- Getting started
- Understanding UiPath Robot
- Setting Up Interactive Sign-In
- Service Mode vs. User Mode
- Robot licensing
- UiPath Assistant
- Installation requirements
- Installing robots for unattended automations
- Configuring robots for unattended automations
- Deploying unattended automations
- Connecting robots for unattended automations to Orchestrator
- Setting up Windows Server for High-Density Robots
- Redirecting robots through a proxy server
- Implementing authentication
- Adjusting registry settings for execution in minimized RDP windows
- Using network locations
- Setting up Linux robots
- Configuring package signature verification
- Setting up package folders and network paths
- Configuring activity feeds
- Installing robots for attended automations
- Configuring robots for attended automations
- Integrations
- Troubleshooting
Robot admin guide
Setting Up Interactive Sign-In
The Interactive Sign In feature provides an option to connect Orchestrator, Studio, and UiPath® Assistant using the user's account, simplifying the process and offering better sync across the platform. This turns the user's account into the main link between all of the UiPath® products, removing the need to use a machine or license key while creating a frictionless experience for deploying and connecting Robots and Studio to Orchestrator.
- Instant access to queues, assets, and processes in Orchestrator folders without any complicated steps, provided they have been granted access to them. Simply authenticate in Studio or Assistant with your user credentials and everything is there. Syncing all Desktop products to the same Orchestrator tenant is being taken care of as well. All products are connected using a single user account. This includes licensing which is being inherited via Orchestrator removing the need for using a License Key. Interactive Sign In is a per-tenant feature, meaning that it automatically applies the settings for the new tenant.
- You no longer need to create individual machines or machine templates for each robot. These are created automatically and the robots are seamlessly connected to Orchestrator in the authentication process of the user, fully removing the need for users to configure the robots with Machine Keys.
- Processes tied to the user account in Orchestrator (individually or via folders) are found immediately in the UiPath® Assistant and a personal workspace is created for that user in Orchestrator. Besides being able to view, configure, and run, you can also remove processes tied to a personal workspace directly from the UiPath® Assistant.
need to be installed in User Mode to be able to sign in without machine key and they work in the same Windows Session as the user is logged in on the machine. The UiPath® Assistant connects to Orchestrator to get access to resources in orchestrator (queues, assets) as well as to determine the processes a user has permissions to execute, when the authentication is completed, the user can start and manage processes from the UiPath® Assistant.
When the UiPath® Assistant connects to Orchestrator via Interactive Sign In, the necessary resources for running attended processes are synced from Orchestrator and a machine key connection is not required.
- If you install the attended robot in User Mode and your environment is already configured to use SSO with Azure Active Directory, during setup, you can enable the Assistant to automatically sign in first time it starts. More information can be found in the .
- If you install the attended robot in Service Mode, you must first connect to Orchestrator from Studio or Assistant with a machine key, and only afterwards you can use Interactive Sign In.
services.msc
, not tied to a specific user.
If you want to make use of Interactive Sign In to troubleshoot Unattended Robots, you first need to log on to that machine in a user session, then authenticate with your account in the UiPath® Assistant to gain access to processes.
During the installation process, it's important to choose the best type of in order to take full advantage of the UiPath® products.
Depending on the use case, Robots can be deployed in User Mode or Service Mode and the connection to Orchestrator can be done through machine key or Interactive Sign In.
For more information, see .
The following tables describe the recommended deployments for modern folders:
Using Modern Folders
Robot type |
Installation Type |
Orchestrator Connection |
---|---|---|
Attended |
User Mode |
Interactive Sign In |
Unattended |
Service Mode |
Machine Key |
Development (Studio) |
User Mode |
Interactive Sign In |
The Interactive Sign In feature only works using modern folders. If your environment is based on classic folders, you need to migrate your existing configuration to use modern folders.
General guidelines about the migration are described in this document. The migration can be completed using the Orchestrator Manager tool which can be used to handle scenarios in which you need to add, remove, change, or migrate Orchestrator entities.
.zip
archive containing
all the necessary files, including detailed documentation on how it works and how to use
it for specific scenarios.
For this specific scenario, follow the steps described in the Orchestrator Manager documentation in the Migration of Classic Folders to Modern Folders section.
We strongly recommend going through all the information available in that document before starting the migration.
Configuring Users and Licensing in Orchestrator
After the migration is completed, configure the groups and roles assigned to users in Orchestrator to determine the permissions and licenses they receive.
Automation Cloud Orchestrator
Automation Cloud reduces the need to specify explicit access control levels by providing default access rights for typical scenarios.
