robot
2023.4
false
Robot User Guide
Last updated Oct 25, 2024

Setting Up Interactive Sign-In

The Interactive Sign In feature provides an option to connect Orchestrator, Studio, and UiPath Assistant using the user's account, simplifying the process and offering better sync across the platform. This turns the user's account into the main link between all of the UiPath products, removing the need to use a machine or license key while creating a frictionless experience for deploying and connecting Robots and Studio to Orchestrator.

Benefits of Interactive Sign In

  • Instant access to queues, assets, and processes in Orchestrator folders without any complicated steps, provided they have been granted access to them. Simply authenticate in Studio or Assistant with your user credentials and everything is there. Syncing all Desktop products to the same Orchestrator tenant is being taken care of as well. All products are connected using a single user account. This includes licensing which is being inherited via Orchestrator removing the need for using a License Key. Interactive Sign In is a per-tenant feature, meaning that it automatically applies the settings for the new tenant.
  • You no longer need to create individual machines or machine templates for each robot. These are created automatically and the robots are seamlessly connected to Orchestrator in the authentication process of the user, fully removing the need for users to configure the robots with Machine Keys.
  • Processes tied to the user account in Orchestrator (individually or via folders) are found immediately in the UiPath Assistant and a personal workspace is created for that user in Orchestrator. Besides being able to view, configure, and run, you can also remove processes tied to a personal workspace directly from the UiPath Assistant.

Deployment

Attended Robots

Attended Robots need to be installed in User Mode to be able to sign in without machine key and they work in the same Windows Session as the user is logged in on the machine. The UiPath Assistant connects to Orchestrator to get access to resources in orchestrator (queues, assets) as well as to determine the processes a user has permissions to execute, when the authentication is completed, the user can start and manage processes from the UiPath Assistant.

When the UiPath Assistant connects to Orchestrator via Interactive Sign In, the necessary resources for running attended processes are synced from Orchestrator and a machine key connection is not required.

Note: If you install the Robot in Service Mode, you must first connect to Orchestrator from Studio or Assistant with a machine key, and only afterwards you can use Interactive Sign In.

Unattended Robots

Unattended Robots are installed in Service Mode and rely on the Robot Service to start a Windows Session every time a job is triggered from Orchestrator to run an Unattended Process. The Robot Service is launched by the Windows Service Control Manager under the Local System. It can open interactive Windows sessions, and has all the rights of a machine administrator. As such, it enables automatic session management (such as log on and log off) for unattended jobs. In this situation, a Machine Key connection is needed as the above is done by having the Robot Service listed under the Windows services in services.msc, not tied to a specific user.

If you want to make use of Interactive Sign In to troubleshoot Unattended Robots, you first need to log on to that machine in a user session, then authenticate with your account in the UiPath® Assistant to gain access to processes.

User-Mode and Service-Mode Install

During the installation process, it's important to choose the best type of robot deployment in order to take full advantage of the UiPath® products.

Depending on the use case, Robots can be deployed in User Mode or Service Mode and the connection to Orchestrator can be done through machine key or Interactive Sign In.

For more information, see Installing the Robot.

Important: User-Mode deployments do not support Secure XAML, meaning that users can access .XAML files without having admin rights.

Recommended Deployment

The following tables describe the recommended deployments for classic folders and modern folders

Using Classic Folders

Robot type

Installation Type

Orchestrator Connection

Attended

User Mode

Machine Key

Unattended

Service Mode

Machine Key

Development (Studio)

User Mode

Machine Key

Using Modern Folders

Robot type

Installation Type

Orchestrator Connection

Attended

User Mode

Interactive Sign In

Unattended

Service Mode

Machine Key

Development (Studio)

User Mode

Interactive Sign In

Setup - Existing Customer

Important: Before enabling Interactive Sign In for your environment make sure that your setup is based on Modern Folders. If you're switching to Interactive Sign In without migrating to Modern Folders the processes will become unavailable to users.

Switching From Machine Key to Interactive Sign In With Classic Folders

The Interactive Sign In feature only works using modern folders. If your environment is based on classic folders, you need to migrate your existing configuration to use modern folders.

General guidelines about the migration are described in this document. The migration can be completed using the Orchestrator Manager tool which can be used to handle scenarios in which you need to add, remove, change, or migrate Orchestrator entities.

