orchestrator
2023.10
false
UiPath logo, featuring letters U and I in white

Orchestrator User Guide

Automation CloudAutomation Cloud Public SectorAutomation SuiteStandalone
Last updated Oct 17, 2024

Settings - Tenant Level

The Settings page enables administrators to adjust Orchestrator tenant settings. You can make the changes on a per-tenant basis by using the Settings page at the tenant level, or for all tenants across all organizations at once, by using the Settings page from the Orchestrator host portal.

This page describes settings at the tenant level. Configurations made here override settings made on the Orchestrator host portal.

Note: Certain settings are different between standalone Orchestrator installations and Orchestrator in Automation Suite. Whenever the case, these differences are noted below the description of each setting.

General Tab

Field

Description

Application Settings

Timezone - The time zone of the tenant. By default, this field is set to UTC.

The time zone list depends on the machine. To ensure that all the instances under a multi-node Orchestrator installation have the same time zone list, they must use the same operating system version.

Language - The language of the Orchestrator user interface for all tenants, including email notifications and alerts. This setting does not affect robot logs or event logs, which use the Windows language.

Custom logo - Upload your desired logo which appears in the Orchestrator window header. The accepted formats are .png and .svg, with a maximum file size of 1MB.

Custom header color - Select a color for the Orchestrator window header. This is useful for distinguishing between multiple Orchestrator tenants. The header color is selected by clicking the colored square to bring up your machine's color selector.

You cannot customize the color of the header.

Personal Workspaces

Enable Automation Suite Robot automatically - Option selected by default, allowing Automation Suite Robot machines to be automatically provisioned in the personal workspaces of users.

Deselecting the option prevents Automation Suite Robot machines from being automatically created in personal workspaces.
Note:

Deselecting the option does not deallocate the machine from your personal workspace. Explicit deallocation of the Automation Suite Robot machine might be required.

Automatically stop exploring Personal Workspaces after - Allows Orchestrator administrators to enforce a rule dictating that personal workspace exploration is automatically stopped after a set amount of time.

The available options are 15 minutes,1 hour,1 day, and custom value.

By default, when migrating or creating new tenants, this value is not set. You need to configure it manually once the migration/creation process is completed.

Stop all active sessions for exploring Personal Workspaces - Allows Orchestrator administrators to stop all currently active personal workspace exploration sessions. This is suffixed by the number of active sessions, displayed in parentheses, and can be enabled by clicking Stop session(s) explore.

Changes you make to exploration settings do not apply retroactively to sessions that have already been explored.

Mass enable Personal workspaces for current users and groups - Creates personal workspaces for all users in a tenant that use a certain attended licensing profile, while also selecting the UI profile to be used for those users.

This action cannot be reversed, once the Personal Workspaces feature is enabled it cannot be disabled.

Standard Roles

Create standard roles. These roles allow you to leverage the benefits of user groups.

Click Create Role next to each of the roles you want create.

Client Binaries (Robot, Studio, Assistant) Auto-Update Settings

Ignore auto-update status for robot machines that were offline for more than ___ days - Allows you to exclude inactive machines from the update process and no longer take them into account when the update status is reported.

Folders

Enable account-machine mappings - Enable the Account-Machine Mappings feature.

Email Setup

Enable alerts email - Enable Orchestrator to send email messages about Fatal and Error alerts.

To receive email alerts, email settings must be properly set up.

Deployment Tab

Enables you to configure and secure feeds for packages and libraries. You can manage the feeds for all tenants from a centralized location using Automation Ops. For more information, see feeds management in the Automation Ops guide.

Settings here only affect tenant feeds; folder feeds and personal workspace feeds are always internal and available in the context of the respective folder or personal workspace alone.

Packages

Enables you to set an internal or an external feed in which automation packages can be maintained. By default, an internal feed is used. The feeds can be secured either by defining basic authentication credentials or by using an API key.

Field

Description

Internal

Use an internal feed. The feed can be secured either with the Secure Deployment option or by using an API key:

  • Secure Deployment - Ensures that your automation packages are downloaded through a secure NuGet feed.
  • API Key - The key used to secure your feed against write operations such as delete or upload. This is only required if you want to upload a package directly to the NuGet feed using an external client.

External

Use an external feed. The feed can be secured either by using an API key or basic authentication credentials:

  • API Key - The key used to secure your feed against write operations such as delete or upload.
  • Authentication - Enables you to specify the credentials for your basic authenticated feed.

Please keep in mind that both the username and the password used with the API Key option should be used in this case as well.

When External is selected, the Deployment URL field is displayed where you need to fill in the address where the NuGet feed is located.

Important: We do not support cross-platform packages uploaded to an external feed. Their metadata can only be read if they are uploaded directly to Orchestrator.

Libraries

Enables you to configure the feed to be used for library and activity packages.

Field

Description

Only host feed

Libraries are stored in the host feed and are available to all tenants which use it. The Libraries page is the same for one Orchestrator instance, meaning libraries are not isolated at the tenant level: each tenant has access to the other tenants' activity.

You cannot upload libraries from Orchestrator if this option is selected.

This option gives robot access only to the host feed.

Only tenant feed

Libraries are isolated at the tenant level, meaning data is separated across tenants. You may set an internal or an external feed in which libraries are maintained. By default, an internal feed is used.

This option gives robot access only to the tenant feed.

