通知を受け取る

UiPath Process Mining

UiPath Process Mining ガイド

統合 Windows 認証を介したシングル サインオンを設定する

はじめに

This page describes how to set up Single Sign-on through Microsoft Integrated Windows Authentication.

📘

Single Sign-on authentication for UiPath Process Mining is only supported with Microsoft Azure Active Directory and Microsoft Integrated Windows Authentication.

If Microsoft Integrated Windows Authentication is enabled and correctly configured, a button is displayed at the bottom of the Login page. See the illustration below.

Step 1: Configure Integrated Windows Authentication to recognize a UiPath Process Mining instance.

In order for the actual login to succeed the IIS server running the UiPath Process Mining server must be configured correctly, and both the user logging in and IIS server must be on the same domain.

📘

For a detailed description on how to set up Integrated Windows Authenication, visit the official Microsoft Documentation.

Step 2: Configure UiPath Process Mining for Single Sign-On

Configure Server settings

  1. Go to the Settings tab of the Superadmin page of your UiPath Process Mining installation. See illustration below.
  1. Add the required Integrated Windows Authentication settings in the ExternalAuthenticationProviders setting of the Server Settings. Below is a description of the JSON keys of the integratedWindowsAuthentication object.

キー

説明

url

The LDAP url domain controller in the domain you want to use. This url needs to be accessible from the UiPath Process Mining server. Use the format: ldap://dc.company.domain.com.

base

The base distinguished name to authenticate users under. Use the format: DC=Company,DC=com. The exact name depends on the setup of the AD.

bindDN

The username of the AD user that is used to retrieve user groups. This user should have the rights to query user groups for users that are allowed to login.
Note: this user might need to be prefixed with the domain name, for instance: DOMAINNAME\\username. The double backslashes are needed to act as an escape character. Alternatively, you can use your DC as a postfix, for instance: [email protected].

bindCredentials

The password of the user specified in bindDN.
See also Use a Credential Store.

search_query

Enables you to specify whether users can login with a different attribute than userPrincipalName.

tlsOptions

Enables you to specify additional options for use with LDAPS.
ca: used to specify the certificate which should be used.
rejectUnauthorized : set this to true.

See also Set up Secure LDAP.

See illustration below for an example of the Server Settings with the ExternalAuthenticationProviders setting with the integratedWindowsAuthentication object.

, "ExternalAuthenticationProviders": {
                    "integratedWindowsAuthentication": {
                        "url":             "ldap://server1:389",
                        "base":            "DC=Company,DC=com",
                        "bindDN":          "username",
                        "bindCredentials": "password"
                        }
    }
  1. Click on SAVE to save the Server settings.

  2. Press F5 to refresh the Superadmin page. This loads the new settings and enables user groups to be created based on these settings.

自動ログイン

🚧

重要

Make sure Single Sign-on works correctly before enabling autologin. Enabling autologin when SSO is not set up correctly can make it impossible for users affected by the autologin setting to log in.

With the AutoLogin Server Setting, the user will be automatically logged in using the current active SSO method.
By default, AutoLogin is set to none. If you want to enable auto-login for end-users and/or Superadmin users, you can specify this in the AutoLogin in the Superadmin Settings tab. See The Settings Tab.

📘

localhost 経由でログインする場合、Superadmin ユーザーの自動ログインは常に無効化されます。

Additional steps

In order to use Integrated Windows Authentication authentication, you must create one or more AD group to allow members to login. For Superadmin users, or app developers you can create AD groups on the Superadmin users tab. See Adding Superadmin AD Groups.

For end-user authentication, AD groups can be created on the End user administration page. See Adding End-user AD Groups.

3 か月前に更新

統合 Windows 認証を介したシングル サインオンを設定する


改善の提案は、API リファレンスのページでは制限されています

改善を提案できるのは Markdown の本文コンテンツのみであり、API 仕様に行うことはできません。