The Interactive Sign In feature provides an option to connect Orchestrator, Studio, and UiPath Assistant using the user's account, simplifying the process and offering better sync across the platform. This turns the user's account into the main link between all of the UiPath products, removing the need to use a machine or license key while creating a frictionless experience for deploying and connecting Robots and Studio to Orchestrator.
- Instant access to queues, assets, and processes in Orchestrator folders without any complicated steps, provided he has been granted access to them. Simply authenticate in Studio or Assistant with your user credentials and everything is there. Syncing all Desktop products to the same Orchestrator tenant is being taken care of as well. All products are connected using a single user account, this includes licensing which is being inherited via Orchestrator removing the need for using a License Key.
- You no longer need to create individual machines or machine templates for each robot. These are created automatically and the robots are seamlessly connected to Orchestrator in the authentication process of the user, fully removing the need for users to configure the robots with Machine Keys.
- Processes tied to the user account in Orchestrator (individually or via folders) are found immediately in the UiPath Assistant and a personal workspace is created for that user in Orchestrator. Besides being able to view, configure, and run, you can also remove processes tied to a personal workspace directly from the UiPath Assistant.
Attended Robots need to be installed in User Mode to be able to sign in without machine key and they work in the same Windows Session as the user is logged in on the machine. The UiPath Assistant connects to Orchestrator to get access to resources in orchestrator (queues, assets) as well as to determine the processes a user has permissions to execute, when the authentication is completed, the user can start and manage processes from the UiPath Assistant.
When the UiPath Assistant connects to Orchestrator via Interactive Sign In, the necessary resources for running attended processes are synced from Orchestrator and a machine key connection is not required.
If you install the Robot in Service Mode, you must first connect to Orchestrator from Studio or Assistant with a machine key, and only afterwards you can use Interactive Sign In.
Unattended Robots are installed in Service Mode and rely on the Robot Service to start a Windows Session every time a job is triggered from Orchestrator to run an Unattended Process. The Robot Service is launched by the Windows Service Control Manager under the Local System. It can open interactive Windows sessions, and has all the rights of a machine administrator. As such, it enables automatic session management (such as log on and log off) for unattended jobs. In this situation, a Machine Key connection is needed as the above is done by having the Robot Service listed under the Windows services in
services.msc, not tied to a specific user.
If you want to make use of Interactive Sign In to troubleshoot Unattended Robots, you first need to log on to that machine in a user session, then authenticate with your account in the UiPath Assistant to gain access to processes.
During the installation process, it's important to choose the best type of robot deployment in order to take full advantage of the UiPath products.
Depending on the use case, Robots can be deployed in User Mode or Service Mode and the connection to Orchestrator can be done through machine key or Interactive Sign In.
For more information, see Installing the Robot.
User-Mode deployments do not support Secure XAML, meaning that users can access .XAML files without having admin rights.
The following tables describe the recommended deployments for classic folders and modern folders
Interactive Sign In
Interactive Sign In
Before enabling Interactive Sign In for your environment make sure that your setup is based on Modern Folders. If you're switching to Interactive Sign In without migrating to Modern Folders the processes will become unavailable to users.
The Interactive Sign In feature only works using modern folders. If your environment is based on classic folders, you need to migrate your existing configuration to use modern folders.
General guidelines about the migration are described in this document. The migration can be completed using the Orchestrator Manager tool which can be used to handle scenarios in which you need to add, remove, change, or migrate Orchestrator entities.
Download the Orchestrator Manager tool in the form of a
.zip archive containing all the necessary files, including detailed documentation on how it works and how to use it for specific scenarios.
For this specific scenario, follow the steps described in the Orchestrator Manager documentation in the Migration of Classic Folders to Modern Folders section.
We strongly recommend going through all the information available in that document before starting the migration.
After the migration is completed, configure the groups and roles assigned to users in Orchestrator to determine the permissions and licenses they receive.
For Orchestrator services residing in Automation Cloud, user management is performed in the Automation Cloud portal. The initial configuration however must be performed in both Orchestrator and Cloud Portal. Adding users involves inviting them into your tenant. See the Adding Users section for details.
Automation Cloud reduces the need to specify explicit access control levels by providing default access rights for typical scenarios.
Default User Groups
We provide four different default user groups with specific access levels for their members. Although the groups come with predefined sets of permissions, these can be customized at any time according to your needs on a per-service basis.
Custom User Groups
If you ever find yourself needing more than the four access levels provided by UiPath, you can at any point create and tailor your very own user groups.
The entire process involves creating the group in Automation Cloud and customizing the full set of permissions for it using roles in Orchestrator. The access level of a user is relative to the group membership and also relative to the permission configuration made for that group in Orchestrator services.
Remember that default groups are added by default to new Orchestrator services to streamline the first-run experience. Custom groups, on the other hand, need to be added manually in Orchestrator to ensure the correct mapping between the group membership of a user and the corresponding role in Orchestrator. To clarify this bit, it might help to know the following:
- When a user tries to access certain services, the system makes an access-permit decision depending on the user's membership.
