- Organization Modeling in Orchestrator
- Automation Best Practices
- Optimizing Unattended Infrastructure Using Machine Templates
- Organizing Resources With Tags
- Orchestrator Read-only Replica
- Exporting grids in the background
- About the Tenant Context
- Searching for Resources in a Tenant
- Managing Robots
- Connecting Robots to Orchestrator
- Storing Robot Credentials in CyberArk
- Storing Unattended Robot Passwords in Azure Key Vault (read-only)
- Storing Unattended Robot Credentials in HashiCorp Vault (read-only)
- Storing Unattended Robot Credentials in AWS Secrets Manager (read Only)
- Deleting Disconnected and Unresponsive Unattended Sessions
- Robot Authentication
- Robot Authentication With Client Credentials
- Elastic Robot Orchestration
- Automation Cloud™ Robots - VM
- Automation Cloud™ Robots - Serverless
- Configuring VPN for Cloud Robots
- Bulk Uploading Queue Items Using a CSV File
- Managing Queues in Orchestrator
- Managing Queues in Studio
- Review Requests
- Test Automation
Managing credential proxies
You can create and manage proxies for your own custom credential stores, allowing you to individually control the safety of your credentials.
You can choose between these two types:
Connected proxy (Managed by Orchestrator) - when a robot requests credentials, Orchestrator retrieves them from the proxy and passes them on to the robot.
Disconnected proxy (Managed by the proxy service) - when a robot requests credentials, they are retrieved directly from the proxy, without having to go through Orchestrator. This type is only compatible with Robots version 23.10+.This feature is only available if you are on the Enterprise - Advanced licensing plan.
Creating a credentials proxy
Once you have installed the Orchestrator Credentials Proxy, you can create a custom proxy, which holds your custom credential stores.
- At the tenant level, click Credentials > Proxies > Add Credentials Proxy. The Add Credentials Proxy window is displayed.
- Choose either Connected proxy (Managed by Orchestrator) or Disconnected proxy (Managed by the proxy service).
- Add a name for your proxy.
- Add the URL pertaining to the virtual machine included in the Orchestrator Credentials Proxy setup.
- Add the key.
For the connected proxy, depending on the installation method, this is either the secret key generated by the .msi installer, or the one held by the Jwt:Keys parameter.
For the disconnected proxy, this must be a key that already exists in one of the disconnected proxy's local configuration files.
The information you provide at steps 4 and 5 create the link between Orchestrator and the installation which contains your custom credential store plugins.
- Click Create.
You can then add the desired store as follows:
- At the tenant level, click Credentials > Stores > Add credential store.
- From the Proxy list, select the proxy that you have just created.
- From the Type list, select the third party credential store defined by your plugin.
Editing a credentials proxy
To edit a proxy, click More Actions > Edit. The Edit Credentials Proxy page is displayed, allowing you to change the name, URL, or key as needed.
Deleting a credentials proxy
To delete a proxy, click More Actions > Remove. If the selected proxy is in use, a warning dialog is displayed, listing the number of robots and assets that will be affected. Click Yes to confirm the removal or No to abort.