orchestrator
2023.10
false
UiPath logo, featuring letters U and I in white

Orchestrator User Guide

Automation CloudAutomation Cloud Public SectorAutomation SuiteStandalone
Last updated Dec 4, 2024

Configuring Account-machine Mappings

This article walks administrators through the procedure for configuring specific account-machine pairs as the only valid targets for execution, by linking the accounts that usually log in on specific host machines to the associated machine templates.

The account-machine mappings functionality gives administrators granular control over jobs' execution targets, by restricting users to executing automations on machines on which they log in. Specifically, you can tie unattended usage under particular accounts to specific machine templates such that when starting a job or configuring a trigger, only those account-machine pairs can be used for execution.

According to their scope, there are two types of account-machine mappings:

  • tenant-scoped mappings - impact all folders in a tenant;
  • folder-scoped account-machine mappings - tied to a specific folder.

Configuring Tenant-scoped Account-machine Mappings

Note: You need View on Machines, Edit on Machines OR View on Machines, Create on Machines to change tenant-wide account-machine mappings.
  1. Click Add a new machine or Edit Machine to create a new machine template or edit an existing one.
  2. Configure general details.
  3. Click the Account -Machine Mappings tab.
  4. Select the mapping strategy:
    • Any account can use this machine - No specific mappings in place.
    • Specific accounts only can be assigned to this machine - Configure specific account-machine pairs on which execution is allowed.
  5. For a specific mapping strategy, select the accounts for whom execution is allowed on the machine in question.


Accounts are depicted on the Account-Machine Mappings page using the credentials (Domain\Username) of their unattended robot if one has been created.



All changes made to tenant-scoped mappings are reflected at a folder level as follows:

  • Inherit from tenant - all account configuration changes made for tenant mappings are reflected at a folder level, adding or removing accounts to tenant mappings adds/removes them from folder mappings as well.
  • Specific account-machine mappings for this folder - adding an account to tenant mappings does not make them available for folder mappings; the account is excluded from folder mappings. Removing an account from tenant mappings removes them at the folder level as well.

Configuring Folder-scoped Account-machine Mappings at the Tenant Level

Note: You need Edit permissions on Folders OR Edit on Subfolders to change account-machine mappings at the folder level.
Important: You cannot configure account-machine mappings for propagated machines.

Folder-scoped mappings are subsets of tenant-scoped mappings and they control the account-machine pairs allowed to execute automation in a folder. Not providing folder-scoped mappings leaves template-scoped mappings in place as the defaults.

You can configure folder-scoped mappings at the tenant level (Tenant > Folders), or you can configure them directly at the folder level (Folder > Machines).

  1. Navigate to Tenant > Folders and in the Manage Folders pane, click the folder you want to change mappings for.
  2. On the Machines tab, click More Actions > Update account mappings for folder. The Edit account mappings window is displayed.
  3. Select the mapping strategy:
    • Inherit from tenant - No specific mappings in place for this folder on top of the ones defined for the tenant.
    • Specific account-machine mappings for this folder - Configure specific account-machine pairs on which execution is allowed in this folder.
  4. For a specific mapping strategy, select the accounts for whom execution is allowed on the machine in question, in this particular folder.


Here's a short video on how to configure folder-scoped account-machine mappings at the tenant level.

Configuring Folder-scoped Account-machine Mappings at the Folder Level

  1. Navigate to the folder you want to change mappings for and then go on the Settings tab.
  2. Click the Machines tab, then for the machine-object you want to pair with certain accounts, click More Actions > Update account mappings for folder. The Edit account mappings window is displayed.
  3. Select the mapping strategy:
    • Inherit from tenant - No specific mappings in place for this folder on top of the ones defined for the tenant.
    • Specific account-machine mappings for this folder - Configure specific account-machine pairs on which execution is allowed in this folder.
  4. For a specific mapping strategy, select the accounts for whom execution is allowed on the machine in question, in this particular folder.

Here's a short video on how to configure folder-scoped account-machine mappings at the folder level.

Important:
  • Accounts added to a folder after account-machine mappings have been configured are not added to the existing mappings; hence, they will not be able to use that machine. Make sure to manually map the accounts to the machines in order to use them.
  • Accounts part of mappings that are employed in triggers cannot be deleted or unassigned from the folder the trigger resides in. Make sure the account is not set as an execution target in a trigger so you can delete them.

Enabling/disabling Account-machine Mappings

  1. At the tenant level, navigate to Settings > General.
  2. In the Folders section, enable/disable the corresponding toggle.


    Note: Upon disabling the Account-Machine Mappings feature, existing account-machine mappings will be kept when running jobs, even if the mappings are not visible in the UI.

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.