Subscribe

UiPath Orchestrator

The UiPath Orchestrator Guide

Host authentication settings

Installation key


The installation key is a token used to allow SSO connections to Orchestrator for integrated applications.

  1. Log in to the Management portal as a system administrator.
  2. Select Security and then select the Authentication Settings tab.
    In the old Admin experience, go to Accounts & Groups instead of Security.
    The current installation key is displayed and you can click the Copy icon to copy it to your clipboard:
1020
  1. (Optional) To generate a new installation key, click Generate new.
    A success message appears from the top right indicating that a new key was generated.

External providers


Orchestrator allows you to configure an external identity provider to control how your users sign in. The following table provides an overview of the different host-level external providers available.

Follow the instructions applicable for the external provider you want to use, as indicated below:

📘

New installation versus upgrade

The instructions indicated in the below table are for a new installation or if you are configuring one of the external providers for the first time.
If you upgraded Orchestrator and were already using one or more of the external providers listed below, the configuration is migrated, but you might need to perform some re-configuration tasks. If so, follow the instructions in Re-configuring authentication after upgrade instead.

External Provider IntegrationAuthenticationDirectory SearchUser Provisioning
Active Directory and Windows AuthenticationUsers can use SSO with Windows Authentication using the Kerberos protocolAdministrators can search for users from the Active DirectoryUsers must be assigned a role in the Orchestrator tenant. Active Directory users and groups can be assigned a role via directory search.
Azure Active DirectoryUsers can use SSO with Azure AD using the OpenID Connect protocolNot supportedUsers must be manually provisioned into the Orchestrator tenant with an email address matching their Azure AD account.
GoogleUsers can use SSO with Google using the OpenID Connect protocolNot supportedUsers must be manually provisioned into the Orchestrator tenant with an email address matching their Google account.
SAML 2.0Users can use SSO with any Identity Provider that supports SAMLNot supportedUsers must be manually provisioned into the Orchestrator tenant with a username matching their SAML account.

📘

Differences between integrating Azure AD at host-level and organization-level

The host-level Azure AD external identity provider only enables SSO functionality. The organization-level Azure AD integration enables SSO, directory search, and automatic user provisioning.

 

Security


The settings you specify here are inherited by all organizations in your installation as default, but organization administrators can overwrite these settings as needed at the level of the individual organization.

To configure security options for your Automation Suite installation, go to Admin > Users > Authentication Settings and edit the following options as needed.

Password complexity

📘

Editing the Password complexity settings does not affect existing passwords.

FieldDescription
Special charactersSelect to force users to include at least one special character in their password.
By default, this checkbox is not selected.
Lowercase charactersSelect to force users to include at least one lowercase character in their password.
By default, this checkbox is selected.
Uppercase charactersSelect to force users to include at least one uppercase character in their password.
By default, this checkbox is not selected.
DigitsSelect to force users to include at least one digit in their password.
By default, this checkbox is selected.
Minimum password lengthSpecify the minimum number of characters a password should contain.
By default, it is 8. The length cannot be smaller than 6 or greater than 14.
Days before password expirationSpecify the number of days for which the password is available. After this period, the password expires and needs to be changed.
The minimum accepted value is 0 (the password never expires), and the maximum is 120 days.
Number of times a password can be reusedThe minimum accepted value is 0 (never allow reusing a password), while the maximum is 10.
Change password on the first loginIf set to Required, users that log in for the first time must change their password before being allowed to access Automation Suite.
If set to Not required, users can log in and continue to use the admin-defined password until it expires.

Account lockout

FieldDescription
Enabled or Disabled toggleIf enabled, locks the account for a specific amount of seconds after a specific amount of failed login attempts. This also applies to the password change feature.
Account lockout durationThe number of seconds a user needs to wait before being allowed to log in again after exceeding the Consecutive login attempts before lockout.
The default value is 5 minutes. The minimum accepted value is 0 (no lockout duration), and the maximum is 2592000 (1 month).
Consecutive login attempts before lockoutThe number of failed login attempts allowed before the account is locked.
The default value is 10 attempts. You can set a value between 2 and 10.

Updated 3 months ago


Host authentication settings


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.