UiPath Documentation
orchestrator
latest
false
  • Getting started
    • Introduction
    • Robots
      • Robot Statuses
      • Robot Settings
    • Auto Updating Client Components
    • Time-to-live Periods
    • Notifications
      • Notification permissions
  • Best practices
    • Organization Modeling in Orchestrator
    • Automation Best Practices
    • Optimizing Unattended Infrastructure Using Machine Templates
    • Unattended automation
      • Accessing the unattended robot setup
      • Useful concepts in unattended automation
      • How is unattended automation performed
    • Organizing Resources With Tags
    • Orchestrator Read-only Replica
    • Exporting grids in the background
    • Enforcing user-level Integration Service connection governance
  • Tenant
    • About the Tenant Context
    • Searching for Resources in a Tenant
    • Robots
      • Managing Robots
      • Connecting Robots to Orchestrator
      • Storing Robot Credentials in CyberArk
      • Storing Unattended Robot Passwords in Azure Key Vault (read only)
      • Storing Unattended Robot Credentials in HashiCorp Vault (read only)
      • Storing Unattended Robot Credentials in AWS Secrets Manager (read only)
      • Deleting Disconnected and Unresponsive Unattended Sessions
      • Robot Authentication
      • Robot Authentication With Client Credentials
    • Folders
      • Managing Folders
      • Organizing Folders
      • Personal Workspaces
      • Managing Personal Workspaces
    • Monitoring
      • Unattended sessions
      • User sessions
      • License
      • API audit
    • Access control
      • Account types
      • Default roles
      • Migrating from break inheritance to union of privileges
      • Managing custom roles
      • Configuring access for accounts
    • Configuring automation capabilities
    • Machines
      • Managing Machines
      • Assigning Machine Objects to Folders
      • Configuring Account-machine Mappings
      • EDR Protection Status
    • Packages
      • Managing Packages
      • About Libraries
      • Managing Libraries
    • Audit
    • Credential Stores
      • Integrating credential stores
      • Managing credential stores
      • The Orchestrator Credentials Proxy
      • Orchestrator Credentials Proxy debugging
      • Managing credential proxies
    • Webhooks
      • Types of Events
      • Managing Webhooks
    • Licensing
      • Licensing Permissions
      • Managing Your Licenses
    • Settings
      • General Tab
      • Deployment Tab
        • Libraries
      • Robot Security Tab
        • Security
        • Robot Authentication
      • Scalability Tab
        • SignalR (Robots)
  • Automation Suite Robots
    • About Automation Suite Robots
    • Executing Unattended Automations With Automation Suite Robots
      • Step 1. Enabling Unattended Automation on an Account
    • Regenerating Client Secrets
    • Frequently Asked Questions
  • Folders Context
    • About the Folders Context
    • Home
  • Automations
  • Processes
    • About Processes
      • Runtime Arguments
        • Entry Points
        • In, Out, In/Out Arguments
      • Background Vs Foreground Processes
      • Process Compatibility
      • Version Management
    • Managing Processes
    • Managing Package Requirements
    • Recording
    • Live streaming and remote control
      • Live streaming and remote control via RealVNC
        • Error scenarios
      • Live streaming and remote control via TightVNC
        • Error scenarios
  • Jobs
    • About Jobs
    • Managing Jobs
    • Job States
    • Working with long-running workflows
    • Running Personal Remote Automations
    • Process Data Retention Policy
  • Apps
    • About Apps
    • Publishing an App to a Tenant
    • Managing Apps
    • Running a Deployed App from a Folder
  • Triggers
    • About triggers
      • Time triggers
      • Queue triggers
      • Event triggers
      • API triggers
        • Call modes explained
    • Managing triggers
      • Creating a time trigger
      • Creating a queue trigger
      • Creating an event trigger
      • Managing API triggers
      • Trigger details
        • Jobs tab
    • Managing Non-Working Days
    • Using Cron Expressions
      • Triggering jobs on the last day of the month
  • Logs
    • About Logs
    • Managing Logs in Orchestrator
    • Logging Levels
  • Monitoring
    • About Monitoring
    • Machines
    • Processes
    • Queues
    • Queues SLA
  • Queues
    • About Queues and Transactions
      • Queue Item Statuses
      • Business Exception Vs Application Exception
      • Studio Activities Used With Queues
      • Queue Item Retention Policy
    • Bulk uploading Queue Items using a CSV file
    • Managing Queues in Orchestrator
    • Managing Queues in Studio
    • Managing Transactions
      • Editing Transactions
      • Field Descriptions for the Transactions .csv File
    • Review Requests
  • Assets
    • About Assets
    • Managing Assets in Orchestrator
    • Managing Assets in Studio
    • Storing Assets in Azure Key Vault (read only)
    • Storing Assets in HashiCorp Vault (read only)
    • Storing Assets in AWS Secrets Manager (read only)
  • Business Rules
    • About Business Rules
      • Permissions for Business Rules
    • Managing Business Rules
      • Creating a business rule
  • Storage Buckets
    • About Storage Buckets
      • CORS/CSP Configuration
    • Managing Storage Buckets
  • MCP Servers
    • About MCP Servers
    • Managing MCP Servers
      • Creating UiPath MCP Servers
      • Creating a remote MCP Server
    • MCP compliance guidelines
  • Indexes
    • About indexes
    • Managing indexes
  • Orchestrator testing
    • FAQ - Deprecating the testing module
      • FAQ - Migrating test artifacts to Test Manager
      • FAQ - Feature parity - Test Manager vs Orchestrator
    • Test Automation
    • Test Cases
      • Field Descriptions for the Test Cases Page
    • Test Sets
      • Field Descriptions for the Test Sets Page
    • Test Executions
      • Field Descriptions for the Test Executions Page
    • Test Schedules
      • Field Descriptions for the Test Schedules Page
    • Test Data Queues
      • Managing Test Data Queues in Orchestrator
      • Managing Test Data Queues in Studio
      • Field Descriptions for the Test Data Queues Page
      • Test Data Queue Activities
    • Testing Data Retention Policy
  • Resource Catalog Service
    • About Resource Catalog Service
  • Integrations
    • About Input and Output Arguments
      • Example of Using Input and Output Arguments
  • Troubleshooting
    • About Troubleshooting
    • Alerts troubleshooting
    • General troubleshooting
    • Frequently Encountered Orchestrator Errors
UiPath logo, featuring letters U and I in white

