automation-suite
2024.10
true
  • Automation Suite on Linux Release Notes
    • 2024.10.0
  • Automation Suite on EKS/AKS Release Notes
    • 2024.10.0
  • Automation Suite on OpenShift release notes
UiPath logo, featuring letters U and I in white
Automation Suite Release Notes
Last updated Nov 26, 2024

2024.10.0

Release date: November 11, 2024

What's new

New products onboarded to Automation Suite

We are happy to announce the addition of Document Understanding modern projects, Integration Service, and Studio Web to our Automation Suite product portfolio. This expansion aligns with our aim to maintain parity with the functionalities offered via Automation Cloud.

If you plan to enable these new products, make sure to check out the cross-product dependencies and that you meet all the prerequisites.

All the details about the installation and configuration of these newly onboarded products are available in the Automation Suite on EKS/AKS Installation Guide. For details on how make the most out of the functionality of these products, refer to the individual product guides:

Introducing lite mode

In an attempt to make your start with Automation Suite easier and cost-effective, we are now introducing the lite mode. With it, you can start with fewer infrastructure requirements and when ready, transition to high availability for specific services.

By default, in lite mode, all services are non-high availability to save resources. However, if you want to enable high availability for certain services, you can do it by configuring the profile parameter in the input.json file.

A key benefit of lite mode is its resource efficiency. It offers full functionality without the need for high availability across all services. Consequently, the lite profile needs fewer resources, a value-added feature for infra-budget-conscious organizations.

Notably, lite mode is not just for small-scale operations. This mode is designed with scalability in mind, so as your needs grow, lite mode grows with you.

Lite mode is versatile, accommodating a wide array of scenarios, such as the following:

  • You plan to explore the Automation Suite functionality without a significant infrastructural commitment.

  • You start with a minimal setup but want the flexibility and ease of scaling up as the need arises.

  • You aim to manage infrastructure cost by customizing the availability of services to your unique needs.

  • You aim at smaller-scale use cases and prefer a system that operates efficiently with non-high availability services.

Shared cluster support

To provide you with a wider range of deployment options and increase the flexibility of our offering, we are happy to announce that you can now deploy Automation Suite to a shared cluster, alongside your other software deployments. Deploying to a shared cluster comes as an alternative to the existing scenario of deploying Automation Suite to a dedicated cluster.

In addition to giving you more granular control over the installation process, the new shared cluster deployment scenario offers a host of other benefits:
  • Increased flexibility and reduced time to deploy, thanks to the ability to leverage your existing standard operating procedures to install and manage applications.

  • Lower total cost of ownership compared to deploying to a dedicated cluster provisioned specifically for Automation Suite.

  • In a shared cluster installation scenario, you can complete the installation process without granting the Automation Suite installer cluster admin privileges, which enhances security by complying with the industry-wide principle of least privilege, enabling you to meet stringent governance standards.

Installing Automation Suite with reduced privileges requires you to install some components and perform some configuration steps before the actual Automation Suite installation. Here are the main steps that you must perform if you cannot grant admin privileges to the Automation Suite installer:

Support for Bottlerocket

We have added Bottlerocket to the list of operating systems supported by Automation Suite on EKS. For more details, see Kubernetes cluster and nodes.

Support for workload identity on AKS

You can now avoid managing credentials by enabling AKS pods to use a Kubernetes identity, such as a service account. Workload identity also allows Kubernetes applications to access Azure resources securely with Microsoft Entra ID, based on annotated service accounts.

To learn more about workload identity, see Workload identity configuration.

For details on the limitations of the feature, see Known issues.

Support for TLS 1.3

We now support Transport Layer Security (TLS) 1.3. This new TLS version brings several key improvements, being more secure than its predecessor, TLS 1.2, and offering speedier connections and improved performance.

To upgrade to TLS 1.3, change the value of the istioMinProtocolVersion parameter in the input.json file from TLSV1_2 to TLSV1_3, then re-run the Automation Suite installation.

