orchestrator
2023.10
false
UiPath logo, featuring letters U and I in white

Orchestrator User Guide

Automation CloudAutomation Cloud Public SectorAutomation SuiteStandalone
Last updated Dec 4, 2024

Configuring automation capabilities

Configuring automation capabilities involves allowing specific users or groups within an organization to automate various tasks, processes, or workflows. Whether the jobs should run attended or unattended, you can choose from the following options to suit your automation scenarios:

  • enabling users to run personal automations
  • running automations on unattended infrastructure via unattended robots
  • configuring robot accounts to run unattended automations

Enabling personal automations

Personal automations are automations that can run under a user's identity either locally on the user's machine, or remotely (personal remote automations) on server-side resources to which the user has no direct access to. User accounts and their association with roles allows for a certain level of access to resources in Orchestrator.

This article describes how to enable your users to:

  • Run automation on their local machine via the UiPath® Assistant;
  • Run background personal remote automations in folders where the user has the necessary permissions and in their personal workspaces;
  • Run and debug in UiPath Studio, both desktop and web;
  • Manage automations in their personal workspace.

For developers and business users, check how to manually run a job or configure a trigger to launch jobs as yourself.

Enabling User Groups to Run Personal Automation

This procedure walks admins through the steps for enabling personal automation capabilities for a group of users. Groups are used to simplify administration for accounts with similar needs, that are managed together.

  1. Reference a group in Orchestrator or edit an existing group and assign roles to it.
  2. Click the Personal automation setup tab to configure personal automation settings.
  3. Enable the Enable users in this group to run automations toggle. This enables users in that group to:
    • Run automation on their local machine via the UiPath Assistant;
    • Run background personal remote automations in folders where the user has the necessary permissions;
    • Run and debug in UiPath Studio, both desktop and web.
    Note: This setting only applies to users that already pertain to the group. If a user is added to the group later on, it needs to be manually modified for compliance with the setting.
  4. In the Settings section, enable the Enable Personal Workspaces for members of this group toggle. This enables users in that group to:
    • Manage automations in their personal workspace;
    • Run background personal remote automations in their personal workspaces.
  5. Click Add or Update. The group is referenced/updated.

Enabling Individual Users to Run Personal Automation

This procedure walks admins through the steps for enabling personal automation capabilities for individual user accounts. This is recommended if group members require additional capabilities on top of those granted by group membership and it helps achieve granular control in terms of user configuration.

  1. Reference an existing user in Orchestrator or edit an existing user account and assign roles to it.
  2. Click the Personal automation setup tab to configure personal automation settings.
  3. Enable the Enable user to run automations toggle. This allows the user to:
    • Run automation on their local machine via the UiPath Assistant;
    • Run background personal remote automations in folders where the user has the necessary permissions;
    • Run and debug in UiPath Studio, both desktop and web.
    Attention:

    This setting is applied at the time that the user is provisioned. After that point, the setting does not change automatically if the user is added to a group where a different rule is enforced, and can only be toggled manually.

  4. In the Settings section, enable the Enable a Personal Workspace for this user toggle. This enables the user to:
    • Manage automations in their personal workspace;
    • Run background personal remote automations in their personal workspaces.
  5. In the License Type section, select the license to be used when running automations. The license is taken from the tenant pool.
  6. Click Add or Update. The user account is created/updated.


Enabling unattended automations

UiPath® accounts can be thought of as identities intended to represent human (user accounts) or non-human users (robot accounts) that need to be authorized to access Orchestrator resources. These accounts and their association with roles allows for a certain level of access to resources in Orchestrator.

Unattended automation typically runs on robot accounts, the UiPath equivalent of Windows service accounts. An administrator can enable an unattended robot to impersonate a user account, that is act on behalf of that user identity, to allow the robot to run automations with the same privileges as the user it impersonates.

Running unattended automations on user accounts is typically done by developers debugging their automation projects, and business users running automations under their own identity, but on server-side resources instead of their local machines.

Running background processes on unattended infrastructure is also possible via personal remote automation which is easier to set up since it does not need an unattended robot enabled for the user account. See how to enable your users to run personal automations .

The differences between personal remote automations and unattended automation capabilities on a user account are:

  • You can only run personal remote automations if the underlying process is a background process; it does not work for processes that require user interaction. To execute processes that require user interaction configuring an unattended robot is still required.
  • In personal remote automation, the user's identity is used for executing that single process, so it helps achieve granular control in terms of when and how the user's identity is used. Unattended robots, on the other hand, act as the user they impersonate to execute processes across all folders the user has access to.

This article describes how administrators can enable developers and business users to:

  • Run background processes on unattended infrastructure, by allowing an unattended robot to impersonate a user for execution;
  • Run processes that require user interaction on unattended infrastructure; by allowing an unattended robot to impersonate a user for execution.

