- Getting started
- Understanding UiPath Robot
- Installation requirements
- Installing robots for unattended automations
- Configuring robots for unattended automations
- Deploying unattended automations
- Connecting robots for unattended automations to Orchestrator
- Setting up Windows Server for High-Density Robots
- Redirecting robots through a proxy server
- Implementing authentication with credential providers
- Configuring package signature verification
- Setting up package folders and network paths
- Configuring activity feeds
- Using EntraID users with multifactor authentication (MFA) for unattended robots
- Installing robots for attended automations
- Configuring robots for attended automations
- Integrations
- Governance
- Troubleshooting
Robot admin guide
Multifactor authentication (MFA) adds an extra layer of security by requiring users to verify their identity using two or more factors, such as:
- Something you know: a password
- Something you have: a mobile device or smart card
- Something you are: a fingerprint or face scan
MFA helps protect against unauthorized access, even if a password is compromised. However, it introduces additional complexity when setting up unattended automations.
Passwords count as a single authentication factor. Because MFA requires at least two factors, Robots cannot create user sessions using password credentials alone.
To enable MFA users to authenticate, you can use smart card credentials instead.
Smart card authentication requires Login to Console to be set to True. It does not work with RDP sessions, which means it is not compatible with High-Density Robot environments. For more details, see SmartCard Authentication.
Using Windows Hello for Business with a PIN
The Robot can authenticate users using a Windows Hello for Business (WHfB) PIN.
To enable Windows Hello for Business for your organization, refer to the official documentation.
You can configure the PIN in Windows Settings. Before setting up the PIN, you must authenticate using MFA.
WHfB PIN can only be configured in a console session. Remote sessions (RDP) are not supported for enrollment.
Using Entra Certificate-Based Authentication
Step 1: Create virtual smart cards
Virtual smart cards are easier to deploy and manage across multiple machines.
You must create virtual smart cards on all virtual machines (VMs) where robots run. Do this for each Entra ID user that executes automations.
A virtual smart card functions as a physical one, but instead of using a physical container, it relies on the machine Trusted Platform Module (TPM) chip to securely store cryptographic keys.
Step 2: Configure Entra certificate-based authentication
After creating the virtual smart cards, configure Entra certificate-based authentication to allow Entra ID users to authenticate using certificates.
The certificates used for authentication must be configured as multi-factor to meet MFA requirements.