UiPath Process Mining

The UiPath Process Mining Guide

Introduction

This guide describes the security possibilities of the UiPath Process Mining platform. It also contains recommendations and best practices inside and outside the platform regarding security.

Server Security

It is recommended to always use the latest version of Windows Server and keeping it up-to-date.

Encryption

While UiPath Process Mining stores all passwords in an encrypted form, the software does not encrypt data on disk. It is recommended for the server administrator to encrypt the data disk, using, for example, BitLocker.

Multiple installations

The In-Memory database stores all data. In this way, it can be accessed very quickly without using the input databases. The Analytics engine handles calculations. The Visualization and Process mining engines create visuals that can be used on dashboards.

End-point protection

Windows Defender is deemed as secure for end-point protection. If other tools are used, ensure that the UiPath Process Mining platform is whitelisted.

Network connections

It is recommended to set up an HTTPS binding for the platform in IIS. For setting up HTTP a certificate is needed. The certificate should at least be TLSv1.2.
For cloud servers, secure VPN tunnels are used to add the servers to the trusted network of the users.

Data in transit

To ensure data security while in transit, it is highly encouraged to set up this HTTPS binding. Furthermore, for accepted cipher suites on the server, it is recommended to use the ‘Modern compatibility’ list provided by Mozilla: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility

To further increase security in transit, it is recommended to set up VPN tunnels for all connections to and from the server. A modern protocol should be used, older protocols such as PPTP should not be used.

Platform security

Out of the box, all security-related settings of the platform are in their most restricted state:

  • At first startup, only a single superadmin user has access. Access is restricted to the localhost.
  • HTTP can only be used from localhost, other hosts can only connect through HTTPS. While not recommended, HTTP can be enabled for all hosts in the server settings.

Two-Factor Authentication

It is possible to enable Two-Factor Authentication (2FA) to make your UiPath Process Mining application more secure. Two-Factor Authentication is an additional verification check to secure UiPath Process Mining accounts for unauthorized access. Two-Factor Authentication is available for developer accounts. It is recommended to enable 2FA in the Server Settings.

Two-Factor Authentication is also available for end-user accounts. By default, 2FA is not enabled for end-user accounts. Contact your UiPath Process Mining account manager if you want to set up Two-Factor Authentication for end-user accounts.

Access restrictions

End-users only have access to the projects and data they have access rights for.
Application developers have access to everything in the complete installation. Therefore, it is recommended to set IP-address restrictions on the developer accounts. This can be done in the Superadmin users tab of the Superadmin interface.

Password security

Passwords are stored using a secure password hash. A password strength calculator is used to determine if passwords are strong. Brute forcing the login forms is prevented by delaying subsequent requests.

Encryption Algorithm

The password field is encrypted using a hash function. PBKDF2 with HMAC-SHA512 as pseudorandom function and 10000 iterations, together with a salt is used.

A salt is used to extend the input of the hash function. The salt consists of a fixed part (application-specific) and a 128bit randomly generated salt which is stored in the database. The random seed is generated on initializing the application in a session.

Since a cryptographic hash function is used, an encryption key is not required. No initialization vector is used in the hash function.

Data security

UiPath Process Mining has built-in support for anonymizing data.
For each attribute, the required anonymized can be set:

  • Clear attribute
  • Pseudonymize attribute
  • Shuffle values.

Updated 4 days ago


Security


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.