Subscribe

UiPath Orchestrator

The UiPath Orchestrator Guide

Robot authentication with client credentials

This article describes the client credential flow for robot authentication.

Client credentials is a robot authentication mechanism that uses the OAuth 2.0 framework as the basis for its authentication protocol, meaning unattended robots can connect to Orchestrator using a client ID - client secret pair generated via machine template objects. The client ID - client secret pair generates a token that authorizes the connection between the robot and Orchestrator and provides the Robot with access to Orchestrator resources.

Client credentials allow the UiPath Robot to access Orchestrator resources by using its own credentials, instead of impersonating a user. When the robot requests resources from Orchestrator, Orchestrator enforces that the robot itself has authorization to perform an action since there is no user involved in the authentication.

🚧

Important

Client credentials work with the UiPath Robot 2022.2 or higher.

How it works


15381538
  1. The user enters the Client ID and Client Secret as generated by a machine object in Orchestrator.
  2. The robot requests the authentication configuration from Orchestrator.
  3. Orchestrator confirms Client Credentials is the mechanism used for robot authentication.
  4. The robot requests an access token from the Identity Server by presenting the client ID and client secret as authentication of its own identity.
  5. If the robot identity is validated, Identity Server issues an access token to the robot. Authorization is complete.
  6. The robot requests the resource from Orchestrator and presents the access token for authentication.
  7. If the access token is valid, Orchestrator serves the resource to the robot.

Generating authorization credentials


The following steps explain how to generate credentials to authenticate your robots.

  1. Go to the Tenant > Machines.
  2. Create a machine template or a standard machine as you would normally do.
  3. After you are done configuring its fields, click Provision. The machine object is created and a confirmation windows is displayed with details about the machine, including the Client ID and Client secret.

🚧

Important

You will need the client ID and client secret to connect the robot to Orchestrator. The client secret is only visible once, right after its creation, so if you want to use the same secret multiple times, make sure to copy it and store it in a safe storage location. Consider using encryption or hashing to secure the storage.

Generating new client secrets


You can generate new client secrets for the same client ID by editing the machine object. The following steps explain how to generate new secrets.

  1. Go to the Tenant > Machines.
  2. For the machine for which you want to generate new secrets, click More Actions > Edit Machine
  3. In the Client secrets section, click Add new to add a new secret. A new secret is generated and visible for you to copy it.

🚧

Important

The client secret is only visible once, right after its creation, so if you want to use the same secret multiple times, make sure to copy it and store it in a safe storage location. Make sure to also store the corresponding Secret ID as well, since this is the only way to identify the secret in case you want to later delete it, for example.

Deleting existing client secrets


You can delete any secrets in order to revoke access to resources from machines employing those secrets to connect to Orchestrator. The following steps explain how to delete existing secrets.

  1. Go to the Tenant > Machines.
  2. For the machine for which you want to delete secrets, click More Actions > Edit Machine
  3. In the Client secrets section, click Delete client secret for the secret you want to delete. A confirmation window is displayed.
  4. Click Delete in the confirmation window to confirm the delete operation. The secret is successfully deleted and all host machines employing them to connect to Orchestrator get disconnected.

🚧

Important

Deleting a secret is permanent and causes the robot to disconnect, thus revoking access from host machines using that secret to connect to Orchestrator. This brings any execution taking place on those host machines to a halt and prevents any further executions from happening.

Updated 7 months ago


Robot authentication with client credentials


This article describes the client credential flow for robot authentication.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.