# Robot Security Tab > | Field | Description | | --- | --- | | **Total hours a robot can run offline without license verification** | Specify the number of hours a Robot can run offline, **without Orchestrator checking its license**. By default, it is set to 0. The maximum accepted value is 168 hours. | ## Security | Field | Description | | --- | --- | | **Total hours a robot can run offline without license verification** | Specify the number of hours a Robot can run offline, **without Orchestrator checking its license**. By default, it is set to 0. The maximum accepted value is 168 hours. | ## Robot Authentication Field Description Attended robot authentication Interactive Sign-in SSO (Recommended) - This option only allows for robot connections with tokens that expire. Users can authenticate their robots only by signing-in with their credentials in the Assistant. Note: User sign in is required to run attended robots, make Orchestrator HTTP requests, or view processes in the Assistant. When using interactive sing-in, there is no need to create machine objects in Orchestrator. Hybrid - This option allows for both connections with tokens that don't expire (machine key) and connections with tokens that expire (interactive sign-in or client credentials). Users have the option to sign-in with their credentials to authenticate their robots, which in turn allows them to connect Studio and the Assistant to Orchestrator, however it is not mandatory. Unattended robot authentication Client credentials (Recommended) - This option only allows for connections with tokens that expire. It uses the OAuth 2.0 framework as the basis for the authentication protocol, meaning unattended robots can connect to Orchestrator with a client ID - client secret pair generated via machine template objects. The client ID - client secret pair generates a token that authorizes the connection between the robot and Orchestrator and provides the robot with access to Orchestrator resources. Hybrid - This option allows for both connections with tokens that don't expire (machine key) and connections with tokens that expire (client credentials).