Subscribe

UiPath Process Mining

The UiPath Process Mining Guide

Set up Single Sign-On through Azure Active Directory

Introduction

This page describes how to set up Single Sign-on through Microsoft Azure Active Directory.

📘

Note

Single Sign-On authentication for UiPath Process Mining is only supported with Microsoft Azure Active Directory and Microsoft Integrated Windows Authenticator.

Step 1: Configure Azure Active Directory to recognize a UiPath Process Mining instance.

📘

Note

For a detailed description on how to set up Azure Active Directory authentication, visit the official Microsoft Documentation.

Follow these steps to register and configure your app in the Microsoft Azure Portal.

Step

Action

1

Go to the Microsoft Azure App Registrations page and click New Registration.

2

• In the Register an application page, fill the Name field with the desired name of your Uipath Process Mining instance.
• In the Supported account types section, select which accounts can use UiPath Process Mining.
• Set the Redirect URI by selecting Web from the drop-down and filling in the URL of the UiPath Process Mining instance plus the suffix /auth/signin-aad/. For example, https://example.com/auth/signin-aad/.
• Click on Register to register your UiPath Process Mining instance in Azure AD. The app is added to the list of applications.

3

Locate the app in the applications list. Click on the app to open the settings page.

4

Click on Authentication in the Manage menu.
• Locate the Implicit grant and hybrid flows section.
• Select the ID tokens (used for implicit and hybrid flows) option.

5

Click on Token configuration in the Manage menu.
• Use + Add groups claim to add a groups claim.

6

Click on API permissions in the Manage menu.
• Click on + Add a permission and add the User.Read permission.

Step 2: Configure UiPath Process Mining for Single Sign-On

Configure Server settings

  1. Go to the Settings tab of the Superadmin page of your UiPath Process Mining installation. See illustration below.
  1. Add the required Azure AD settings in the ExternalAuthenticationProviders setting of the Server Settings. Below is a description of the JSON keys of the azureAD object.

Key

Description

Mandatory

clientIdentifier

The Application (client) ID as displayed in the Essentials section on the app Overview page in Microsoft Azure Portal. See illustration below.

Yes

tenant

The Directory (tenant) ID as displayed in the Essentials section on the app Overview page in Microsoft Azure Portal.

Yes

loggingLevel

Enables you to specify whether you want to add information regarding the login process to the log. Possible values:
• info;
• warn;
• error.
Note: It is recommended to enable this only when you experience problems with logging in.

No

See illustration below for an example of the Server Settings with the ExternalAuthenticationProviders setting with the azureAD object.

, "ExternalAuthenticationProviders": {
            "azureAd": {
                      "clientIdentifier": "d45193e9-357a-4649-8805-30fe7b4d0330"
                    , "tenant": "d8353d2a-b153-4d17-8827-902c51f72357"
             }
}
  1. Click on SAVE to save the new settings.

  2. Press F5 to refresh the Superadmin page. This loads the new settings and enables Azure AD groups to be created based on these settings.

Additional steps

In order to use Integrated Azure Active Directory authentication, you must create one or more AD groups to allow members to login. For Superadmin users, or app developers you can create AD groups on the Superadmin users tab. See Adding Superadmin AD Groups.

For end-user authentication, AD groups can be created on the End user administration page. See Adding End-user AD Groups.

Updated about a month ago


Set up Single Sign-On through Azure Active Directory


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.