The below steps are valid for Azure AD authentication setup. Please note that the below procedure is a broad description of a sample configuration. For a fully detailed how-to, visit the official Microsoft Documentation.
- Access Microsoft Azure App Registrations page and click New Registration.
- In the Register an application page, fill the Name field with the desired name of your Orchestrator instance.
- In the Supported account types section, select who can use the Orchestrator application. The recommended value is Accounts in this organizational directory only.
- Set the Redirect URI by selecting Web from the drop-down and filling in the URL of the Orchestrator instance plus the suffix
/identity/azure-signin-oidc. For example,
Replace all occurrences of
https://platform.uipath.com with the URL of your Orchestrator instance.
Whenever filling in the URL of the Orchestrator instance, make sure it does not contain a trailing slash. Always fill it in as
- Click Register to register your Orchestrator instance in Azure AD.
- Save the Application (Client) ID. You'll use it later in Identity Server.
- Define a user in Orchestrator and have a valid Microsoft email address set on the Users page.
- Make sure that the following configuration is present in Identity Server's AzureAD settings within External Providers page (read here how to access Identity Server):
- Select the Enabled check box.
- Set the Client ID parameter to the value of the Application (client) ID parameter obtained by configuring AzureAD authentication.
- (Optionally) Set the Client Secret parameter to the value obtained by configuring AzureAD authentication.
- Set the Authority parameter to one of the values:
https://login.microsoftonline.com/<tenant>, where <tenant> is the tenant ID of the Azure AD tenant or a domain associated with this Azure AD tenant. Used only to sign in users of a specific organization.
https://login.microsoftonline.com/common. Used to sign in users with work and school accounts or personal Microsoft accounts.
- (Optionally) Set the Logout URL parameter to the value used while configuring AzureAD authentication.
- Click Save to save the changes to the external identity provider settings.
- Restart the IIS site after performing any configuration changes within Identity Server.
Updated 3 months ago