Default User Groups
We provide four different default user groups with specific access levels for their members. Although the groups come with predefined sets of permissions, these can be customized at any time according to your needs on a per-service basis.
Custom User Groups
If you ever find yourself needing more than the four access levels provided by UiPath, you can at any point create and tailor your very own user groups.
Overview
The entire process involves creating the group in Automation Cloud and customizing the full set of permissions for it using roles in Orchestrator. The access level of a user is relative to the group membership and also relative to the permission configuration made for that group in Orchestrator services.
Remember that default groups are added by default to new Orchestrator services to streamline the first-run experience. Custom groups, on the other hand, need to be added manually in Orchestrator to ensure the correct mapping between the group membership of a user and the corresponding role in Orchestrator. To clarify this bit, it might help to know the following:
- When a user tries to access certain services, the system makes an access-permit decision depending on the user's membership.
- When a user tries to access or use certain resources in a service, the system makes an access-permit decision based on the roles of the user, which can be either inherited from the group or granted explicitly.
See Managing Users for a step by step guide on managing users, assigning roles, working with groups and providing access to folders.
See Managing Processes for details on how to work with processes.
On-Premises Orchestrator
Challenges brought by large deployments and employee dynamics can be addressed by integrating Orchestrator with Active Directory. Broadly, you don't need to go through the hassle of directory duplication in your instance, as added AD identities are checked directly against the directory database.
AD integration enables you to either grant or restrict access to Orchestrator according to the configured group policies and based on your AD group membership. Manual intervention is limited to adding your groups and configuring access rights for them in Orchestrator.
Overview
Adding an AD group creates a user entity in Orchestrator called Directory Group, for which you configure access rights (roles and folders access) as desired. This entry serves as a reference to the group as found in AD.
When logging in, Orchestrator checks your group membership against the AD database. If confirmed, it automatically provisions your user as a Directory User and then associates it to the access rights inherited from the Directory Group. Inherited rights are only kept for the duration of the user session.
See About Users for details about user management in Orchestrator.
See Managing Large Deployments for details on how to handle large deployments using AD integration, and user and robot auto-provisioning. See Managing Processes for details on how to work with processes.
When using modern folders, the configuration is already in place and users can easily switch to Interactive Sign In. The only thing to do is to enable the feature from Orchestrator and have the users disconnect from machine key and logging in.
For existing tenants, the feature is disabled by default. To enable Interactive Sign In from Orchestrator:
- Access your Orchestrator instance, and then go to Settings and select the Security tab.
- On the lower part of the page, select Allow both user authentication and robot key authentication, and then click Save.
Users can now sign in with their account. This change is seamless, all the processes and settings are kept in place.
- If you're using the on-prem Orchestrator, make sure that users are connecting to the correct URL. The default login URL for
Interactive Sign In is
https://cloud.uipath.com
. To change it, follow the steps described below. - If a user is part of multiple tenants and the default URL is used, the user is prompted to choose which tenant to connect to.
- If the service URL contains the organization and tenant names (e.g.:
cloud.uipath.com/myorg/mytenant
) the user is directly connected to that specific tenant, without having to select the tenant themselves.
Changing the Orchestrator URL for Interactive Sign In
When signing in from UiPath Assistant:
- Select Preferences > Orchestrator Settings.
- From Connection Type menu, select Service URL.
- Enter your URL and click Sign In.
When signing in from UiPath Studio:
- Click the profile icon on the top-right side of the screen, and then click Sign In.
- In the Get Started window, enter the URL of your
on-premises Orchestrator, and then click Sign In.
Common Sign-in Errors
This section documents errors you may encounter when you try to sign in to your account. Select an error to view information about its cause and available solutions.
Interactive sign-in is not enabled for this tenant. Enable it from the Orchestrator settings, or connect using the machine key.
Cause
Authentication is not enabled in the tenant you are trying to sign in to. This may occur if the tenant was created in an older version of Orchestrator, before the introduction of the interactive sign-in feature.
Solution
Do one of the following:
-
In Orchestrator, go to Tenant > Settings > Security , and then select Allow both user authentication and robot key authentication.
Note: Only an administrator can perform this task. - In the Studio Sign-in screen, select More Options > Connect to Orchestrator to connect using your machine key instead.
Interactive connect is not available.
Cause
The Robot is installed in service mode. Interactive sign-in is supported only if the Robot is installed in user mode.
Solution
Do one of the following:
- Run the installation again and make sure to select the User mode Robot installation type. For more information, see Install Studio.