Download the Orchestrator Manager tool in the form of a .zip archive containing all the necessary files, including detailed documentation on how it works and how to use it for specific scenarios.

For this specific scenario, follow the steps described in the Orchestrator Manager documentation in the Migration of Classic Folders to Modern Folders section.

We strongly recommend going through all the information available in that document before starting the migration.

Configuring Users and Licensing in Orchestrator

After the migration is completed, configure the groups and roles assigned to users in Orchestrator to determine the permissions and licenses they receive.

Automation Cloud Orchestrator

Note: For Orchestrator services residing in Automation Cloud, user management is performed in the Automation Cloud portal. The initial configuration however must be performed in both Orchestrator and Cloud Portal. Adding users involves inviting them into your tenant. See the Adding Users section for details.

Automation Cloud reduces the need to specify explicit access control levels by providing default access rights for typical scenarios.

Default User Groups

We provide four different default user groups with specific access levels for their members. Although the groups come with predefined sets of permissions, these can be customized at any time according to your needs on a per-service basis.

Custom User Groups

If you ever find yourself needing more than the four access levels provided by UiPath, you can at any point create and tailor your very own user groups.

Overview

The entire process involves creating the group in Automation Cloud and customizing the full set of permissions for it using roles in Orchestrator. The access level of a user is relative to the group membership and also relative to the permission configuration made for that group in Orchestrator services.

Remember that default groups are added by default to new Orchestrator services to streamline the first-run experience. Custom groups, on the other hand, need to be added manually in Orchestrator to ensure the correct mapping between the group membership of a user and the corresponding role in Orchestrator. To clarify this bit, it might help to know the following:

  • When a user tries to access certain services, the system makes an access-permit decision depending on the user's membership.
  • When a user tries to access or use certain resources in a service, the system makes an access-permit decision based on the roles of the user, which can be either inherited from the group or granted explicitly.

See Managing Users for a step by step guide on managing users, assigning roles, working with groups and providing access to folders.

See Managing Processes for details on how to work with processes.

On-Premises Orchestrator

Note: User management for on-premises Orchestrator is performed solely in Orchestrator. Users can be either added directly from Orchestrator or can be auto-provisioned based on their Active Directory membership. See the AD Integration section for details.

Challenges brought by large deployments and employee dynamics can be addressed by integrating Orchestrator with Active Directory. Broadly, you don't need to go through the hassle of directory duplication in your instance, as added AD identities are checked directly against the directory database.

AD integration enables you to either grant or restrict access to Orchestrator according to the configured group policies and based on your AD group membership. Manual intervention is limited to adding your groups and configuring access rights for them in Orchestrator.

Overview

Adding an AD group creates a user entity in Orchestrator called Directory Group, for which you configure access rights (roles and folders access) as desired. This entry serves as a reference to the group as found in AD.

When logging in, Orchestrator checks your group membership against the AD database. If confirmed, it automatically provisions your user as a Directory User and then associates it to the access rights inherited from the Directory Group. Inherited rights are only kept for the duration of the user session.

See About Users for details about user management in Orchestrator.

See Managing Large Deployments for details on how to handle large deployments using AD integration, and user and robot auto-provisioning. See Managing Processes for details on how to work with processes.

Switching From Machine Key to Interactive Sign In With Modern Folders

When using modern folders, the configuration is already in place and users can easily switch to Interactive Sign In. The only thing to do is to enable the feature from Orchestrator and have the users disconnect from machine key and logging in.

For existing tenants, the feature is disabled by default. To enable Interactive Sign In from Orchestrator:

  1. Access your Orchestrator instance, and then go to Settings and select the Security tab.
  2. On the lower part of the page, select Allow both user authentication and robot key authentication, and then click Save.

Users can now sign in with their account. This change is seamless, all the processes and settings are kept in place.



