- Getting started
- Best practices
- Tenant
- About the Tenant Context
- Searching for Resources in a Tenant
- Managing Robots
- Connecting Robots to Orchestrator
- Storing Robot Credentials in CyberArk
- Storing Unattended Robot Passwords in Azure Key Vault (read-only)
- Storing Unattended Robot Credentials in HashiCorp Vault (read-only)
- Storing Unattended Robot Credentials in AWS Secrets Manager (read Only)
- Deleting Disconnected and Unresponsive Unattended Sessions
- Robot Authentication
- Robot Authentication With Client Credentials
- Audit
- Settings
- Cloud robots
- Folders Context
- Automations
- Processes
- Jobs
- Apps
- Triggers
- Logs
- Monitoring
- Queues
- Assets
- Storage Buckets
- Test Suite - Orchestrator
- Resource Catalog Service
- Authentication
- Integrations
- Troubleshooting
Configuring access for accounts
As an administrator, you can configure fine-grained tenant or folder permissions for objects that already exist at the organization level (i.e. groups, users, robot accounts, external apps), via Orchestrator, by assigning them to tenants or folders in Orchestrator. An object gets the permissions required to perform particular operations in a tenant or folder through one or more roles.
To make use of all available types of identities, groups, users, robot accounts, and external apps are split into separate pages for groups, users, robot accounts, and external apps. You can find these under dedicated tabs, on the Manage Access page.
As an overview of the tabs, the All tab includes all objects that have been assigned access at the tenant level. The Groups, Users, Robot accounts, and External apps tabs include the local and directory groups, local and directory users, robot accounts, and external apps that have been assigned access at the tenant level.
As an administrator, you can configure fine-grained tenant or folder permissions for accounts that already exist at the organization level, via Orchestrator, by assigning them to folders or tenants in Orchestrator. An account gets the permissions required to perform particular operations in a folder or tenant through one or more roles.
To give tenant access to accounts or groups, follow these steps:
- Go to Tenant > Manage Access. The Manage Access page is displayed.
- Click Assign roles > User/Robot Account/Group to add a new account in the tenant. The Assign roles window is displayed.
- In the Search for user/robot account/group drop-down, search for the object you want to add.
- Under Roles, select the role(s) for this object.
- Click Assign. The selected object can access tenant resources according to its role.
To give folder access to accounts or groups, follow these steps:
- Go to Tenant > Folders. The Folders page is displayed.
- From the Folders page, in the Manage Folders pane, click the folder you want to manage. The folder and its contents are displayed on the right-hand dashboard.
- Click Assign Accounts/Group to add a new account or group in the folder. The Assign Account/Group window is displayed.
- In the Account, group, or external app drop-down, search for the object you want to add.
- Under The Roles for the account/group selected above, select the role(s) for this object.
- Click Assign. The selected object is now in the folder and can access it according to its role.
To remove tenant access for accounts or groups, follow these steps:
- Go to Tenant > Manage Access. The Manage Access page is displayed.
- Click More Actions > Unassign for the account you want to remove from the tenant. A confirmation window is displayed.
- Click Yes to confirm. The removed account or group is removed and loses access to the tenant.## Removing folder access