the password never expires), and the maximum is 1000 days. |
|
Number of times a password can be reused |
The minimum accepted value is 0 (never allow reusing a password), while the maximum is 10. |
|
Change password on the first login |
If set to Required, users that log in for the first time must change their password before being allowed to access Automation Suite. If set to Not required, users can log in and continue to use the admin-defined password until it expires. |
|
Field |
Description |
|---|---|
|
Enabled or Disabled toggle |
If enabled, locks the account for a specific amount of seconds after a specific amount of failed login attempts. This also applies to the password change feature. |
|
Account lockout duration |
The number of seconds a user needs to wait before being allowed to log in again after exceeding the Consecutive login attempts before lockout. The default value is 5 minutes. The minimum accepted value is 0 (no lockout duration), and the maximum is 2592000 (1 month). |
|
Consecutive login attempts before lockout |
The number of failed login attempts allowed before the account is locked. The default value is 10 attempts. You can set a value between 2 and 10. |
