- Getting started
- Best practices
- Tenant
- Folders Context
- Automations
- Processes
- Jobs
- Triggers
- Logs
- Monitoring
- Queues
- Assets
- Storage Buckets
- Test Suite - Orchestrator
- Other Configurations
- Integrations
- Classic Robots
- Host administration
- About the host level
- Managing system administrators
- Managing tenants
- Configuring system email notifications
- Audit logs for the host portal
- Maintenance Mode
- Organization administration
- Troubleshooting
Connecting Robots to Orchestrator
This article outlines how to choose the Robot to Orchestrator connection method depending on the robot authentication mechanism set in Orchestrator. UiPath provides multiple robot authentication methods, ranging from expiring token authentication to authentication with tokens that never expire.
The three available authentication mechanisms are the resulting state of two Orchestrator tenant settings located on the Settings page > Security tab.
Allow only connections with authentication tokens that never expire by clearing both authentication options on the Settings page > Security tab.
-
Allow both user authentication and robot key authentication - not selected
-
Enforce user authentication, disable robot key authentication - not selected
Type |
Implications |
---|---|
Attended |
Restrict attended robot authentication in the Assistant to Machine Key. There is no Sign in option displayed in the Assistant, hence users cannot connect Studio and the Assistant to Orchestrator using their credentials. |
Unattended |
Unattended robots require Machine Key connections at all times. |
Allow both standard connections with tokens that don't expire and connections with tokens that expire by enabling Allow both user authentication and robot key authentication and clearing Enforce user authentication, disable robot key authentication.
Allow both user authentication and robot key authentication - selected
Enforce user authentication, disable robot key authentication - not selected
Implications | |
---|---|
Attended |
You can use interactive sign-in to authenticate attended robots. The Sign in option is displayed in the Assistant allowing users to connect Studio and the Assistant to Orchestrator using their credentials, but this is not required. |
Unattended |
Unattended robots require Machine Key connections at all times. |
Allow only connections with tokens that expire by enabling both authentication options on the Settings page > Security tab. User login is required to make Orchestrator HTTP requests, run attended robots, or view processes in the Assistant.
Allow both user authentication and robot key authentication - selected
Enforce user authentication, disable robot key authentication - selected
Implications | |
---|---|
Attended |
Restrict attended robot authentication in the Assistant to interactive user sign-in. Attended robot authentication requires sign-in otherwise the user won't see their associated processes in the Assistant and the robot appears as "Connected, Unlicensed". |
Unattended |
Unattended robots require Machine Key connections at all times. |
Unattended in Attended Mode |
For unattended, the host machine is connected and licensed in unattended mode so the designated way to execute processes is Orchestrator. If you want to use the machine in attended mode (opening the Assistant) when user authentication is enforced, you need to sign in, otherwise you cannot see the processes in the Assistant, and the robot appears as "Connected, Unlicensed". |
This authentication method requires recompiling the workflows that use Orchestrator activities or make direct HTTP calls to the Orchestrator API utilizing v2020.10 activity packages or higher.
There is a chance job execution will fail if at least one of below dependencies are used in an automation project:
- UiPath.System.Activities < 20.10.0
- UiPath.Persistence.Activities < 1.1.7
- UiPath.DataService.Activities < 20.10.0
- UiPath.Testing.Activities < 1.2.0
Use the Project Dependencies Mass Update Tool in Studio to update process dependencies to versions greater than or equal to those provided above. Test before deploying in production.
Use interactive sign-in to authenticate attended robots. The Sign in option is displayed in the Assistant allowing users to connect Studio and the Assistant to Orchestrator using their credentials. Compatible with:
- Hybrid Authentication
- Secure Authentication
Use the machine key generated in Orchestrator to authenticate attended robots. Compatible with:
- Standard Authentication
-
Hybrid Authentication
Note:- The person handling the Orchestrator configuration in the company should provide the attended users and developers with the correct Orchestrator URL and machine key. Machine objects do not need to be assigned to Orchestrator folders, only accounts.
- Multiple accounts working on the same machine each require a robot created in Orchestrator.
Use the machine key generated in Orchestrator to authenticate unattended robots. Machine key connections are required at all times for unattended execution. Compatible with:
- Standard Authentication
- Hybrid Authentication
-
Secure Authentication
The host machine is connected and licensed in unattended mode so you can execute unattended processes using Orchestrator.
If you want to use the machine in attended mode (opening the Assistant) when user authentication is enforced, you need to sign in, otherwise you cannot see the processes in the Assistant, and the robot appears as "Connected, Unlicensed".
- What Are the Types of Robot Authentication
- Standard Authentication
- Hybrid Authentication
- Secure Authentication
- Connecting Attended Robots to Orchestrator
- Interactive Sign-In
- Using the Machine Key in the Assistant
- Using the Machine Key in the Command Line
- Connecting Unattended Robots to Orchestrator
- Using the Machine Key in the Assistant
- Using the Machine Key in the Command Line