orchestrator
2020.10
false
UiPath logo, featuring letters U and I in white
OUT OF SUPPORT
Orchestrator User Guide
Automation CloudAutomation Cloud Public SectorAutomation SuiteStandalone
Last updated Dec 12, 2023

Configuring SSO: Azure Active Directory

Configure Azure AD to Recognize a New Orchestrator Instance

Note: The below steps are valid for Azure AD authentication setup. Please note that the below procedure is a broad description of a sample configuration. For a fully detailed how-to, visit the official Microsoft Documentation.
  1. Access Microsoft Azure App Registrations page and click New Registration.
  2. In the Register an application page, fill the Name field with the desired name of your Orchestrator instance.
  3. In the Supported account types section, select who can use the Orchestrator application. The recommended value is Accounts in this organizational directory only.
  4. Set the Redirect URI by selecting Web from the drop-down and filling in the URL of the Orchestrator instance plus the suffix /identity/azure-signin-oidc. For example, https://cloud.uipath.com/identity/azure-signin-oidc.


    Note:
    Replace all occurrences of https://cloud.uipath.com with the URL of your Orchestrator instance.
    Whenever filling in the URL of the Orchestrator instance, make sure it does not contain a trailing slash. Always fill it in as https://cloud.uipath.com, not https://cloud.uipath.com/.
  5. Click Register to register your Orchestrator instance in Azure AD.
  6. Save the Application (Client) ID. You'll use it later in Identity Server.

Set Orchestrator/Identity Server to Use Azure AD Authentication

  1. Define a user in Orchestrator and have a valid Microsoft email address set on the Users page.
  2. Make sure that the following configuration is present in Identity Server's AzureAD settings within External Providers page (read here how to access Identity Server):
    • Select the Enabled check box.
    • Set the Client ID parameter to the value of the Application (client) ID parameter obtained by configuring AzureAD authentication.
    • (Optionally) Set the Client Secret parameter to the value obtained by configuring AzureAD authentication.

      • Set the Authority parameter to one of the values:

        • https://login.microsoftonline.com/<tenant>, where <tenant> is the tenant ID of the Azure AD tenant or a domain associated with this Azure AD tenant. Used only to sign in users of a specific organization.
        • https://login.microsoftonline.com/common. Used to sign in users with work and school accounts or personal Microsoft accounts.
      • (Optionally) Set the Logout URL parameter to the value used while configuring AzureAD authentication.



  3. Click Save to save the changes to the external identity provider settings.
  4. Restart the IIS site after performing any configuration changes within Identity Server.

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.