Orchestrator user guide

Last updated Feb 12, 2026

Storing Robot Credentials in CyberArk

Before beginning the procedures below, make sure you have configured your CyberArk® CCP integration.

Adding Accounts for Your Robots

You must add the login credentials under which your Robot runs. If you have multiple Robots, perform this procedure for all of them. This procedure applies to both local and domain users. From the CyberArk® PVWA interface, follow these steps:

  1. On the Accounts tab, click Add Account. The Add Account page is displayed.
  2. Select Windows in the System Type list.
    Figure 1. Selecting Windows in the system type list

  3. On the Assign to Platform tab:
    • select Windows Desktop Local Accounts if the Robot user is local.
    • select Windows Domain Account if the Robot user is part of an Active Directory.
      Figure 2. Selecting the platform

  4. On the Store in Safe tab, select the safe you previously created.
    Figure 3. Selecting the safe

  5. On the Define Properties tab, populate the following fields:
    Figure 4. Defining account properties

    Field

    Value

    Address

    • For Local Users - Type the name of the machine on which the Robot is installed

    • For Domain Users - Type the name of the domain in which the Robot machine is installed on.

    Username

    The name of the account under which the Robot runs.

    Password and Confirm Password

    Type the password that belongs to the account under which the Robot runs.

    Customize Account Name Toggle

    Enabled. Type the machine or domain name, and the Robot username. The same name needs to be used in Orchestrator when defining the credential for the robot.

  6. Click Save. The account is saved. Orchestrator uses this to retrieve the Robot credentials when it needs to, if you have the Robot provisioned in Orchestrator.

Retrieving the Vault Credentials

After performing the steps above, you have to provision the Robot in Orchestrator. As you are now using CyberArk® to store your passwords, please note that in the Provision Robot window, you no longer have to add the password. However, the user is still mandatory.

When provisioning the Robot in Orchestrator, add the username as you normally would:

  • for local users - the actual username, such as Documentation;
  • for domain users - the username and domain it runs under, in the DOMAIN\username format, such as uipath\administrator.

Based on the account provided for the Robot, Orchestrator searches for a match in CyberArk. When a match is found, the corresponding password is retrieved.

Note:
  • When making changes to the password in Cyberark Application Password Provider, please keep in mind that it might take a few minutes for it to be propagated in Orchestrator due to AIM's cache system.
  • When a robot or asset is created in Orchestrator, it is linked to an existing secret using the Orchestrator asset's External Name. Make sure that the CyberArk account name is set in the External Name field, to be mapped with the CyberArk account details.
  • Adding Accounts for Your Robots
  • Retrieving the Vault Credentials

Was this page helpful?

Connect

Need help? Support

Want to learn? UiPath Academy

Have questions? UiPath Forum

Stay updated