orchestrator

2021.10

false

Getting started
- Introduction
- User Options
- Logging in to Orchestrator
- Resetting Your Password
- My Profile
- Robots
  - Robot Statuses
  - Robot Settings
- Auto Updating Client Components
- Orchestrator Configuration Checklist
Best practices
- Organization Modeling in Orchestrator
- Managing Large Deployments
- Automation Best Practices
- Optimizing Unattended Infrastructure Using Machine Templates
Tenant
- About the Tenant Context
- Robots
- Folders
- Managing Access and Automation Capabilities
- Machines
- Packages
- Audit
- Credential Stores
- Webhooks
  - Types of Events
  - Managing Webhooks
- Licensing
  - Managing Your Licenses
- Alerts
  - Setting Up Alert Emails
- Settings
Folders Context
- About the Folders Context
- Home
Automations
- About Automations
Processes
- About Processes
- Managing Processes
- Managing Package Requirements
- About Recording
Jobs
- About Jobs
- Managing Jobs
- Job States
- Working with long-running workflows
Triggers
- About Triggers
- Managing Triggers
- Using Cron Expressions
Logs
- About Logs
- Managing Logs in Orchestrator
- Logging Levels
- Orchestrator Logs
Monitoring
- About Monitoring
- Machines
- Processes
- Queues
- Queues SLA
Queues
- About Queues and Transactions
- Bulk Uploading Queue Items Using a CSV File
- Managing Queues in Orchestrator
- Managing Queues in Studio
- Managing Transactions
  - Editing Transactions
  - Field Descriptions for the Transactions .csv File
- Review Requests
Assets
- About Assets
- Managing Assets in Orchestrator
- Managing Assets in Studio
Storage Buckets
- About Storage Buckets
  - CORS/CSP Configuration
- Managing Storage Buckets
- Moving Bucket Data Between Storage Providers
Test Suite - Orchestrator
- Test Automation
- Test Cases
  - Field Descriptions for the Test Cases Page
- Test Sets
  - Field Descriptions for the Test Sets Page
- Test Executions
  - Field Descriptions for the Test Executions Page
- Test Schedules
  - Field Descriptions for the Test Schedules Page
- Test Data Queues
Other Configurations
- Increasing the Size Limit of Package Files
- Setting up Encryption Key Per Tenant
- GZIP Compression
Integrations
- About Input and Output Arguments
  - Providing Argument Values
    - Orchestrator API
  - Example of Using Input and Output Arguments
Classic Robots
- Robots
- Environments
  - Best Practices
  - Managing Environments
- Jobs
  - Long-Running Workflows
    - Queues
    - Duration
- Triggers
  - Time Triggers
    - Queued Jobs Scenarios
  - Queue Triggers
- Monitoring
  - Robots
- Resources
Host administration
- About the host level
- Managing system administrators
- Managing tenants
- Configuring host authentication settings
- Managing your host license
  - Allocating host licenses to organizations
- Configuring system email notifications
- Configuring other host settings
  - Customizing the Login page
  - Orchestrator host settings
    - Tenant Settings - Host Level
- Audit logs for the host portal
- Maintenance Mode
Organization administration
- About organizations
- About Licensing
  - Activating your license
- Accounts and Groups
- Registering External Applications
  - Managing External Applications
- Audit logs
Troubleshooting
- About Troubleshooting
- Cron Expressions
- Upgrade Issues
- Frequently Encountered Orchestrator Errors

OUT OF SUPPORT

Orchestrator User Guide

DELIVERY:

Automation Cloud Automation Cloud Public Sector Automation Suite Standalone

Last updated Oct 31, 2024

Reconfiguring authentication after upgrade

If you are upgrading Orchestrator to this version and you've previously enabled any external identity provider authentication, there are a series of manual configurations to be performed at the external identity provider level.

Previously created users are propagated to the UiPath Identity Server database.

UiPath® Identity Server acts as a federation gateway for a series of external identity providers (Google, Windows, Azure AD, and SAML2). You can configure their settings from the Management portal, under Users > Authentication Settings, in the External Providers section.

Manual configuration after an upgrade

Upon upgrading to this version of Orchestrator, any external identity provider authentication enabled in Orchestrator is automatically migrated to Identity Server, along with all the existing users. However, some manual changes are required after the upgrade.