Running automations in a folder

Users can debug and run processes from all folders they have access to. They can use unattended infrastructure for execution, provided that an administrator has allocated to that folder the physical resources to run unattended automation, that is they assigned to that folder a machine template object with at least one runtime. Typically, for debugging, a NonProduction runtime is used.

Developers and business users can launch a process either by launching a job manually or via triggers in that folder.



If the user does not see any runtimes available when starting a job from Orchestrator, then the admin should make sure that:

  • they assigned both the user account and a machine template to the folder that contains the process to be executed.
  • they assigned runtimes to the machine template. This is not necessary in personal workspaces.

Debugging in a personal workspace

A personal workspace is the personal folder of a user and it acts as a separate and segregated storage space from the official Orchestrator feed. In a personal workspace, Orchestrator takes over several operations an admin would have to perform in a folder, allowing publishing, running and debugging automation projects without the admin intervention:

  • Orchestrator automatically creates a process from each package published from Studio to the personal workspace feed of that user;
  • Orchestrator automatically manages machine templates on the behalf of the administrator for personal workspace owners and a machine template with a Development runtime is automatically created and assigned to each new personal workspace.

Users can debug or run a process either by launching a job manually or via triggers in that workspace.



Enabling users to debug from Orchestrator

For a user to run processes on unattended infrastructure, an administrator needs to enable for them both personal automation capabilities and impersonation by an unattended robot (which enables the robot on a physical host machine to run under that user's identity).

Required licenses:
  • a user license
  • an unattended runtime
  • robot units for cloud robots

To enable users to debug processes on unattended infrastructure, perform the following when you reference or edit the user account in Orchestrator:

  1. Select the Personal automation setup tab to configure personal automation for that user. If the user is member of a group with personal automation capabilities, then they inherit the capabilities from that group and you can skip this step.
  2. Enable the Enable users in this group to run automations toggle. This enables users in that group to:
    • Run automation on their local machine via the UiPath Assistant;
    • Run background personal remote automations in folders where the user has the necessary permissions;
    • Run and debug in UiPath Studio, both desktop and web.
  3. In the Settings section, enable the Enable Personal Workspaces for members of this group toggle. This enables users in that group to:
    • Manage automations in their personal workspace;
    • Run background personal remote automations in their personal workspaces.
  4. Click the Unattended setup tab to configure unattended debugging settings for the user.
  5. Enable the Allow unattended robots to run automations as this user toggle to allow user account impersonation by unattended robots. This enables unattended robots to:
    • Run unattended automations under that user's identity to run background unattended automation and automations that require user interaction (further configured in step 5).
  6. In the Foreground automations settings section, select the infrastructure to be used for executing unattended foreground processes under that account:
    1. Select the Use the VMs preconfigured Windows user account (for runs on UiPath Automation Cloud robots only) option to delegate Automation Cloud robots for executing processes that require user interaction. The robots use a preconfigured Windows account when executing processes.
    2. Select the Use a specific Windows user account. Add credentials below option to execute processes on a specific Windows machine. You must specify correct credentials for that host machine, such that the robot can log into it successfully. This allows running processes that require user interaction under that specific Windows account. Here's how to configure the credential settings when using specific Windows accounts:

      Field

      Description

      Domain\Username

      The account under which the robot runs.

      • For domain-joined accounts, use the domain\username syntax. For example deskover\localUser1.
      • For local Windows accounts, use the host_machine_name\username syntax, with the host machine's name instead of the domain. For example, LAPTOP1935\localUser2.
      • For local Windows accounts residing on multiple host machines, which you want to use regardless of machine, use the .\username syntax with a dot instead of the host machine name. For example .\localUser3.
      • For Azure AD joined machines, use the azuread\username@domain.com syntax.

      Credential store

      The credential store to be used for your password. Click here for details about credential stores.

      Password

      The password used to log on to the machine on which UiPath Robot is installed.

      Credential type

      Specifies the type of password credential.

  7. Enable the Run only one job at a time option to restrict the user from simultaneously executing multiple jobs. This helps when automating applications that do not allow for a credential to be be used more than once at a time (e.g., SAP).
  8. Click Add or Update. The user account is created/updated.


Enabling users without Orchestrator access to debug on the host machine

When interactive authentication is enforced, in UiPath Assistant, a user can only see the processes to which they have access and only after signing in to their account. A user license is also required. Therefore, unattended processes which do not run under a user account are not available in UiPath Assistant for troubleshooting, making it impossible for a user to debug an unattended process by logging into that host machine.

To overcome this, an administrator can temporarily enable a troubleshooting session on their machine. Doing this lets the user see and run the unattended process locally, without requiring a user license. The troubleshooting session is temporary and the above only applies while troubleshooting is active.

You can also use Studio for its remote debugging capabilities. It allows running and debugging attended and unattended processes on remote machines, including on Linux robots that can run cross-platform projects.

Step 1. Enable a troubleshooting session

  1. Go to Tenant > Monitoring.
  2. Select Unattended sessions from the Section dropdown menu.
  3. Identify the machine where the error occurred, click More Actions at the end of the machine row and select Configure troubleshooting session.

