orchestrator
latest
false
UiPath logo, featuring letters U and I in white

Orchestrator user guide

Last updated May 22, 2025

Configuring automation capabilities

Configuring automation capabilities involves allowing specific users or groups within an organization to automate various tasks, processes, or workflows. Whether the jobs should run attended or unattended, you can choose from the following options to suit your automation scenarios:

  • enabling users to run personal automations
  • running automations on unattended infrastructure via unattended robots
  • configuring robot accounts to run unattended automations

Enabling personal automations

Personal automations are automations that can run under a user's identity either locally on the user's machine, or remotely (personal remote automations) on server-side resources to which the user has no direct access to. User accounts and their association with roles allows for a certain level of access to resources in Orchestrator.

This article describes how to enable your users to:

  • Run automation on their local machine via the UiPath® Assistant;
  • Run background personal remote automations in folders where the user has the necessary permissions and in their personal workspaces;
  • Run and debug in UiPath Studio, both desktop and web;
  • Manage automations in their personal workspace.

For developers and business users, check how to manually run a job or configure a trigger to launch jobs as yourself.

Enabling user groups to run personal automations

This procedure walks admins through the steps for enabling personal automation capabilities for a group of users. Groups are used to simplify administration for accounts with similar needs, that are managed together.

  1. Under Manage Access - Access Rules, select Groups.
  2. Then, either select Assign group, to assign a new group and add roles, or edit an existing group.
  3. On the Assign access rules page, under Personal automation setup, select the Enable user to run automations option.
    The option allows users in that group to:
    • Run automation on their local machine via the UiPath Assistant.
    • Run background personal remote automations in folders where the user has the necessary permissions.
    • Run and debug in UiPath Studio, both desktop and web.
  4. Alternatively, still under Personal automation setup, select the Enable user to run automations + Personal Workspace option.
    This options allows users in that group to:
    • Manage automations in their personal workspace;
    • Run background personal remote automations in their personal workspaces.
  5. Select Update.

Enabling individual users to run personal automations

This procedure walks admins through the steps to enable personal automation capabilities for individual user accounts. This is recommended only if group members require additional capabilities on top of those granted by group membership.

  1. Under Manage Access - Access Rules, select Users.
  2. Then, either select Assign user, to assign a new user and add roles, or edit an existing user.
  3. On the Assign access rules page, under Personal automation setup, select the Enable user to run automations option.
    The option allows the user to:
    • Run automation on their local machine via the UiPath Assistant.
    • Run background personal remote automations in folders where the user has the necessary permissions.
    • Run and debug in UiPath Studio, both desktop and web.
    Attention:
    • Deselecting the Enable user to run automations option triggers a warning message which informs you that doing so will affect any running automations, and could downgrade your Studio Web experience.
  4. Alternatively, still under Personal automation setup, select the Enable user to run automations + Personal Workspace option.
    In addition to the Enable user to run automations option, the Personal Workspace option allows the user to:
    • Manage automations in their personal workspace.
    • Run background personal remote automations in their personal workspaces.
  5. Select Update.

Enabling unattended automations

UiPath® accounts can be thought of as identities intended to represent human (user accounts) or non-human users (robot accounts) that need to be authorized to access Orchestrator resources. These accounts and their association with roles allows for a certain level of access to resources in Orchestrator.

Unattended automation typically runs on robot accounts, the UiPath equivalent of Windows service accounts. An administrator can enable an unattended robot to impersonate a user account, that is act on behalf of that user identity, to allow the robot to run automations with the same privileges as the user it impersonates.

Running unattended automations on user accounts is typically done by developers debugging their automation projects, and business users running automations under their own identity, but on server-side resources instead of their local machines.

Running background processes on unattended infrastructure is also possible via personal remote automation which is easier to set up since it does not need an unattended robot enabled for the user account. See how to enable your users to run personal automations .

The differences between personal remote automations and unattended automation capabilities on a user account are:

  • You can only run personal remote automations if the underlying process is a background process; it does not work for processes that require user interaction. To execute processes that require user interaction configuring an unattended robot is still required.
  • In personal remote automation, the user's identity is used for executing that single process, so it helps achieve granular control in terms of when and how the user's identity is used. Unattended robots, on the other hand, act as the user they impersonate to execute processes across all folders the user has access to.

This article describes how administrators can enable developers and business users to:

  • Run background processes on unattended infrastructure, by allowing an unattended robot to impersonate a user for execution;
  • Run processes that require user interaction on unattended infrastructure; by allowing an unattended robot to impersonate a user for execution.

Running automations in a folder

Users can debug and run processes from all folders they have access to. They can use unattended infrastructure for execution, provided that an administrator has allocated to that folder the physical resources to run unattended automation, that is they assigned to that folder a machine template object with at least one runtime. Typically, for debugging, a NonProduction runtime is used.

Developers and business users can launch a process either by launching a job manually or via triggers in that folder.



