The below steps are a broad description of a sample configuration. For more detailed instructions, see the Microsoft documentation for configuring AAD as an authentication provider.
- Log in to the Azure portal as an administrator, go to App Registrations, and click New Registration.
- In the Register an application page, fill in the Name field with a name for your Automation Suite instance.
- In the Supported account types section, select Accounts in this organizational directory only.
- Set the Redirect URI by selecting Web from the drop-down list and filling in the URL of your Automation Suite instance, plus the suffix
/identity_/azure-signin-oidc. For example,
- At the bottom, select the ID tokens checkbox.
- Click Register to register your Automation Suite instance.
- Save the Application (Client) ID for later.
- Log in to the Automation Suite host portal as a system administrator.
- Make sure that Host is selected at the top of the left pane and then click Security.
If you are still using the old admin experience, select *Security Settings** from the options on the left.
- Under Azure AD SSO, click Configure.
- Select the Enabled checkbox. (Only in old admin experience)
- Select the Force automatic login using this provider checkbox if you want to only allow login with Azure Active Directory accounts.
- In the Display Name field, type the text you want to show under this login option on the Login page.
- In the Client ID field, paste the value of the Application (Client) ID obtained from the Azure portal.
- (Optional) In the Client Secret field, paste the value obtained from the Azure portal.
- Set the Authority parameter to one of the following values:
https://login.microsoftonline.com/<tenant>, where is the tenant ID of the Azure AD tenant or a domain associated with this Azure AD tenant. Used only to sign in users of a specific organization.
https://login.microsoftonline.com/common. Used to sign in users with work and school accounts or personal Microsoft accounts.
- (Optional) In the Logout URL, paste the value obtained from the Azure portal.
- Click Save to save the configuration and return to the previous page.
- Click the toggle to the left of Azure AD SSO to enable the integration. (Not applicable in the old admin experience)
- Restart the 'identity-service-api-*' pod. This is required after making any changes to External Providers.
a. Connect to the primary server using SSH.
b. Run the following command:
kubectl -n uipath rollout restart deployment identity-service-api
Now that Automation Suite is integrated with Azure AD Sign-In, user accounts that have a valid Azure AD email address can use the Azure AD SSO option on the Login page to sign in to Automation Suite.
Each organization administrator must do this for their organization if they want to allow login with Azure AD SSO.
Updated 25 days ago