Upgrading from versions prior to 2020.4

If you upgraded Orchestrator from version 2020.4 (or from a later version) to the current version, skip this section.

If you upgraded from a version prior to 2020.4:

In the external provider's settings, modify the Return URL by adding /identity at the end of your Orchestrator URL so that you have https://OrchestratorURL/identity.
Save the changes to the external provider.
Restart the IIS site for the changes to apply.

Continue with the instructions on this page for additional configuration that is required actions for the external identity providers you use with Orchestrator.

Google OpenID Connect authentication

If you've previously configured Google to recognize a new Orchestrator instance , then you need to perform these steps:

Access Google APIs and search for your previously created project.
In the Credentials page, select your previously created OAuth 2.0 client:
In the Client ID for Web application page, edit the Authorized redirect URIs value by adding the suffix /identity after your Orchestrator URL. For example, https://OrchestratorURL/identity/google-signin.
Save your changes.

Windows Authentication

If you've previously enabled Windows authentication, no further actions are required.

Azure AD authentication

If you've previously configured Azure AD to recognize a new Orchestrator instance, then you need to perform these steps:

Access App Registrations in the Microsoft Azure portal and select your existing Orchestrator app registration.
In the selected app's page, select Redirect URIs.
In the selected app's Authentication page, modify the Redirect URL by adding /identity/azure-sign-in-oidc at the end of your Orchestrator URL:
Save the changes.
Restart the IIS server.

SAML2 authentication

ADFS

If you've previously configured ADFS to recognize a new Orchestrator instance, then you need to perform these steps after upgrading Orchestrator:

Open ADFS Management and modify your existing relying party trust for Orchestrator as follows:
- In the Configure URL section, select the Enable support for the SAML 2.0 Web SSO Protocol and, in the Relying party SAML 2.0 SSO service URL field, fill in the Orchestrator URL plus the suffix identity/Saml2/Acs. For example, https://OrchestratorURL/identity/Saml2/Acs.
- In the Configure Identifiers section, in the Relying party trust identifier field, fill in the Orchestrator URL plus the suffix identity. For example, https://OrchestratorURL/identity.
Save the changes.
After ADFS is configured, open PowerShell as an administrator and run the following commands:
```
Set-ADFSRelyingPartyTrust -TargetName "https://OrchestratorURL/identity" -SamlResponseSignature MessageAndAssertion
Restart-Service ADFSSRVSet-ADFSRelyingPartyTrust -TargetName "https://OrchestratorURL/identity" -SamlResponseSignature MessageAndAssertion
Restart-Service ADFSSRV
```
Restart the IIS server.

Google

If you've previously configured Google to recognize a new Orchestrator instance, then you need to perform these steps:

Open the Google administration console and modify your existing service's details as follows:
- In the Service Provider window, in the ACS URL field, fill in the Orchestrator URL plus the suffix identity/Saml2/Acs. For example, https://OrchestratorURL/identity/Saml2/Acs.
- In the same window, in the Entity ID field, fill in the Orchestrator URL plus the suffix identity. For example, https://OrchestratorURL/identity.
Save the changes.
Restart the IIS server.

Okta

If you've previously configured Okta to recognize a new Orchestrator instance, then you need to perform these steps:

Log in to Okta and locate your existing application.
Modify the details in the SAML Settings window, in the General section, as follows:
- In the Single sign on URL field, fill in the Orchestrator URL plus the suffix /identity/Saml2/Acs. For example, https://OrchestratorURL/identity/Saml2/Acs.
- If not already, enable the Use this for Recipient URL and Destination URL. This overwrites the Recipient URL and Destination URL fields with the value entered for Single Sign On URL, which in this example is https://OrchestratorURL/identity/Saml2/Acs.
- In the Audience URI field, fill in the Orchestrator URL plus the suffix /identity. For example, https://OrchestratorURL/identity.
Save the changes.
Restart the IIS server.

On this page

Manual configuration after an upgrade
Upgrading from versions prior to 2020.4
Google OpenID Connect authentication
Windows Authentication
Azure AD authentication
SAML2 authentication

Was this page helpful?

PREVIOUSConfiguring host authentication settings

NEXTAllowing or restricting basic authentication

Support and Services

Get The Help You Need

UiPath Academy

Learning RPA - Automation Courses

UiPath Forum

UiPath Community Forum

Trust and Security

Cookies Policy