Subscribe

UiPath Orchestrator

The UiPath Orchestrator Guide

Configuring SSO: SAML 2.0

standalonestandalone These instructions only apply if you have a standalone installation of Orchestrator. If you are using Orchestrator in Automation Suite, follow the instructions for Automation Suite instead.

Orchestrator can handle single sign-on (SSO) authentication based on SAML 2.0. To enable it, both Orchestrator/Identity Server as Service Provider, and an Identity Provider must be properly configured so that they can communicate with each other. If SAML is enabled and correctly configured, a button is displayed at the bottom of the Login page. If the external identity provider uses a multi-factor authentication protocol, the user needs to comply to the corresponding rules as well in order to successfully log in.

🚧

Important

Orchestrator/Identity Server supports multiple identity providers. In this guide we exemplify the following:
ADFS
Google
Okta
PingOne

Overview


To enable SAML authentication, the high-level process is as follows:

  1. Define a user in Orchestrator and have a valid email address set on the Users page.
    This applies if your email address is set as a SAML attribute. You can configure a custom mapping strategy as well.
  2. Import the signing certificate provided by the Identity Provider to the Windows certificate store using Microsoft Management Console, and set Orchestrator/Identity Server to use it accordingly.
  3. Add the configuration specific to the identity provider you want to use in the Saml2 settings (Users > Authentication Settings > External Providers), making sure the Enabled checkbox is selected. Follow the instructions for the identity provider you use:

Updated 11 days ago


Configuring SSO: SAML 2.0


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.