2024.10.0
Release date: November 11, 2024
We are happy to announce the addition of Document Understanding modern projects, Integration Service, and Studio Web to our Automation Suite product portfolio. This expansion aligns with our aim to maintain parity with the functionalities offered via Automation Cloud.
If you plan to enable these new products, make sure to check out the cross-product dependencies and that you meet all the prerequisites.
All the details about the installation and configuration of these newly onboarded products are available in the Automation Suite on EKS/AKS Installation Guide. For details on how make the most out of the functionality of these products, refer to the individual product guides:
In an attempt to make your start with Automation Suite easier and cost-effective, we are now introducing the lite mode. With it, you can start with fewer infrastructure requirements and when ready, transition to high availability for specific services.
profile
parameter in the input.json
file.
A key benefit of lite mode is its resource efficiency. It offers full functionality without the need for high availability across all services. Consequently, the lite profile needs fewer resources, a value-added feature for infra-budget-conscious organizations.
Notably, lite mode is not just for small-scale operations. This mode is designed with scalability in mind, so as your needs grow, lite mode grows with you.
Lite mode is versatile, accommodating a wide array of scenarios, such as the following:
-
You plan to explore the Automation Suite functionality without a significant infrastructural commitment.
-
You start with a minimal setup but want the flexibility and ease of scaling up as the need arises.
-
You aim to manage infrastructure cost by customizing the availability of services to your unique needs.
-
You aim at smaller-scale use cases and prefer a system that operates efficiently with non-high availability services.
To provide you with a wider range of deployment options and increase the flexibility of our offering, we are happy to announce that you can now deploy Automation Suite to a shared cluster, alongside your other software deployments. Deploying to a shared cluster comes as an alternative to the existing scenario of deploying Automation Suite to a dedicated cluster.
-
Increased flexibility and reduced time to deploy, thanks to the ability to leverage your existing standard operating procedures to install and manage applications.
-
Lower total cost of ownership compared to deploying to a dedicated cluster provisioned specifically for Automation Suite.
-
In a shared cluster installation scenario, you can complete the installation process without granting the Automation Suite installer cluster admin privileges, which enhances security by complying with the industry-wide principle of least privilege, enabling you to meet stringent governance standards.
-
Install and configure the Istio service mesh. For details, see Installing and configuring the service mesh.
-
Create a service account and grant the necessary permissions for the Automation Suite installation. For details, see Granting installation permissions.
Bring your own ArgoCD. For details, see Installing and configuring the GitOps tool.
If you install Process Mining, you must install cert-manager and Dapr yourself. For details, see Meeting the Process Mining prerequisites.
Create and manage certificates yourself. For details, see Certificates generated during installation.
We have added Bottlerocket to the list of operating systems supported by Automation Suite on EKS. For more details, see Kubernetes cluster and nodes.
You can now avoid managing credentials by enabling AKS pods to use a Kubernetes identity, such as a service account. Workload identity also allows Kubernetes applications to access Azure resources securely with Microsoft Entra ID, based on annotated service accounts.
To learn more about workload identity, see Workload identity configuration.
For details on the limitations of the feature, see Known issues.
We now support Transport Layer Security (TLS) 1.3. This new TLS version brings several key improvements, being more secure than its predecessor, TLS 1.2, and offering speedier connections and improved performance.
istioMinProtocolVersion
parameter in the input.json
file from TLSV1_2
to TLSV1_3
, then re-run the Automation Suite installation.
If you must comply with the Federal Information Processing Standard 140-2 (FIPS 140-2), we have good news for you. It is now possible to enable FIPS 140-2 on machines on which you plan to perform a new Automation Suite on EKS installation.
For more information on FIPS 140-2, see Security and compliance.
For details on the limitations of the feature, see Known issues.
You can now install Automation Suite on nodes on which you enabled FIPS using the Amazon Linux 2023 (AL2023) image. This update aligns with the transition that Amazon made from AL2 to AL2023.
