- Getting started
- Best practices
- Tenant
- About the Tenant Context
- Searching for Resources in a Tenant
- Managing Robots
- Connecting Robots to Orchestrator
- Storing Robot Credentials in CyberArk
- Storing Unattended Robot Passwords in Azure Key Vault (read only)
- Storing Unattended Robot Credentials in HashiCorp Vault (read only)
- Storing Unattended Robot Credentials in AWS Secrets Manager (read only)
- Deleting Disconnected and Unresponsive Unattended Sessions
- Robot Authentication
- Robot Authentication With Client Credentials
- Audit
- Cloud robots
- Folders Context
- Automations
- Processes
- Jobs
- Apps
- Triggers
- Logs
- Monitoring
- Queues
- Assets
- Storage Buckets
- Test Suite - Orchestrator
- Resource Catalog Service
- Authentication
- Integrations
- Classic Robots
- Troubleshooting
Robot Authentication With Client Credentials
Client credentials is a robot authentication mechanism that uses the OAuth 2.0 framework as the basis for its authentication protocol, meaning unattended robots can connect to Orchestrator using a client ID - client secret pair generated via machine template objects. The client ID - client secret pair generates a token that authorizes the connection between the robot and Orchestrator and provides the Robot with access to Orchestrator resources.
Client credentials allow the UiPath® Robot to access Orchestrator resources by using its own credentials, instead of impersonating a user. When the robot requests resources from Orchestrator, Orchestrator enforces that the robot itself has authorization to perform an action since there is no user involved in the authentication.
- The user enters the Client ID and Client Secret as generated by a machine object in Orchestrator.
- The robot requests the authentication configuration from Orchestrator.
- Orchestrator confirms Client Credentials is the mechanism used for robot authentication.
- The robot requests an access token from the Identity Server by presenting the client ID and client secret as authentication of its own identity.
- If the robot identity is validated, Identity Server issues an access token to the robot. Authorization is complete.
- The robot requests the resource from Orchestrator and presents the access token for authentication.
- If the access token is valid, Orchestrator serves the resource to the robot.
The following steps explain how to generate credentials to authenticate your robots.
You can generate new client secrets for the same client ID by editing the machine object. The following steps explain how to generate new secrets.