- When a user tries to access or use certain resources in a service, the system makes an access-permit decision based on the roles of the user, which can be either inherited from the group or granted explicitly.
User management for on-premises Orchestrator is performed solely in Orchestrator. Users can be either added directly from Orchestrator or can be auto-provisioned based on their Active Directory membership. See the AD Integration section for details.
Challenges brought by large deployments and employee dynamics can be addressed by integrating Orchestrator with Active Directory. Broadly, you don't need to go through the hassle of directory duplication in your instance, as added AD identities are checked directly against the directory database.
AD integration enables you to either grant or restrict access to Orchestrator according to the configured group policies and based on your AD group membership. Manual intervention is limited to adding your groups and configuring access rights for them in Orchestrator.
Adding an AD group creates a user entity in Orchestrator called Directory Group, for which you configure access rights (roles and folders access) as desired. This entry serves as a reference to the group as found in AD.
When logging in, Orchestrator checks your group membership against the AD database. If confirmed, it automatically provisions your user as a Directory User and then associates it to the access rights inherited from the Directory Group. Inherited rights are only kept for the duration of the user session.
See About Users for details about user management in Orchestrator.
See Managing Large Deployments for details on how to handle large deployments using AD integration, and user and robot auto-provisioning.
See Managing Processes for details on how to work with processes.
When using modern folders, the configuration is already in place and users can easily switch to Interactive Sign In. The only thing to do is to enable the feature from Orchestrator and have the users disconnect from machine key and logging in.
For existing tenants, the feature is disabled by default. To enable Interactive Sign In from Orchestrator:
- Access your Orchestrator instance, and then go to Settings and select the Security tab.
- On the lower part of the page, select Allow both user authentication and robot key authentication, and then click Save.
Users can now sign in with their account. This change is seamless, all the processes and settings are kept in place.
If you're using the on-prem Orchestrator, make sure that users are connecting to the correct URL. The default login URL for Interactive Sign In is
https://cloud.uipath.com. To change it, follow the steps described below.
If a user is part of multiple tenants and the default URL is used, the user is prompted to choose which tenant to connect to.
If the service URL contains the organization and tenant names (e.g.:
cloud.uipath.com/productTeam/productTeam) the user is directly connected to that specific tenant, without having to select the tenant themselves.
When signing in from UiPath Assistant:
- Select Preferences > Orchestrator Settings.
- From Connection Type menu, select Service URL.
- Enter your URL and click Sign In.
When signing in from UiPath Studio:
Click the profile icon on the top-right side of the screen, and then click Sign In.
In the Get Started window, enter the URL of your on-premises Orchestrator, and then click Sign In.
The following table documents errors you may encounter when you try to connect to Orchestrator by signing in or using your machine key, along with causes and solutions.
Interactive sign-in is not enabled for this tenant. Enable it from Orchestrator settings, or connect using the machine key
You are trying to sign in to your account but user authentication is not enabled from Orchestrator.
Do one of the following:
You are trying to sign in to your account but no attended Robot is allocated to your user.
In Orchestrator, go to Tenant > Users and edit the current user. In the Attended Robot tab, select Automatically create an attended robot for this user and select a License Type.
The remote name could not be resolved: Orchestrator_URL
Connection to Orchestrator could not be established.
Make sure your Internet connection is working.
- Go to
https://cloud.uipath.com/portal_/registerand create an account with UiPath.
- Sign in to your account.
- The organization is created and a default tenant is created for it. To find out more about tenant management, see About Tenants.
Run the MSI installer and, when prompted to choose what to install, select Studio to install Studio, the Robot, and the Assistant. If you open the advanced options of the installer, make sure not to select the option Register as Windows Service for the Robot.
Use the following links to access product documentation:
The first time you open Studio, you are prompted to connect to Orchestrator, either by signing in or by using your machine key. For attended automation, signing in is the easiest way to do this.
You can also sign in later from the UiPath Assistant or Studio. From Assistant, open the Preferences menu on the top-right side of the window and click Sign In. A browser opens and asks for your credentials. After the login process is complete, the status icon next to the Preferences menu turns green and, when you access the Preferences menu, your name is displayed at the top.
For more information about signing in from Assistant, see Interactive Sign in.
When signing in through the UiPath Assistant, the Robot and Studio are automatically connected to Orchestrator and licensed as per your settings in Orchestrator.
1. Go to https://cloud.uipath.com and sign in.
2. Click on your tenant name, in this example NewOrganisationDefault.
3. In the main page of your tenant, select Folders.
4. If the process was published to the Orchestrator Tenant Processes Feed it was added to the Shared folder. Access that folder and then select the Processes tile.
5. A new page opens where you can see the processes in the selected folder. Click the plus icon on the right side of the page.
6. On the Add Process page, select the process you want to configure by typing its name in the Package Name box, and then select the package version (the latest one is selected by default).
7. Click Create. The process is now listed in Orchestrator.
If the process is not visible in UiPath Assistant after configuring it in Orchestrator, make sure that it is added to a folder that you have access to.
The process status is Awaiting Install as it was never run. Click the start button to run the process.
Updated 2 months ago