Navigating through the intricacies of a platform configuration, involving multiple flags and parameters, can at times be a challenging experience. To simplify this, we bring you the Automation Suite Installer Wizard, a new method for generating the Automation Suite input.json configuration file.
This GUI-centric tool guides you through the key configuration steps, prompting you to provide details about your Automation Suite installation. It requires details such as the targeted platform, environment type, storage needs, SQL database specifics, and more, subsequently generating the input.json file for you.
Despite the wizard offering an easier way to create a configuration file, some complex configuration scenarios might not yet be covered as the tool is currently in public preview. We eagerly invite you to experiment with this tool and kindly share your feedback to help us improve this feature.
For details, see Generating the configuration file using a wizard.
We are excited to announce that you can now update the Fully Qualified Domain Name (FQDN) of your Automation Suite cluster.
For details about the FQDN update procedure, see Configuring the FQDN post-installation.
Automation Suite now uses AWS Signature Version 4 for all S3 API requests. This impacts the use of Automation Suite with S3 servers that do not support AWS Signature Version 4.
Automation Suite now supports server-side encryption with Key Management Service (SSE-KMS) on AWS S3 buckets.
For more information on SSE-KMS, see the AWS documentation.
We are happy to announce that Automation Suite now supports Harbor and other external registries that require you to create a project before pushing or pulling images from the registry.
sfcore
component is now mandatory, and you can no longer exclude it from the Automation Suite installation. For information on how
to manage optional components, see Bring your own components.
To take full advantage of the features that Apps offers, you now must provide a unique subdomain with a Fully Qualified Domain Name (FQDN). You must make the following changes:
-
Update your certificate with a Subject Alternative Name (SAN) entry for Apps. Details...
-
Adjust your DNS server to accommodate the new Apps subdomain. Details...
Automation Suite 2024.10 introduces automatic identity token-signing certificate rotation. This feature automates the lifecycle of your signing keys, offering enhanced security and reducing the need for manual certificate management.
If you're deploying Automation Suite 2024.10 for the first time, this feature is enabled by default. The option for manual management of signing certificates remains available, and those who prefer manual control or have specific operational requirements can disable automatic certificate rotation.
For users upgrading to 2024.10 from an older version, automatic management is disabled by default but can be enabled if desired.
For details on how to enable or disable automatic certificate rotation, see Automatic certificate rotation in the Automation Suite on Linux documentation, or Automatic certificate rotation in the Automation Suite on AKS/EKS documentation.
New consumables monitoring option
You can now monitor license allocation in a more granular fashion, with the help of the new Consumables tab. It is available in the administration section, at the organization and the tenant level, and it breaks down the allocation and the usage of licensed consumption units, such as AI Units, Robot Units, and API calls.
Introducing SAP Transport Units
A new type of service consumption unit, named SAP Transport Units, is now available. It is used to license the SAP Change Impact Analysis feature within Test Manager.
Changes to license-related tenant limitations
- Automation Hub
- Process Mining
- Test Manager
- Insights
Removing the license overallocation banner
Up until now, when the number of licenses allocated to your services exceeded the number of licenses available for your organization, a warning banner was displayed. However, it did not provide any clear overallocation information, nor did it offer action items for solving the issue.
As such, in an effort to enhance user experience and eliminate any distractions, we have decided to remove it. You can still find all relevant details by checking the allocation drawer.
Licensing Process Mining through AI units
Process Mining is now licensed through AI units, just like several of our AI products.
For details on consumption, see the License page in the Process Mining guide.
Deprecating license activation from the host portal
We are striving to better support the ever evolving commercial offering of the UiPath® platform, and, as part of that, we are deprecating the option to activate licenses from the host portal. To help ease the transition, we have added a warning banner notifying administrators of the deprecation, and providing best practices for license activation.