If the user does not see any runtimes available when starting a job from Orchestrator, then the admin should make sure that:

  • they assigned both the user account and a machine template to the folder that contains the process to be executed.
  • they assigned runtimes to the machine template. This is not necessary in personal workspaces.

Debugging in a personal workspace

A personal workspace is the personal folder of a user and it acts as a separate and segregated storage space from the official Orchestrator feed. In a personal workspace, Orchestrator takes over several operations an admin would have to perform in a folder, allowing publishing, running and debugging automation projects without the admin intervention:

  • Orchestrator automatically creates a process from each package published from Studio to the personal workspace feed of that user;
  • Orchestrator automatically manages machine templates on the behalf of the administrator for personal workspace owners and a machine template with a Development runtime is automatically created and assigned to each new personal workspace.

Users can debug or run a process either by launching a job manually or via triggers in that workspace.



Enabling users to debug from Orchestrator

For a user to run processes on unattended infrastructure, an administrator must enable both personal automation capabilities and impersonation by an unattended robot. The latter enables the robot on a physical host machine to run under the identity of that user.

Required licenses:
  • A user license.
  • An unattended runtime.
  • Robot units for cloud robots.

For users to debug processes on unattended infrastructure, perform the following when you reference or edit the user account in Orchestrator:

  1. Under Personal automation setup, select the Enable user to run automations option.
    If the user is member of a group with personal automation capabilities, they inherit the capabilities from that group. Therefore, you can skip this step.
    The option allows users in that group to:
    • Run automation on their local machine via the UiPath Assistant.
    • Run background personal remote automations in folders where the user has the necessary permissions.
    • Run and debug in UiPath Studio, both desktop and web.
  2. Alternatively, still under Personal automation setup, select the Enable user to run automations + Personal Workspace option.
    The option allows users in that group to:
    • Manage automations in their personal workspace.
    • Run background personal remote automations in their personal workspaces.
  3. Under Unattended setup, configure unattended debugging settings for the user. Select the infrastructure to execute unattended foreground processes under that account:
    1. Select the Use the VMs preconfigured Windows user account (for runs on UiPath Automation Cloud robots only) option to delegate Automation Cloud robots to execute processes that require user interaction. The robots use a preconfigured Windows account when they execute processes.
    2. Select the Use a specific Windows user account. To execute processes on a specific Windows machine, fill in the Domain\Username and Password fields. You must specify the correct credentials for the host machine, so the robot can log into it successfully. This allows the robot to run processes that require user interaction under that specific Windows account.
      To configure the credential settings when you use specific Windows accounts, check the following:

      Field

      Description

      Domain\Username

      The account under which the robot runs.

      • For domain-joined accounts, use the domain\username syntax. For example deskover\localUser1.
      • For local Windows accounts, use the host_machine_name\username syntax, with the name of the host machine, instead of the domain. For example, LAPTOP1935\localUser2.
      • For local Windows accounts that reside on multiple host machines, that you want to use regardless of machine, use the .\username syntax with a dot, instead of the host machine name. For example .\localUser3.
      • For Azure AD joined machines, use the azuread\username@domain.com syntax.

      Credential store

      The credential store used for your password. For more details, check Credential stores.

      Password

      The password used to log into the machine where UiPath Robot is installed.

      Credential type

      Specifies the type of password credential.

  4. Enable the Run only one job at a time option to restrict the user to simultaneously execute multiple jobs. This helps when you automate applications that do not allow you to use a credential more than once at a time (e.g., SAP).
  5. Select Update.

Enabling users without Orchestrator access to debug on the host machine

When interactive authentication is enforced, in UiPath Assistant, a user can only see the processes to which they have access and only after signing in to their account. A user license is also required. Therefore, unattended processes which do not run under a user account are not available in UiPath Assistant for troubleshooting, making it impossible for a user to debug an unattended process by logging into that host machine.

To overcome this, an administrator can temporarily enable a troubleshooting session on their machine. Doing this lets the user see and run the unattended process locally, without requiring a user license. The troubleshooting session is temporary and the above only applies while troubleshooting is active.

You can also use Studio for its remote debugging capabilities. It allows running and debugging attended and unattended processes on remote machines, including on Linux robots that can run cross-platform projects.

Step 1. Enable a troubleshooting session

  1. Go to Tenant > Monitoring.
  2. Select Unattended sessions from the Section dropdown menu.
  3. Identify the machine where the error occurred, click More Actions at the end of the machine row and select Configure troubleshooting session.

    The option is only available if interactive authentication is enforced.

    You can find out on which machine a process ran by selecting the Processes section.

    The Configure troubleshooting session dialog opens:



  4. Under Troubleshooting session, click the toggle to switch it to Enabled.
  5. In the Session timeout (minutes) box, edit the value to change the number of minutes the troubleshooting session should be active.