FIPS 140-2 support on EKS

If you must comply with the Federal Information Processing Standard 140-2 (FIPS 140-2), we have good news for you. It is now possible to enable FIPS 140-2 on machines on which you plan to perform a new Automation Suite on EKS installation.

For more information on FIPS 140-2, see Security and compliance.

For details on the limitations of the feature, see Known issues.

Support for EKS FIPS with AL2023 image

You can now install Automation Suite on nodes on which you enabled FIPS using the Amazon Linux 2023 (AL2023) image. This update aligns with the transition that Amazon made from AL2 to AL2023.

[Preview] Generating the configuration file using a GUI-based wizard

Navigating through the intricacies of a platform configuration, involving multiple flags and parameters, can at times be a challenging experience. To simplify this, we bring you the Automation Suite Installer Wizard, a new method for generating the Automation Suite input.json configuration file.

This GUI-centric tool guides you through the key configuration steps, prompting you to provide details about your Automation Suite installation. It requires details such as the targeted platform, environment type, storage needs, SQL database specifics, and more, subsequently generating the input.json file for you.

Despite the wizard offering an easier way to create a configuration file, some complex configuration scenarios might not yet be covered as the tool is currently in public preview. We eagerly invite you to experiment with this tool and kindly share your feedback to help us improve this feature.

Introducing FQDN update procedure

We are excited to announce that you can now update the Fully Qualified Domain Name (FQDN) of your Automation Suite cluster.

For details about the FQDN update procedure, see Configuring the FQDN post-installation.

AWS Signature Version 4 support

Automation Suite now uses AWS Signature Version 4 for all S3 API requests. This impacts the use of Automation Suite with S3 servers that do not support AWS Signature Version 4.

SSE-KMS support

Automation Suite now supports server-side encryption with Key Management Service (SSE-KMS) on AWS S3 buckets.

For more information on SSE-KMS, see the AWS documentation.

Support for external registries that require projects

We are happy to announce that Automation Suite now supports Harbor and other external registries that require you to create a project before pushing or pulling images from the registry.

sfcore no longer optional

The sfcore component is now mandatory, and you can no longer exclude it from the Automation Suite installation. For information on how to manage optional components, see Bring your own components.

Apps subdomain requirement

To take full advantage of the features that Apps offers, you now must provide a unique subdomain with a Fully Qualified Domain Name (FQDN). You must make the following changes:

  • Update your certificate with a Subject Alternative Name (SAN) entry for Apps. Details...

  • Adjust your DNS server to accommodate the new Apps subdomain. Details...

Automatic rotation for identity token-signing certificates

Automation Suite 2024.10 introduces automatic identity token-signing certificate rotation. This feature automates the lifecycle of your signing keys, offering enhanced security and reducing the need for manual certificate management.

If you're deploying Automation Suite 2024.10 for the first time, this feature is enabled by default. The option for manual management of signing certificates remains available, and those who prefer manual control or have specific operational requirements can disable automatic certificate rotation.

For users upgrading to 2024.10 from an older version, automatic management is disabled by default but can be enabled if desired.

For details on how to enable or disable automatic certificate rotation, see Automatic certificate rotation in the Automation Suite on Linux documentation, or Automatic certificate rotation in the Automation Suite on AKS/EKS documentation.

Licensing news

New consumables monitoring option

You can now monitor license allocation in a more granular fashion, with the help of the new Consumables tab. It is available in the administration section, at the organization and the tenant level, and it breaks down the allocation and the usage of licensed consumption units, such as AI Units, Robot Units, and API calls.

Introducing SAP Transport Units

A new type of service consumption unit, named SAP Transport Units, is now available. It is used to license the SAP Change Impact Analysis feature within Test Manager.

Changes to license-related tenant limitations

If you have a license that includes any of the following services, you will be happy to know that they can now be enabled on an unlimited number of tenants:
  • Automation Hub
  • Process Mining
  • Test Manager
  • Insights

Removing the license overallocation banner

Up until now, when the number of licenses allocated to your services exceeded the number of licenses available for your organization, a warning banner was displayed. However, it did not provide any clear overallocation information, nor did it offer action items for solving the issue.