Please rest assured that this in no way affects the functionality, and that you can still activate licenses from the host portal until the feature is removed.
We are excited to introduce personal access tokens (PATs). PATs provide developers with an efficient and secure method to obtain tokens with user-scoped access. PATs can limit risk when working with applications or automations that do not allow for other authentication mechanisms, or where you do not want to provide your credentials. If the app is compromised, you simply revoke the PAT.
Personal Access Tokens are only available for local users.
The core capabilities:
- Users removed from an organization will have their associated PATs automatically revoked to prevent unauthorized access.
-
Organization administrators can manage issued PATs, enabling easy revocation of access when necessary.
For detailed information on implementing PATs, please refer to the docs on personal access tokens.
Personal access tokens (PATs) can be managed by organization administrators. PATs can limit risk when working with applications or automations that do not allow for other authentication mechanisms, or where you do not want to provide your credentials. If the app is compromised, you simply revoke the PAT.
Personal Access Tokens are only available for local users and managed by organization administrators.
Organization administrators can manage issued PATs, enabling easy revocation of access when necessary.
For detailed information on managing PATs, please refer to Managing PATs.
uipathctl
is now more user-friendly. The simplified and organized display enhances readability and gives more control over the type
of info you get.
--verbose
flag to access the full, detailed output. If more concise information suits your needs better, simply skip the --verbose
flag for a clear, easy-to-understand output.
For more details about prerequisites check, see Prerequisite checks.
We're happy to announce various fixes and improvements that ensure an even more accurate estimate of the hardware requirements for any Automation Suite deployment. The tool now takes into account the additional data disk required by Document Understanding and AI Center. Also, it now takes a single click to share the UiPath Automation Suite Install Sizing Calculator URL along with your currently selected configuration.
If you want to take the UiPath Automation Suite Install Sizing Calculator for a spin, see Capacity planning.
We've rolled out some significant updates geared towards improving SAML SSO. Here's a quick overview of what's new:
-
Switching between entity ID formats: When getting the UiPath details for the identity provider setup, you can now change between the legacy entity id format (without the organization ID), and the new format that includes the organization ID.
-
Custom unique identifier: We've introduced the option to set custom attributes for unique identification. This feature is particularly beneficial if :
-
An email address is not allocated to your users.
-
An email address cannot serve as a unique identifier (they are not unique in the identity provider).
Important:Once you've set a Unique Identifier, changing it can result in a loss of previously recognized users, as the system might not be able to identify them anymore.
-
-
Signing authentication requests: This feature allows UiPath sign all SAML authentication requests. This is useful if your identity provider requires signed authentication requests.
-
Single logout: Our SAML configuration now includes Single Logout (SLO) capabilities, which enable simultaneous logouts across all your applications unified under your identity provider.
We have introduced a high contrast theme that ensures enhanced contrast for a set of UI elements.
For more information, refer to Selecting the theme.
You can now manage the visibility of three new services in the left navigation bar, in order to customize the UI for each user:
-
Automation Hub
-
AI Center
-
Process Mining
For more information, see the Hide unused services documentation.
-
We fixed an issue that caused the
uipathctl
binary to ignore any SQL connection string you provided in theorchestrator.testautomation
section of the cluster configuration file. - Running a health check on AKS led to
an
[ARGOCD_REDIS_PODS]
failure for ArgoCD Redis HA, although ArgoCD Redis HA is no longer used in Automation Suite on AKS. The behavior no longer occurs. -
In a proxy environment, if the proxy server used the same port as the TCP port of any other service in the Istio service mesh, such as port 8080, pods could not communicate with the FQDN, and an error message was displayed. The behavior no longer occurs.Note: If you previously created a service entry according to the workaround in Pods cannot communicate with FQDN in a proxy environment, we recommend that you delete the service entry after you upgrade to Automation Suite 2024.10.0 or later. To delete the service entry, use the following command:
kubectl delete serviceentry proxy -n uipath
kubectl delete serviceentry proxy -n uipath - We have fixed an issue that prevented licenses from being allocated at the organization level.
