- About the Tenant Context
- Searching for Resources in a Tenant
- Managing Robots
- Connecting Robots to Orchestrator
- Storing Robot Credentials in CyberArk
- Storing Unattended Robot Passwords in Azure Key Vault (read-only)
- Storing Unattended Robot Credentials in HashiCorp Vault (read-only)
- Storing Unattended Robot Credentials in AWS Secrets Manager (read Only)
- Deleting Disconnected and Unresponsive Unattended Sessions
- Robot Authentication
- Robot Authentication With Client Credentials
- Audit
- Settings
Robot Authentication With Client Credentials
Client credentials is a robot authentication mechanism that uses the OAuth 2.0 framework as the basis for its authentication protocol, meaning unattended robots can connect to Orchestrator using a client ID - client secret pair generated via machine template objects. The client ID - client secret pair generates a token that authorizes the connection between the robot and Orchestrator and provides the Robot with access to Orchestrator resources.
Client credentials allow the UiPath Robot to access Orchestrator resources by using its own credentials, instead of impersonating a user. When the robot requests resources from Orchestrator, Orchestrator enforces that the robot itself has authorization to perform an action since there is no user involved in the authentication.
How It Works
- The user enters the Client ID and Client Secret as generated by a machine object in Orchestrator.
- The robot requests the authentication configuration from Orchestrator.
- Orchestrator confirms Client Credentials is the mechanism used for robot authentication.
- The robot requests an access token from the Identity Server by presenting the client ID and client secret as authentication of its own identity.
- If the robot identity is validated, Identity Server issues an access token to the robot. Authorization is complete.
- The robot requests the resource from Orchestrator and presents the access token for authentication.
- If the access token is valid, Orchestrator serves the resource to the robot.
Generating Authorization Credentials
The following steps explain how to generate credentials to authenticate your robots.
Generating New Client Secrets
You can generate new client secrets for the same client ID by editing the machine object. The following steps explain how to generate new secrets.
Deleting Existing Client Secrets
You can delete any secrets in order to revoke access to resources from machines employing those secrets to connect to Orchestrator. The following steps explain how to delete existing secrets.