As such, in an effort to enhance user experience and eliminate any distractions, we have decided to remove it. You can still find all relevant details by checking the allocation drawer.

Licensing Process Mining through AI units

Process Mining is now licensed through AI units, just like several of our AI products.

For details on consumption, see the License page in the Process Mining guide.

Deprecating license activation from the host portal

We are striving to better support the ever evolving commercial offering of the UiPath® platform, and, as part of that, we are deprecating the option to activate licenses from the host portal. To help ease the transition, we have added a warning banner notifying administrators of the deprecation, and providing best practices for license activation.

Please rest assured that this in no way affects the functionality, and that you can still activate licenses from the host portal until the feature is removed.

Personal access tokens (PATs)

We are excited to introduce personal access tokens (PATs). PATs provide developers with an efficient and secure method to obtain tokens with user-scoped access. PATs can limit risk when working with applications or automations that do not allow for other authentication mechanisms, or where you do not want to provide your credentials. If the app is compromised, you simply revoke the PAT.

Note:

Personal Access Tokens are only available for local users.

The core capabilities:

  • Users removed from an organization will have their associated PATs automatically revoked to prevent unauthorized access.
  • Organization administrators can manage issued PATs, enabling easy revocation of access when necessary.

For detailed information on implementing PATs, please refer to the docs on personal access tokens.

Managing personal access tokens

Personal access tokens (PATs) can be managed by organization administrators. PATs can limit risk when working with applications or automations that do not allow for other authentication mechanisms, or where you do not want to provide your credentials. If the app is compromised, you simply revoke the PAT.

Note:

Personal Access Tokens are only available for local users and managed by organization administrators.

Organization administrators can manage issued PATs, enabling easy revocation of access when necessary.

For detailed information on managing PATs, please refer to Managing PATs.

Improvements

Enhanced prerequisites check output

The prerequisites check output generated by uipathctl is now more user-friendly. The simplified and organized display enhances readability and gives more control over the type of info you get.
If you need more detailed information, you can use the --verbose flag to access the full, detailed output. If more concise information suits your needs better, simply skip the --verbose flag for a clear, easy-to-understand output.

For more details about prerequisites check, see Prerequisite checks.

UiPath Automation Suite Install Sizing Calculator enhancements

We're happy to announce various fixes and improvements that ensure an even more accurate estimate of the hardware requirements for any Automation Suite deployment. The tool now takes into account the additional data disk required by Document Understanding and AI Center. Also, it now takes a single click to share the UiPath Automation Suite Install Sizing Calculator URL along with your currently selected configuration.

If you want to take the UiPath Automation Suite Install Sizing Calculator for a spin, see Capacity planning.

SAML SSO improvements

We've rolled out some significant updates geared towards improving SAML SSO. Here's a quick overview of what's new:

  1. Switching between entity ID formats: When getting the UiPath details for the identity provider setup, you can now change between the legacy entity id format (without the organization ID), and the new format that includes the organization ID.

  2. Custom unique identifier: We've introduced the option to set custom attributes for unique identification. This feature is particularly beneficial if :

    • An email address is not allocated to your users.

    • An email address cannot serve as a unique identifier (they are not unique in the identity provider).

    Important:

    Once you've set a Unique Identifier, changing it can result in a loss of previously recognized users, as the system might not be able to identify them anymore.

  3. Signing authentication requests: This feature allows UiPath sign all SAML authentication requests. This is useful if your identity provider requires signed authentication requests.

  4. Single logout: Our SAML configuration now includes Single Logout (SLO) capabilities, which enable simultaneous logouts across all your applications unified under your identity provider.

High contrast theme option

We have introduced a high contrast theme that ensures enhanced contrast for a set of UI elements.

For more information, refer to Selecting the theme.

Service visibility in the UI

You can now manage the visibility of three new services in the left navigation bar, in order to customize the UI for each user:

  • Automation Hub

  • AI Center

  • Process Mining

For more information, see the Hide unused services documentation.