You cannot currently perform a full migration from standalone products version 2024.10 to Automation Suite 2024.10 using the UiPath.OrganizationMigrationApp tool. We are actively working on introducing support for this scenario.
In the meantime, you can perform a single-tenant migration. For details on this migration option, refer to Single tenant migration.
In this release, Document Understanding modern projects are not supported in Automation Suite offline deployments and Azure Government environments.
Generative AI features, including Generative Annotation and Generative Extraction, are not currently available in Document Understanding in Automation Suite.
If Document Understanding is enabled on your tenant without the activation of Document Understanding modern projects, the Document Understanding application (accessible from the list on the left side) will not work.
For more information, refer to the Document Understanding Release Notes guide.
- Integration Service is not currently supported on machines with Federal Information Processing Standards 140-2 (FIPS 140-2) enabled.
- Integration Service does not currently support offline environments.
- Studio Web is not currently supported on machines with Federal Information Processing Standards 140-2 (FIPS 140-2) enabled.
- Autopilot™ functionalities are currently not supported.
- The default UiPath project templates are not available. You can, however, create a project from templates created by your organisation.
- Studio Web does not currently support workload identity, Azure for US Government environments, and offline environments.
Studio Web, Insights, and Task Mining do not support workload identity. If you enable workload identity, you must disable these products.
Studio Web, Insights, and Integration Service are not supported on FIPS 140-2. If you install Automation Suite on FIPS 140-2-enabled machines, you must disable these products.
Forwarding infrastructure logs to Splunk is currently not possible in Automation Suite 2024.10 because the Splunk Connect plugin for Kubernetes is no longer supported. The OpenTelemetry Collector, which you can use to gather logs, is also not supported in this Automation Suite version.
For more information on managing external tools, refer to Responsibility matrix.
We recommend that you regularly check the deprecation timeline for any updates regarding features that will be deprecated and removed.
To find out what has changed on each Automation Suite product, visit the following links.
If the product is greyed out, this new Automation Suite version does not bring any changes to it.
This Automation Suite release bundles the following internal components:
For the Kubernetes versions that each Automation Suite version supports, see Kubernetes compatibility.
Component |
Version |
---|---|
Istio |
1.23.0 |
ArgoCD |
2.11.3 |
Prometheus |
2.54.1 |
Grafana |
11.1.5 |
Fluentd & Fluent-bit |
logging-operator: 4.9.1 logging-operator-logging: 4.9.1 |
Gatekeeper |
3.17.0 |
Cert-Manager |
1.14.5 |
Velero |
6.2.0 |
- What's new
- New products onboarded to Automation Suite
- Introducing lite mode
- Shared cluster support
- Support for Bottlerocket
- Support for workload identity on AKS
- Support for TLS 1.3
- FIPS 140-2 support on EKS
- Support for EKS FIPS with AL2023 image
- [Preview] Generating the configuration file using a GUI-based wizard
- Introducing FQDN update procedure
- AWS Signature Version 4 support
- SSE-KMS support
- Support for external registries that require projects
- sfcore no longer optional
- Apps subdomain requirement
- Automatic rotation for identity token-signing certificates
- Licensing news
- Personal access tokens (PATs)
- Managing personal access tokens
- Improvements
- Enhanced prerequisites check output
- UiPath Automation Suite Install Sizing Calculator enhancements
- SAML SSO improvements
- High contrast theme option
- Service visibility in the UI
- Bug fixes
- Known issues
- Full migration from standalone products to Automation Suite not supported
- Document Understanding limitations and known issues
- Integration Service limitations
- Studio Web limitations
- Workload identity support limitations
- FIPS 140-2 support limitations
- Forwarding logs to Splunk is currently unavailable
- Deprecation timeline
- Bundling details
- Product versions
- Internal third-party component versions