Process Mining
2021.10
false
Banner background image
Process Mining
Last updated Apr 2, 2024

LDAP for End Users

Introduction

There are two ways of giving end users access to the UiPath Process Mining platform:

  • Manually define users in End-user administration which you can open from the Releases tab of the Superadmin page.

  • Setting up LDAP (AD) synchronization.

    Important: With LDAP synchronization users will be added or updated in the list of users in End-User Administration.

This page describes how to set up LDAP to give end user access to UiPath Process Mining.

Prerequisite

The standard Microsoft service package Active Directory Domain Services must be installed on the UiPath Process Mining server. Follow these steps to verify whether the Active Directory Domain Services service package is correctly installed.

Step

Action

1

Open a Windows Command Prompt.

2
Enter the command dsget and press Enter.
If the dsget help text is displayed at the command prompt, the Active Directory Domain Services service package is working properly.

Step 1: Preparation

Copy the following files to the builds folder of your UiPath Process Mining installation folder:
  • Config.json,
  • Syncad.js,
  • Syncad.bat.
    Note: You can create the files yourself from the code samples in the corresponding sections below.

Step 2: Configure LDAP Settings

Go to the Settings tab of the Superadmin page of your UiPath Process Mining installation and add the required LDAP settings in the ldap setting of the Server Settings.

Step 3: Enable External Authentication

To enable end users to login via Active Directory you must specify the ExternalAuthentication setting in the ApplicationSettings.json file.
Follow these steps to adapt the ApplicationSettings.json file.

Step

Action

1

Go to the Superadmin Workspaces tab.

2

Click on the Workspaces menu icon.

3

Select Application settings....

4

Enter the following line:

"ExternalAuthentication": "adlogin"

6
Click on OK to save the changes and to close the ApplicationSettings.json file.

Global Settings

Note:
It is recommended to use the OverrideApplicationSettings setting in the Server Settings to make the ExternalAuthentication setting applicable to the entire UiPath Process Mining installation.

In this case, you do not need to specify the setting in Application Settings.

Follow these steps to set the OverrideApplicationSettings setting in the Server Settings.

Step

Action

1

Go to the Superadmin Settings tab.

2

Enter the following lines:

"OverrideApplicationSettings": {"ExternalAuthentication": "adlogin"}

3

Click on SAVE.

4

Press F5 to refresh the Superadminpage.

Step 4: Adapt Config.json

Make sure the Config.json file contains an entry for each Active Directory (AD) group – Application combination. It should contain the following properties:

Property

Description

ADgroup
The Full Name of Active Directory Group of users that are allowed to login. This looks like "CN=All Users,OU=Distribution Groups,DC=Company,DC=com".

appcode

The Application code of the app or module to which the AD group needs to get access to.

Important: AD groups are case-sensitive.

For more information on how to find the Application code see FAQ: Application code.

Step 5: Adapt Syncad.js

In the syncad.js file, change the following line to match your settings for the LDAP connection to the Active Directory.

const loginString = ["-s","SERVER ADDRESS","-u","AD USER","-p","AD PASSWORD"];

Step 6: Schedule a Task for the Synchronization

Since end-users may have different access rights and these access rights also might be changed, it is recommended to do the synchronization on a regular basis to bring the local authentication database up-to-date. You can use Windows Task Scheduler to schedule a task that runs the syncad.bat for user synchronization.

Troubleshooting

Making Fields Editable in End-User Administration

By default the fields in End-User Administration are not editable when using LDAP synchronization.

You can use the fieldsAlwaysEditable setting in the ApplicationSettings .json file to specify which fields in End user administration are editable.
Follow these steps to open the ApplicationSettings.json file.
The Edit File dialog is opened and displays the current contents of the ApplicationSettings.json file.
Note: Click on ? in the Edit File dialog to open the Applicationsettings.json help. Type fieldsAlwaysEditable in the Search bar for a detailed description on the fieldsAlwaysEditable setting.
Note:
It is recommended to use the OverrideApplicationSettings setting in the Server Settings to make the fieldsAlwaysEditable setting applicable to the entire UiPath Process Mining installation.

In this case, you do not need to specify the setting in Application Settings.

Code Samples

Config.json

Below is a template Config.json file. 
[
    {
    "ADgroup" : "CN=AdTestGroup,OU=Users,OU=MyBusiness,DC=Magnaview,DC=local",
    "appcode" : "p"
    },
    {
    "ADgroup" : "CN=AdTestGroup,OU=Users,OU=MyBusiness,DC=Magnaview,DC=local",
    "appcode" : "p2"
    }
][
    {
    "ADgroup" : "CN=AdTestGroup,OU=Users,OU=MyBusiness,DC=Magnaview,DC=local",
    "appcode" : "p"
    },
    {
    "ADgroup" : "CN=AdTestGroup,OU=Users,OU=MyBusiness,DC=Magnaview,DC=local",
    "appcode" : "p2"
    }
]

You can copy this code sample to a new empty file and adapt it with our own data.

Syncad.js

Click on the link to open a template Syncad.js file: Syncad.js. You can copy this code to a create the file.
Important: If you leave out arguments in the Syncad.js script, e.g. active : 1, these attributes will not be synchronized.

Syncad.bat

Below is a template Syncad.bat file. You can copy this code to a create the file. 
call processgold.bat -nodejs syncad.js orgCode= config=config.json
pausecall processgold.bat -nodejs syncad.js orgCode= config=config.json
pause

Was this page helpful?

Support and Services
Get The Help You Need
UiPath Academy
Learning RPA - Automation Courses
UiPath Forum
UiPath Community Forum
Uipath Logo White
Trust and Security
Terms of Use
Privacy Policy
Cookies Policy
© 2005-2024 UiPath. All rights reserved.