Bug fixes

  • We fixed an issue that caused the uipathctl binary to ignore any SQL connection string you provided in the orchestrator.testautomation section of the cluster configuration file.
  • Running a health check on AKS led to an [ARGOCD_REDIS_PODS] failure for ArgoCD Redis HA, although ArgoCD Redis HA is no longer used in Automation Suite on AKS. The behavior no longer occurs.
  • In a proxy environment, if the proxy server used the same port as the TCP port of any other service in the Istio service mesh, such as port 8080, pods could not communicate with the FQDN, and an error message was displayed. The behavior no longer occurs.
    Note: If you previously created a service entry according to the workaround in Pods cannot communicate with FQDN in a proxy environment, we recommend that you delete the service entry after you upgrade to Automation Suite 2024.10.0 or later. To delete the service entry, use the following command:
    kubectl delete serviceentry proxy -n uipathkubectl delete serviceentry proxy -n uipath
  • We have fixed an issue that prevented licenses from being allocated at the organization level.

Known issues

Full migration from standalone products to Automation Suite not supported

You cannot currently perform a full migration from standalone products version 2024.10 to Automation Suite 2024.10 using the UiPath.OrganizationMigrationApp tool. We are actively working on introducing support for this scenario.

In the meantime, you can perform a single-tenant migration. For details on this migration option, refer to Single tenant migration.

Document Understanding limitations and known issues

In this release, Document Understanding modern projects are not supported in Automation Suite offline deployments and Azure Government environments.

Generative AI features, including Generative Annotation and Generative Extraction, are not currently available in Document Understanding in Automation Suite.

If Document Understanding is enabled on your tenant without the activation of Document Understanding modern projects, the Document Understanding application (accessible from the list on the left side) will not work.

For more information, refer to the Document Understanding Release Notes guide.

Integration Service limitations

  • Integration Service is not currently supported on machines with Federal Information Processing Standards 140-2 (FIPS 140-2) enabled.
  • Integration Service does not currently support offline environments.

Studio Web limitations

  • Studio Web is not currently supported on machines with Federal Information Processing Standards 140-2 (FIPS 140-2) enabled.
  • Autopilot™ functionalities are currently not supported.
  • The default UiPath project templates are not available. You can, however, create a project from templates created by your organisation.
  • Studio Web does not currently support workload identity, Azure for US Government environments, and offline environments.

Workload identity support limitations

Studio Web, Insights, and Task Mining do not support workload identity. If you enable workload identity, you must disable these products.

FIPS 140-2 support limitations

Studio Web, Insights, and Integration Service are not supported on FIPS 140-2. If you install Automation Suite on FIPS 140-2-enabled machines, you must disable these products.

Forwarding logs to Splunk is currently unavailable

Forwarding infrastructure logs to Splunk is currently not possible in Automation Suite 2024.10 because the Splunk Connect plugin for Kubernetes is no longer supported. The OpenTelemetry Collector, which you can use to gather logs, is also not supported in this Automation Suite version.

For more information on managing external tools, refer to Responsibility matrix.

Deprecation timeline

We recommend that you regularly check the deprecation timeline for any updates regarding features that will be deprecated and removed.

Bundling details

Product versions

To find out what has changed on each Automation Suite product, visit the following links.

If the product is greyed out, this new Automation Suite version does not bring any changes to it.

DISCOVERBUILDMANAGEENGAGE
AI Center 2024.10.0Action Center 2024.10.0
Task Mining 2024.10.0AI Computer Vision 2024.10.0Insights 2024.10.0Apps 2024.10.0
Orchestrator 2024.10.0 
  Test Manager 2024.10.0 

   
  Studio Web 2024.10.0 
  Integration Services 2024.10.0 

Internal third-party component versions

This Automation Suite release bundles the following internal components:

For the Kubernetes versions that each Automation Suite version supports, see Kubernetes compatibility.

Component

Version

Istio

1.23.0

ArgoCD

2.11.3

Prometheus

2.54.1

Grafana

11.1.5

Fluentd & Fluent-bit

logging-operator: 4.9.1

logging-operator-logging: 4.9.1

Gatekeeper

3.17.0

Cert-Manager

1.14.5

Velero

6.2.0

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.