    The option is only available if interactive authentication is enforced.

    You can find out on which machine a process ran by selecting the Processes section.

    The Configure troubleshooting session dialog opens:



  4. Under Troubleshooting session, click the toggle to switch it to Enabled.
  5. In the Session timeout (minutes) box, edit the value to change the number of minutes the troubleshooting session should be active.

    After the specified number of minutes passes, the troubleshooting session is automatically disabled and no further connections are accepted. However, any existing connections remain active until disconnected.

  6. Click Save.

Step 2. Connect to UiPath Assistant

Follow these instructions to connect to the machine and run the unattended processes from UiPath Assistant with your account.

  1. In Orchestrator, go to Tenant > Machines and click Copy Client ID / Machine keydocs image at the end of the machine row to copy the machine key to your clipboard.
  2. In UiPath Assistant, click the user icon in the title bar and select Preferences.
  3. Select the Orchestrator Settings tab and click Disconnect or Sign out if needed so that you can edit the connection settings.
  4. Configure the connection as follows:
    1. Connection Type - Select Machine Key.
    2. Orchestrator URL - Add the URL to the Orchestrator instance, which should include the tenant and organization.
    3. Machine Key - Paste the copied machine key from your clipboard.
  5. Click Connect and then close the Preferences window.
  6. If you do not see the unattended processes in Assistant, then go to Preferences > Sign In and log in with your credentials.

Now you can run unattended processes from UiPath Assistant to troubleshoot them.

Step 3. Extend or disable the troubleshooting session

When you have finished debugging, you can disable the troubleshooting session for the machine so that it won't allow attended connections anymore. Or, if you need to, you can extend the amount of time that the session is active.

  1. Go to Tenant > Monitoring.
  2. Select Unattended sessions from the Section dropdown menu.
  3. Click More Actions at the end of the machine row and select Configure troubleshooting session.
  4. In the Configure troubleshooting session dialog:

    • Close the session: switch the toggle under Troubleshooting session to Disabled.

      When disabled, no further connections are accepted. However, any existing connections remain active until disconnected.

    • Extend the session: Edit the value in the Session timeout (minutes) box with a greater value to extend the session to the specified duration.
  5. Click Save.
  6. Disconnect UiPath Assistant to close the connection.

Configuring robot accounts to run unattended automations

Unattended automation typically runs on robot accounts, the UiPath® equivalent of Windows service accounts. Robot accounts can be thought of as non-human identities that need to be authorized to access Orchestrator resources. Their association with roles allows for a certain level of access to resources in Orchestrator.

Robot accounts have their unattended capabilities enabled by default, administrators only have to configure several infrastructure related settings.

Enabling unattended automation on a robot account

To configure unattended execution settings under a certain robot account and on specific infrastructure, an administrator must do the following when referencing or editing the robot account in Orchestrator:

  1. Click the Unattended setup tab to configure execution settings for the account.
  2. In the Foreground automations settings section, select the infrastructure to be used for executing unattended foreground processes under that account:
    1. Select the Use the VMs preconfigured Windows user account (for runs on UiPath Automation Cloud robots only) option to delegate Automation Cloud robots for executing processes that require user interaction. The robots use a preconfigured Windows account when executing processes.
    2. Select the Use a specific Windows user account. Add credentials below option to execute processes on a specific Windows machine. You must specify correct credentials for that host machine, such that the robot can log into it successfully, and can run processes that require user interaction under that specific Windows account. Read through this article to find out how to retrieve your Windows credentials, or search the web for this information. Here's how to configure the credential settings when using specific Windows accounts:

      Field

      Description

      Domain\Username

      The account under which the robot runs.

      • For domain-joined accounts, use the domain\username syntax. For example deskover\localUser1.
      • For local Windows accounts, use the host_machine_name\username syntax, with the host machine's name instead of the domain. For example, LAPTOP1935\localUser2.
      • For local Windows accounts residing on multiple host machines, which you want to use regardless of machine, use the .\username syntax with a dot instead of the host machine name. For example .\localUser3.
      • For Azure AD joined machines, use the azuread\username@domain.com syntax.

      Credential store

      The credential store to be used for your password. Click here for details about credential stores.

      Password

      The password used to log on to the machine on which UiPath Robot is installed.

      Credential type

      Specifies the type of password credential.

      Note: Unattended robots can run background jobs on any infrastructure. It is, however, recommended to specialize your host machines to execute particular types of processes in order to maximize efficiency and cut costs. Learn more about optimizing unattended infrastructure using machine templates.
  3. Enable the Run only one job at a time option to restrict the account from simultaneously executing multiple jobs. This helps when automating applications that do not allow for a credential to be be used more than once at a time (e.g., SAP).
  4. On the Robot settings tab, configure execution settings for the unattended robot. Learn about robot settings.
  5. Click Add or Update. The robot account is created/updated.

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.