UiPath Orchestrator

The UiPath Orchestrator Guide

Field Descriptions for External Providers Page

This page is only accessible within the Identity Management Portal, while logged in at host level with a user with System Administrator role.

Important!

Restart the IIS server after performing any configuration changes within Identity Server.

The Google Tab

Note:

Google OpenID Connect authentication only works if Orchestrator is set up on a top-level domain.

Field
Descriptions

Enabled

When selected, it enables Google OpenID Connect authentication. By default, this check box is not selected.

Display Name

The name displayed in the Login page for the Google OpenID Connect authentication.

Client ID

A Google API code required for Google OpenID Connect authentication. This cannot work without the Client Secret.

Client Secret

A Google API code required for Google OpenID Connect authentication. This cannot work without the Client ID.

Save

Saves the changes you made to the Google OpenID Connect authentication.

Read this page for more information about Google OpenID Connect authentication settings.

The Windows Tab

Field
Descriptions

Enabled

When selected, it enables Windows authentication. By default, this check box is not selected.

Force automatic login using this provider

When selected, it enables Windows automatic login. The value of this parameter is set during the installation or upgrade process.

Display Name

The name displayed in the Login page for the Windows authentication.

Save

Saves the changes you made to the Windows authentication.

Read this page for more information about Windows authentication settings.

The AzureAD Tab

Note:

It is not recommended to use Microsoft Azure AD and Windows AD on the same Orchestrator instance.

Field
Descriptions

Enabled

When selected, it enables Azure Active Directory authentication. By default, this check box is not selected.

Display Name

The name displayed in the Login page for the Azure Active Directory authentication.

Client ID

The Application Id associated with the registered Orchestrator in an Azure Active Directory.

Client Secret

The Client Secret obtained by registering Orchestrator in an Azure Active Directory. This cannot work without the Client ID.

Authority

The Authority is a URL that indicates a directory from which you can request tokens. It is composed of the identity provider instance and sign-in audience for the app, and possibly the Azure AD tenant ID.
You can use one of the following common authorities:
https://login.microsoftonline.com/<tenant>, where <tenant> is the tenant ID of the Azure AD tenant or a domain associated with this Azure AD tenant. Used only to sign in users of a specific organization.
https://login.microsoftonline.com/common. Used to sign in users with work and school accounts or personal Microsoft accounts.

Logout URL

The Logout URL obtained by registering Orchestrator in an Azure Active Directory. This is the URL where the external identity provider listens for incoming logout requests and responses.

Save

Saves the changes you made to the Azure Active Directory authentication.

Read this page for more information about Azure Active Directory authentication settings.

The SAML Tab

Field
Descriptions

Enabled

When selected, it enables you to authenticate using SAML 2.0. By default, this check box is not selected.

Display Name

The name displayed in the Login page for the SAML 2.0 authentication.

Service Provider Entity ID

The globally unique name for the SAML Service Provider.

Identity Provider Entity ID

The Entity Id associated with the registered Orchestrator in the External Identity Provider's own portal.

Single Sign-On Service URL

The single sign-on URL obtained by configuring Orchestrator in the External Identity Provider's portal.

Allow unsolicited authentication response

When selected, it enables Identity Server to deliver unsolicited authentication responses to the service provider.

Return URL

The URL to be used by the service provider to redirect you to Orchestrator after successfully authenticating in the Login page.

External user mapping strategy

The user mapping strategy to be used by the configured SAML identity provider. The following options are available:
By user email - The user's email address is set as the attribute. This is the default value.
By username - The username is set as the attribute.
By external provider key - An external provider key is set as the attribute.

ADFS, Google, and OKTA, they all use your email address as a SAML attribute.
Read here more about custom mapping attributes.

SAML binding type

The transport mechanism to be used by the messages exchanged with the configured SAML identity provider. The following options are available:
HTTP redirect - When selected, it enables SAML protocol messages to be transmitted within URL parameters. This is the default value.
HTTP POST - When selected, it enables SAML protocol messages to be transmitted within an HTML form by using base64-encoded content.
Artifact - When selected, it enables a SAML request or response (or both) to be transmitted by reference by using a unique identifier.

Signing Certificate > Store name

The Signing Certificate is used by the external identity provider to sign its messages. The fields in this section enable you to configure the use of private key certificates.

The Store name field points to the certificate store to search for the certificate. The following options are available:
My - The certificate is imported in the user's Personal certificate store. This is the default value.
TrustedPublisher - The certificate is imported in the Trusted Publisher certificate store.
TrustedPeople - The certificate is imported in the Trusted People certificate store.
Root - The certificate is imported in the Trusted Root Certification Authorities certificate store.
Disallowed - The certificate is imported in the Untrusted Certificates store.
CertificateAuthority - The certificate is imported in the Intermediate Certificate Authorities store.
AuthRoot - The certificate is imported in the Third-Party Root Certificates store.
AddressBook - The certificate is imported in the Other People store.

Signing Certificate > Store location

The location of the store to search for the certificate. The following options are available:
LocalMachine - The certificate is imported on the local machine's certificate store. This is the default value.
CurrentUser - The certificate is imported in the current user's certificate store.

Signing Certificate > Thumbprint

The thumbprint value provided in the Windows certificate store, with all the spaces between the characters removed. Details here.

Service Certificate > Store name

The Service Certificate specifies the certificate that the service provider uses for encrypted assertions.

The Store name field points to the certificate store to search for the certificate. The following options are available:
My - The certificate is imported in the user's Personal certificate store. This is the default value.
TrustedPublisher - The certificate is imported in the Trusted Publisher certificate store.
TrustedPeople - The certificate is imported in the Trusted People certificate store.
Root - The certificate is imported in the Trusted Root Certification Authorities certificate store.
Disallowed - The certificate is imported in the Untrusted Certificates store.
CertificateAuthority - The certificate is imported in the Intermediate Certificate Authorities store.
AuthRoot - The certificate is imported in the Third-Party Root Certificates store.
AddressBook - The certificate is imported in the Other People store.

Service Certificate > Store location

The location of the store to search for the certificate. The following options are available:
LocalMachine - The certificate is imported on the local machine's certificate store. This is the default value.
CurrentUser - The certificate is imported in the current user's certificate store.

Service Certificate > Thumbprint

The thumbprint value of the certificate, with all the spaces between the characters removed. Details here.

Save

Saves the changes you made to the SAML 2.0 authentication.

Read this page for more information about single sign-on authentication settings using SAML 2.0. Check out the specific configuration needed for ADFS, Google and OKTA authentication settings.

Updated 2 months ago



Field Descriptions for External Providers Page


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.