Both host and tenant feeds

Libraries are isolated at the tenant level, meaning data is separated across tenants. You may set an internal or an external feed in which libraries are maintained. By default, an internal feed is used.

This option gives robot access to both the host and tenant feeds.

Internal

Must be selected in order to use an internal feed as the tenant feed. The feed can be secured either with the Secure Deployment option or by using an API key:

  • Secure Deployment - Ensures that your automation packages are downloaded through a secure NuGet feed.
  • API Key - The key used to secure your feed against write operations such as delete or upload. The user can use it to publish packages.
This key is generated by the external provider and has the following format [username]:[password]. For example, admin:2652ACsQhy.

External

Must be selected in order to use an external feed as the tenant feed. The feed can be secured using an API key:

  • API Key - The key used to secure your feed against write operations such as delete or upload. The user can use it to publish packages.
This key is generated by the external provider and has the following format [username]:[password]. For example, admin:2652ACsQhy.

When External is selected, the Deployment URL field is displayed where you need to fill in the address where the NuGet feed is located.

Prerequisites for Using an External Feed Through a Proxy

If you want to use an external feed while you have a proxy server configured on Windows, the following are required beforehand:

  • Set the Load User Profile option for the Orchestrator application pool (Internet Information Services > Application Pools) to True.


  • Add the proxy settings you used to the NuGet.config file associated with the application pool identity account (C:\Users\[YourAppPoolIdentityAccountName]\AppData\Roaming\NuGet\NuGet.Config):
    <config>
    <add key="http_proxy" value="http://ipaddress:port" />
    </config><config>
    <add key="http_proxy" value="http://ipaddress:port" />
    </config>
    Note: Note that the following settings are loaded only when the Robot Service connects to the server. Whenever they are modified you need to restart the UiRobotSvc service for the changes to take effect.

Robot Security Tab

Security

Field

Description

Total hours a robot can run offline without license verification

Specify the number of hours a Robot can run offline, without Orchestrator checking its license. By default, it is set to 0. The maximum accepted value is 168 hours.

Robot Authentication

Field

Description

Attended robot authentication

Interactive Sign-in SSO (Recommended) - This option only allows for robot connections with tokens that expire. Users can authenticate their robots only by signing-in with their credentials in the Assistant.

Note: User sign in is required to run attended robots, make Orchestrator HTTP requests, or view processes in the Assistant. When using interactive sing-in, there is no need to create machine objects in Orchestrator.

Hybrid - This option allows for both connections with tokens that don't expire (machine key) and connections with tokens that expire (interactive sign-in or client credentials). Users have the option to sign-in with their credentials to authenticate their robots, which in turn allows them to connect Studio and the Assistant to Orchestrator, however it is not mandatory.

Unattended robot authentication

Client credentials (Recommended) - This option only allows for connections with tokens that expire. It uses the OAuth 2.0 framework as the basis for the authentication protocol, meaning unattended robots can connect to Orchestrator with a client ID - client secret pair generated via machine template objects. The client ID - client secret pair generates a token that authorizes the connection between the robot and Orchestrator and provides the robot with access to Orchestrator resources.

Hybrid - This option allows for both connections with tokens that don't expire (machine key) and connections with tokens that expire (client credentials).

Scalability Tab

Specify if the Robot service should subscribe to Orchestrator's SignalR channels, and configure the transport protocols that work best for you. These settings are preserved upon upgrading.



SignalR (Robots)

Field

Description

Enabled

This toggle specifies if the Robot service subscribes to Orchestrator's SignalR channels or not. By default, this setting is enabled, and all available channels are selected:

  • WebSocket
  • Server-Sent Events (SSE)
  • Long Polling

When all transport channels are enabled, the best available transport is automatically selected, in the following priority order: WebSocket > Server-Sent Events > Long Polling. If the first protocol is not available for any reason, the next in line (if enabled) is used to facilitate the communication between Orchestrator and Robot.

WebSocket

When selected, enables the WebSocket transport protocol to be used to connect the Robot to Orchestrator's SignalR channels. This is the highest protocol used in the order of priority due to its performance and support for simultaneous communication in both directions - from the Robot service to Orchestrator and vice versa.

This option cannot be used if the SignalR (Robots) feature is not enabled.

Server-Sent Events (SSE)

When selected, enables the Server-Sent Events (SSE) push technology to be used to connect the Robot to Orchestrator's SignalR channels. This is the first backup in case WebSockets is not available for any reason.

This option cannot be used if the SignalR (Robots) feature is not enabled.

Long Polling

When selected, enables the long polling transport protocol to be used to connect the Robot to Orchestrator's SignalR channels. This protocol is used in case the WebSockets and SSE ones are not available.

This option cannot be used if the SignalR (Robots) feature is not enabled.

Non-Working Days Tab

Define a list of non-business days, per tenant, on which you can restrict triggers from running. This means that, during public holidays, weekends, or any other day on which normal business activities are not being carried out, your long-run schedules can be configured such that they don't trigger. Once the defined non-business days are over, the triggers launch as usual.

In order to apply these restrictions to your triggers, you need to select the non-working day calendar when configuring triggers. All changes you make on the Non-Working Days tab affect all triggers that use that calendar.

Note: Non-working day restrictions are disabled for triggers on a timezone different than the timezone set at tenant level (Settings > General). A tenant without an explicitly defined timezone inherits it from the host.

For more details on how to manage non-working days, click here.

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.