- In the Studio Sign-in screen, select More Options > Connect to Orchestrator to connect using your machine key instead.
No robot configured for the current user.
Cause
You are trying to sign in but no attended robot is configured for your user in Orchestrator.
Solution
In Orchestrator, edit the current user, make sure the option to create an attended robot for the user is selected, and select a developer license type for which a license is available. You can check license availability by going to Tenant > License.
Robot does not exist.
Cause
You are using a classic robot defined in Orchestrator using the classic method or via the Windows user and you are already connected to Orchestrator with a machine key. When you then sign in from Studio, a different username is sent to Orchestrator
Solution
Do one of the following:
- Sign out, and then, in the Studio Sign-in screen, select More Options > Connect to Orchestrator to connect using your machine key.
- In Orchestrator, set up a modern robot
configuration instead of the classic one, and then sign in again.
Note: Only an administrator can perform this task.
Cannot acquire a license.
Cause
You are trying to sign in but your user is not properly configured to acquire a license from Orchestrator.
Solution
In Orchestrator, edit the current user, make sure the option to create an attended robot for the user is selected, and select a developer license type for which a license is available. You can check license availability by going to Tenant > License.
No such host in known. No such host in known.
Cause
Connection to Orchestrator could not be established.
Solution
Make sure your Internet connection is working.
1. Creating Your UiPath® Organization
- Go to https://cloud.uipath.com/portal_/register and create an account with UiPath® .
- Sign in to your account.
- When prompted to create a new organization, fill in the name and region, agree to the Terms of Use, and click Continue.
- The organization is created and a default tenant is created for it. To find out more about tenant management, see About Tenants.
2. Licensing in Orchestrator
Interactive Sign In relies on the licensing you have configured in Orchestrator for the user authentication through Studio or UiPath® Assistant. Users receive permissions and licenses based on the groups and roles that they are assigned to.
For a step-by-step guide on managing users, assigning roles, working with groups, and providing access to folders in Automation Cloud, see the Managing Users page.
If you are using the on-prem version of Orchestrator, see About Users for more information on how to manage users and groups.
1. Downloading and Installing UiPath® Studio
Log in to your account in Automation Cloud, and then click the resource center link on the right side of the page to access the resources page where you can download the latest Enterprise version of UiPath® Studio.
Run the and, when prompted to choose what to install, select Studio to install Studio, the Robot, and the Assistant. If you open the advanced options of the installer, make sure not to select the option Register as Windows Service for the Robot.
Use the following links to access product documentation:
2. Connecting Studio and Robot to Orchestrator
The first time you open Studio, you are prompted to connect to Orchestrator, either by signing in or by using your machine key. For attended automation, signing in is the easiest way to do this.
You can also sign in later from the UiPath® Assistant or Studio. From Assistant, open the Preferences menu on the top-right side of the window and click Sign In. A browser opens and asks for your credentials. After the login process is complete, the status icon next to the Preferences menu turns green and, when you access the Preferences menu, your name is displayed at the top.
For more information about signing in from Assistant, see .
When signing in through the UiPath® Assistant, the Robot and Studio are automatically connected to Orchestrator and licensed as per your settings in Orchestrator.
3. Publishing and Configuring a Process in Orchestrator
After you create and publish a process to Orchestrator, you must configure it so that you can add it to the UiPath® Assistant.
- Go to https://cloud.uipath.com and sign in.
- Click on your tenant name.
- In the main page of your tenant, select Folders.
- If the process was published to the Orchestrator Tenant Processes Feed it was added to the Shared folder. Access that folder and then select the Processes tile.
- A new page opens where you can see the processes in the selected folder. Click the plus icon on the right side of the page.
- On the Add Process page, select the process you want to configure by typing its name in the Package Name box, and then select the package version (the latest one is selected by default).
- Click Create. The process is now listed in Orchestrator.
See the managing processes in Orchestrator documentation page for more details.
4. Running the Process from UiPath® Assistant
After the process is configured in Orchestrator, when you open the UiPath® Assistant, the process you created is there and ready to run.
- Benefits of Interactive Sign In
- Deployment
- Attended Robots
- Unattended Robots
- User-Mode and Service-Mode Install
- Recommended Deployment
- Setup - Existing Customer
- Switching From Machine Key to Interactive Sign In With Classic Folders
- Switching From Machine Key to Interactive Sign In With Modern Folders
- Setup - New Customer
- Setting up Orchestrator
- Getting Started With Studio and Assistant