订阅

UiPath Process Mining

The UiPath Process Mining Guide

通过 Azure Active Directory 设置单点登录

简介

This page describes how to set up Single Sign-on through Microsoft Azure Active Directory.

If Single Sign-On through Azure Active Directory is enabled and correctly configured, a button is displayed at the bottom of the Login page. See the illustration below.

326326

Step 1: Configure Azure Active Directory to recognize a UiPath Process Mining instance.

📘

备注:

For a detailed description on how to set up Azure Active Directory authentication, visit the official Microsoft Documentation.

Follow these steps to register and configure your app in the Microsoft Azure Portal.

StepAction
1Go to the Microsoft Azure App Registrations page and click New Registration.
2• In the Register an application page, fill the Name field with the desired name of your Uipath Process Mining instance.
• In the Supported account types section, select which accounts can use UiPath Process Mining.
• Set the Redirect URI by selecting Web from the drop-down and filling in the URL of the UiPath Process Mining instance plus the suffix /auth/signin-aad/. For example, https://example.com/auth/signin-aad/.
• Click on Register to register your UiPath Process Mining instance in Azure AD. The app is added to the list of applications.
3Locate the app in the applications list. Click on the app to open the settings page.
4Click on Authentication in the Manage menu.
• Locate the Implicit grant and hybrid flows section.
• Select the ID tokens (used for implicit and hybrid flows) option.
5Click on Token configuration in the Manage menu.
• Use + Add groups claim to add a groups claim.
• Select the appropriate options in the Select group types to include in Access, ID, and SAML tokens options list.
Note: this determines which groups to include in the list of groups sent to Process Mining. You can choose to sent all Security groups, all Directory roles, and/or All groups. You can also choose to send just a specific set of groups.
• In the Customize token properties by type options make sure that the Group ID setting is is selected since Process Mining expects Azure groups to always be a GUID.
6Click on API permissions in the Manage menu.
• Click on + Add a permission and add the User.Read permission.

Step 2: Configure UiPath Process Mining for Single Sign-On

Configure Server settings

  1. Go to the Settings tab of the Superadmin page of your UiPath Process Mining installation. See illustration below.
792792
  1. Add the required Azure AD settings in the ExternalAuthenticationProviders setting of the Server Settings. Below is a description of the JSON keys of the azureAD object.
KeyDescriptionMandatory
clientIdentifierThe Application (client) ID as displayed in the Essentials section on the app Overview page in Microsoft Azure Portal. See illustration below.Yes
tenantThe Directory (tenant) ID as displayed in the Essentials section on the app Overview page in Microsoft Azure Portal.Yes
loggingLevelEnables you to specify whether you want to add information regarding the login process to the log in the [PLATFORMDIR]/logs/iisnode folder. Possible values:
• info;
• warn;
• error.
Note: It is recommended to enable this only when you experience problems with logging in.
No
731731

See illustration below for an example of the Server Settings with the ExternalAuthenticationProviders setting with the azureAD object.

, "ExternalAuthenticationProviders": {
            "azureAd": {
                      "clientIdentifier": "d1a1d0f4-ce09-4232-91b9-7756d613b78a"
                    , "tenant": "f636b271-d616-44d1-bb23-43a73b6eb571"
             }
}
  1. Click on SAVE to save the new settings.

  2. Press F5 to refresh the Superadmin page. This loads the new settings and enables Azure AD groups to be created based on these settings.

自动登录

🚧

备注:

Make sure Single Sign-on works correctly before enabling autologin. Enabling autologin when SSO is not set up correctly can make it impossible for users affected by the autologin setting to log in.

With the AutoLogin Server Setting, the user will be automatically logged in using the current active SSO method.
By default, AutoLogin is set to none. If you want to enable auto-login for end-users and/or Superadmin users, you can specify this in the AutoLogin in the Superadmin Settings tab. See The Settings Tab.

📘

备注:

通过本地主机登录时,系统始终会为超级管理员用户禁用自动登录。

Additional steps

In order to use Integrated Azure Active Directory authentication, you must create one or more AD groups to allow members to login. For Superadmin users, or app developers you can create AD groups on the Superadmin users tab. See Adding Superadmin AD Groups.

For end-user authentication, AD groups can be created on the End user administration page. See Adding End-user AD Groups.

Updated a day ago

通过 Azure Active Directory 设置单点登录


建议的编辑仅限用于 API 参考页面

您只能建议对 Markdown 正文内容进行编辑,而不能建议对 API 规范进行编辑。