- Getting started
- Best practices
- Tenant
- About the Tenant Context
- Searching for Resources in a Tenant
- Managing Robots
- Connecting Robots to Orchestrator
- Storing Robot Credentials in CyberArk
- Storing Unattended Robot Passwords in Azure Key Vault (read-only)
- Storing Unattended Robot Credentials in HashiCorp Vault (read-only)
- Deleting Disconnected and Unresponsive Unattended Sessions
- Robot Authentication
- Robot Authentication With Client Credentials
- SmartCard Authentication
- Audit
- Resource Catalog Service
- Folders Context
- Automations
- Processes
- Jobs
- Triggers
- Logs
- Monitoring
- Queues
- Assets
- Storage Buckets
- Test Suite - Orchestrator
- Other Configurations
- Integrations
- Classic Robots
- Host administration
- Organization administration
- Troubleshooting
Managing Large Deployments
Orchestrator's features and capabilities are focused on enabling your organization to deploy and manage its automation solutions on any scale easily. Development of these capabilities was based upon incorporating the following aspects:
-
Simplified Deployment and Management
- Enhanced integration of Active Directory groups to manage automation and robot access for users.
- Use of Active Directory groups for the delegation and control of management access.
-
Flexible User Permissions
- The ability to isolate management of automation solutions across teams and departments.
- Delegation of administration over automation solutions to a team or department of Administrators.
- Enable sharing of automation solutions between teams, departments, or company-wide.
These aspects are manifested in the Active Directory integration with Orchestrator and the folders organization modeling paradigm.
An enhanced integration model with your organization's Active Directory provides for simplified user and group management in Orchestrator:
- All directory users are potential Orchestrator users.
- Only permissions for Directory User or Directory Group access to Orchestrator resources (i.e. robots, assets, etc.) need to be managed in Orchestrator.
-
AD group membership and roles are cached in Orchestrator, synced at login, and refreshed every hour. You no longer need to manually update an Orchestrator user whenever their AD membership changes.
Important: If you grant any user permissions explicitly within Orchestrator, that user and the assigned permissions will persist in Orchestrator regardless of changes to their AD group membership.
Folders can be used for the isolated and independent management of both users and resources within Orchestrator:
- Orchestrator automation resources are grouped within the folder context as opposed to being tenant-wide.
- Access to automation solutions is managed by granting users or groups access to a folder and the requisite permissions to execute the processes contained there. Those processes are then visible to the user in the robot tray. See how to Manage Folders and Add Users.
- Authorized users are automatically granted a license, if available, upon connecting a robot to Orchestrator.