    After the specified number of minutes passes, the troubleshooting session is automatically disabled and no further connections are accepted. However, any existing connections remain active until disconnected.

  6. Click Save.

Step 2. Connect to UiPath Assistant

Follow these instructions to connect to the machine and run the unattended processes from UiPath Assistant with your account.

  1. In Orchestrator, go to Tenant > Machines and click Copy Client ID / Machine keydocs image at the end of the machine row to copy the machine key to your clipboard.
  2. In UiPath Assistant, click the user icon in the title bar and select Preferences.
  3. Select the Orchestrator Settings tab and click Disconnect or Sign out if needed so that you can edit the connection settings.
  4. Configure the connection as follows:
    1. Connection Type - Select Machine Key.
    2. Orchestrator URL - Add the URL to the Orchestrator instance, which should include the tenant and organization.
    3. Machine Key - Paste the copied machine key from your clipboard.
  5. Click Connect and then close the Preferences window.
  6. If you do not see the unattended processes in Assistant, then go to Preferences > Sign In and log in with your credentials.

Now you can run unattended processes from UiPath Assistant to troubleshoot them.

Step 3. Extend or disable the troubleshooting session

When you have finished debugging, you can disable the troubleshooting session for the machine so that it won't allow attended connections anymore. Or, if you need to, you can extend the amount of time that the session is active.

  1. Go to Tenant > Monitoring.
  2. Select Unattended sessions from the Section dropdown menu.
  3. Click More Actions at the end of the machine row and select Configure troubleshooting session.

  4. In the Configure troubleshooting session dialog:

    • Close the session: switch the toggle under Troubleshooting session to Disabled.

      When disabled, no further connections are accepted. However, any existing connections remain active until disconnected.

    • Extend the session: Edit the value in the Session timeout (minutes) box with a greater value to extend the session to the specified duration.
  5. Click Save.
  6. Disconnect UiPath Assistant to close the connection.

Configuring robot accounts to run unattended automations

Unattended automation typically runs on robot accounts, the UiPath® equivalent of Windows service accounts. Robot accounts can be thought of as non-human identities that need to be authorized to access Orchestrator resources. Their association with roles allows for a certain level of access to resources in Orchestrator.

Robot accounts have their unattended capabilities enabled by default, administrators only have to configure several infrastructure related settings.

Enabling unattended automation on a robot account

Configure unattended execution settings under a robot account and on a specific infrastructure as follows:

  1. Under Manage Access - Access Rules, select Robot accounts.
  2. Then, either select Assign robot account, to assign a new robot account and add roles, or edit an existing robot account.
  3. On the Assign access rules page, under Unattended setup, select the infrastructure to execute unattended foreground processes under that robot account:
    1. Select the Unattended robot using predefined VM credentials (for runs on UiPath Automation Cloud robots only) option to delegate Automation Cloud robots to execute processes that require user interaction. The robots use a preconfigured Windows account when they execute processes.
    2. Select the Unattended robot using custom Windows credentials. To execute processes on a specific Windows machine, fill in the Domain\Username and Password fields. You must specify the correct credentials for the host machine, so the robot can log into it successfully. This allows the robot to run processes that require user interaction under that specific Windows account. For more details on how to retrieve your Windows credentials, check How to find my computer credential information in Windows 10.
      To configure the credential settings when you use specific Windows accounts, check the following:

      Field

      Description

      Domain\Username

      The account under which the robot runs.

      • For domain-joined accounts, use the domain\username syntax. For example deskover\localUser1.
      • For local Windows accounts, use the host_machine_name\username syntax, with the name of the host machine, instead of the domain. For example, LAPTOP1935\localUser2.
      • For local Windows accounts that reside on multiple host machines, that you want to use regardless of machine, use the .\username syntax with a dot, instead of the host machine name. For example .\localUser3.
      • For Azure AD joined machines, use the azuread\username@domain.com syntax.

      Credential store

      The credential store used for your password. For more details, check Credential stores.

      Password

      The password used to log into the machine where UiPath Robot is installed.

      Credential type

      Specifies the type of password credential.

      Note: Unattended robots can run background jobs on any infrastructure. It is, however, recommended to specialize your host machines to execute particular types of processes in order to maximize efficiency and cut costs. Learn more about optimizing unattended infrastructure using machine templates.
  4. Enable the Run only one job at a time option to restrict the account to simultaneously execute multiple jobs. This helps when you automate applications that do not allow you to use a credential more than once at a time (e.g., SAP).
  5. Under Advanced robot options, configure execution settings for the unattended robot. Learn about robot settings.
  6. Select Update.

Was this page helpful?

Support and Services
Get The Help You Need
UiPath Academy
Learning RPA - Automation Courses
UiPath Forum
UiPath Community Forum
Uipath Logo White
Trust and Security
Terms of Use
Privacy Policy
Cookies Policy
© 2005-2025 UiPath. All rights reserved.