- Organization Modeling in Orchestrator
- Managing Large Deployments
- Automation Best Practices
- Optimizing Unattended Infrastructure Using Machine Templates
- Organizing Resources With Tags
- Orchestrator Read-only Replica
- Exporting grids in the background
- About the Tenant Context
- Searching for Resources in a Tenant
- Managing Robots
- Connecting Robots to Orchestrator
- Storing Robot Credentials in CyberArk
- Storing Unattended Robot Passwords in Azure Key Vault (read-only)
- Storing Unattended Robot Credentials in HashiCorp Vault (read-only)
- Storing Unattended Robot Credentials in AWS Secrets Manager (read Only)
- Deleting Disconnected and Unresponsive Unattended Sessions
- Robot Authentication
- Robot Authentication With Client Credentials
- Bulk Uploading Queue Items Using a CSV File
- Managing Queues in Orchestrator
- Managing Queues in Studio
- Review Requests
- Test Automation
- Testing Data Retention Policy
- Host Administration Portals
- Configuring System Email Notifications
- Managing System Administrators
- Configuring Host Security
- Host Audit Logs
- Customizing the Login Page
- Maintenance Mode
- Managing tags
- Audit Logs
- Overriding System Email Settings
Utilizing folder features and capabilities, your Orchestrator and Tenant administrators are able to delegate the administration of automation solutions according to department (or any other manner in which you want to organize your deployment).
This configuration only needs to be performed once, after which the automations are managed on a folder basis by your designated folder administrators. Thereafter, the only occasion where an Orchestrator or Tenant administrator must intervene is the creation of new folders if there are new departments added to the organization.
To configure your Orchestrator for such delegation, follow these steps:
- Make sure you use standard roles:
- Create a folder for each set of automations that are to be managed separately.This division can be done in whatever manner is best suited to your needs, whether by departments (i.e. Finance, HR, Sales) or by specific automations (i.e. Earnings Reports, Onboarding, Expense Reports).
- Assign the Tenant Administrator role, at the tenant level, to the user(s) you are delegating the management of all tenant entities (e.g. Machines, Users,
Roles, etc.) to, if not performing this function yourself.Note:
If you are delegating Tenant administration, the remaining steps can be performed by these designated users.
- For the Orchestrator users that need to manage their own folders and subfolders, assign the following roles:
- Allow to be Folder Administrator at the tenant level; and
Folder Administrator at the folder level.
- For the Robot users that need to execute the automations, assign the following roles:
Note: Where possible, we recommend using directory users or groups rather than local users. By using directory users rather than local users, you eliminate the need to manually update Orchestrator as administrators are added or removed from these departments, rather it is done on the enterprise level through your AD groups.
- Allow to be Automation User at the tenant level; and
- Automation User at the folder level.