Subscribe

UiPath Orchestrator

The UiPath Orchestrator Guide

February 2022

28 February 2022

New credential store now available

You can now choose from a wider selection of plugins to store your Orchestrator credentials. BeyondTrust, a new credential store, is now integrated with Orchestrator. For configuration instructions, see Beyond Trust integration.

 

25 February 2022


OAuth 2.0-based framework for robot authentication

In this release, we ship a new robot authentication mechanism that uses the OAuth 2.0 framework as the basis for its authentication protocol, meaning unattended robots can connect to Orchestrator using a client ID - client secret pair generated via machine template objects. The client ID - client secret pair generates a token that authorizes the connection and provides the robot with access to Orchestrator resources.

Client credentials allow the UiPath Robot to access resources by using its own credentials, instead of impersonating a user. When the robot requests resources from Orchestrator, Orchestrator enforces that the robot itself has authorization to perform an action since there is no user involved in the authentication.

🚧

Important

Client credentials require the UiPath Robot 2022.2 or higher.

As an exception to our typical release cadence, client credentials do not become available to Enterprise users one week after the Community release date. Instead, the feature will be shipped to Enterprise users alongside the 2022.4 enterprise release of the UiPath Robot.

More on robot authentication.
Instructions for administrators on how to manage client credentials (create new credentials, revoke access).
Intstructions for RPA developers and attended users on how to connect their robots to Orchestrator.

 

24 February 2022


Roles improvements

We provide several default roles in Orchestrator to make access assignment for the main use cases easy and to serve as a functioning base for any new customer that is just starting with the environment. After getting familiar with the ecosystem and understanding your particular use cases for automation, you could edit these roles, or create new ones to suit your needs.

But the basics never go out of style. So we want to make sure that these roles remain available to you as they were intended - a standard.
For this reason, we have made several improvements to roles and permissions particularly in relation to the default roles for modern folders.

Default roles are available... by default

You no longer need to add the default roles to your tenant from the Orchestrator settings. Now they are available by default to any new tenants, or tenants who did not manually add them up to now.
The options for adding these roles from the tenant-level Settings page ( General tab) have been removed.

Default roles are now read-only

You can no longer edit the default roles. You can view the permissions that they include, but you can no longer change the permissions.
If you need a custom version, you must create a new role with the required permissions.

Customized versions of default roles are renamed with "Custom"

If you have customized any of the default roles by changing the permissions, do not worry, they're safe. We have renamed all your customized roles as Role name - Custom so that you know which are the default ones and which are your customized ones.
For example, if you customized the permissions of the Automation User default role, now you have the following roles:

RoleOriginCan edit?Can assign?Permissions
Automation User SystemNYStandard
Automation User - Custom User-definedYYCustom

📘

Role assignments are not affected

Although your custom roles now have a new name, any accounts or groups to which the affected roles were assigned now have the renamed version assigned to them. So there is no action that you need to take following this change. Everything works as usual.

Duplicate and customize roles

We have added a new option for roles that allows you to copy and customize one of your existing roles. This option is available for both default roles and customized roles, but not for mixed roles.
With default roles becoming read-only, this is the new way in which you can customize them if you like a default role, but want to make a few tweaks.

To use this option, go to Tenant > Manage Access > Roles, click (more options) at the right of a row, and select Duplicate & customize.

Role export and import

You can now export any of your existing roles to CSV format and, in that format, import them back to Orchestrator. This lets you reuse your carefully-crafted set of roles across organizations and across tenants.

Exporting a role | Importing a role

 

22 February 2022


New credential store

You can now choose from a wider selection of plugins to store your Orchestrator credentials. HashiCorp Vault, a new credential store, is now integrated with Orchestrator. For configuration instructions, see HashiCorp Vault.

Delete queue items content via API

  • Prevent queue items data tracing by deleting the value of the SpecificContent key via API. Use the PUT /odata/QueueItem({Id}) endpoint with the type of payload described in our documentation.

 

7 February 2022


New(er) queue triggers mechanism for launching jobs via queue triggers

After some recent back and forth in the area of queue triggers, we are readdressing the way queue triggers launch jobs with - what we hope to be the final and best - implementation of them all.
Problem statement: Whenever your queues contained fewer new items than items in progress, no jobs were launched despite robots being idle. This happened because the number of running jobs (actively processing queue items) would exceed the number of target jobs (jobs needed to process the new items).
Initial fix: Orchestrator accounted for both new and in-progress queue items when computing the number of target jobs, instead of only new items. Sounded good. Didn't work.
Brand new, shiny fix: Orchestrator accounts for new items when computing the number of target jobs, but looks at the number of pending jobs when deciding whether to launch a new job or not.
Say you have 2 new items in a queue, and 2 pending jobs exist => then no new jobs are launched.
Say you have 2 new items, and 1 pending job exists => then 1 new job is launched.

This ensures Orchestrator launches enough jobs to process all new items without going overboard.

New permissions set

This release ships with a new set of folder permissions for Connections. The permissions have no actual use for the time being, they are part of an upcoming feature.

Improvements

  • To help you identify misconfigurations at the job or trigger level, from now on, when starting a job or configuring a trigger, you can clearly see whether certain runtimes have been configured in the containing folder or not.

At the job level, only runtimes that have been assigned to machines in the folder are available for selection. Trying to select unassigned runtimes does not work and a tooltip explaining the behavior is displayed.

1322

At the trigger level, runtimes that haven't been assigned to machines in the folder can be selected, but you can easily spot them by looking for a warning icon.

1373

 

  • Previously, you could not use testing runtimes for remote debugging from Studio or when using dynamic allocation in Orchestrator. Both operations only allowed usage of non-production or unattended runtimes. With this release, you can do both with testing runtimes.
1343

 

  • For Automation Cloud™ robots, starting a job with the Keep Account/Machine allocation on job resumption now means the job resumes on any machine from the same pool - so the same type of machine, not necessarily the exact same machine.
890

 

  • You can now filter the transactions of a queue by the Robot that processed the transactions. The dropdown menu of the Robot filter displays the robots present in the corresponding modern folder. To see the available robots, you need View permissions on Users.
1694

 

Bug Fixes

  • Occasionally, test set and test schedule executions failed with the following error: System.Data.Entity.Core.EntityException: The underlying provider failed on Open. ---> System.PlatformNotSupportedException: This platform does not support distributed transactions. Test sets and test schedules are now executed with no errors.

  • Previously, deleting an Orchestrator folder that contained an Azure storage bucket resulted in all data being hard deleted from Azure. As of now, upon deleting a folder, Orchestrator performs a soft delete that makes data unavailable to Orchestrator users, but leaves it available in Azure.

Updated 8 months ago


February 2022


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.