Note:
  • If you're using the on-prem Orchestrator, make sure that users are connecting to the correct URL. The default login URL for Interactive Sign In is https://cloud.uipath.com. To change it, follow the steps described below.
  • If a user is part of multiple tenants and the default URL is used, the user is prompted to choose which tenant to connect to.
  • If the service URL contains the organization and tenant names (e.g.: cloud.uipath.com/myorg/mytenant) the user is directly connected to that specific tenant, without having to select the tenant themselves.
Changing the Orchestrator URL for Interactive Sign In

When signing in from UiPath Assistant:

  1. Select Preferences > Orchestrator Settings.
  2. From Connection Type menu, select Service URL.
  3. Enter your URL and click Sign In.


When signing in from UiPath Studio:

  1. Click the profile icon docs image on the top-right side of the screen, and then click Sign In.
  2. In the Get Started window, enter the URL of your on-premises Orchestrator, and then click Sign In.


Common Sign-in Errors

This section documents errors you may encounter when you try to sign in to your account. Select an error to view information about its cause and available solutions.

Interactive sign-in is not enabled for this tenant. Enable it from the Orchestrator settings, or connect using the machine key.

Cause

Authentication is not enabled in the tenant you are trying to sign in to. This may occur if the tenant was created in an older version of Orchestrator, before the introduction of the interactive sign-in feature.

Solution

Do one of the following:

  • In Orchestrator, go to Tenant > Settings > Security , and then select Allow both user authentication and robot key authentication.

    Note: Only an administrator can perform this task.
  • In the Studio Sign-in screen, select More Options > Connect to Orchestrator to connect using your machine key instead.

Interactive connect is not available.

Cause

The Robot is installed in service mode. Interactive sign-in is supported only if the Robot is installed in user mode.

Solution

Do one of the following:

  • Run the installation again and make sure to select the User mode Robot installation type. For more information, see Install Studio.
  • In the Studio Sign-in screen, select More Options > Connect to Orchestrator to connect using your machine key instead.

No robot configured for the current user.

Cause

You are trying to sign in but no attended robot is configured for your user in Orchestrator.

Solution

In Orchestrator, edit the current user, make sure the option to create an attended robot for the user is selected, and select a developer license type for which a license is available. You can check license availability by going to Tenant > License.

Note: Only an administrator can perform this task.

Robot does not exist.

Cause

You are using a classic robot defined in Orchestrator using the classic method or via the Windows user and you are already connected to Orchestrator with a machine key. When you then sign in from Studio, a different username is sent to Orchestrator

Solution

Do one of the following:

  • Sign out, and then, in the Studio Sign-in screen, select More Options > Connect to Orchestrator to connect using your machine key.
  • In Orchestrator, set up a modern robot configuration instead of the classic one, and then sign in again.
    Note: Only an administrator can perform this task.

Cannot acquire a license.

Cause

You are trying to sign in but your user is not properly configured to acquire a license from Orchestrator.

Solution

In Orchestrator, edit the current user, make sure the option to create an attended robot for the user is selected, and select a developer license type for which a license is available. You can check license availability by going to Tenant > License.

Note: Only an administrator can perform this task.

No such host in known. No such host in known.

Cause

Connection to Orchestrator could not be established.

Solution

Make sure your Internet connection is working.

Setup - New Customer

Setting up Orchestrator

1. Creating Your UiPath Organization

  1. Go to https://cloud.uipath.com/portal_/register and create an account with UiPath.
  2. Sign in to your account.
  3. When prompted to create a new organization, fill in the name and region, agree to the Terms of Use, and click Continue.
  4. The organization is created and a default tenant is created for it. To find out more about tenant management, see About Tenants.

2. Licensing in Orchestrator

Interactive Sign In relies on the licensing you have configured in Orchestrator for the user authentication through Studio or UiPath Assistant. Users receive permissions and licenses based on the groups and roles that they are assigned to.

For a step-by-step guide on managing users, assigning roles, working with groups, and providing access to folders in Automation Cloud, see the Managing Users page.

If you are using the on-prem version of Orchestrator, see About Users for more information on how to manage users and groups.

Getting Started With Studio and Assistant

1. Downloading and Installing UiPath Studio

Log in to your account in Automation Cloud, and then click the resource center link on the right side of the page to access the resources page where you can download the latest Enterprise version of UiPath Studio.

Run the MSI installer and, when prompted to choose what to install, select Studio to install Studio, the Robot, and the Assistant. If you open the advanced options of the installer, make sure not to select the option Register as Windows Service for the Robot.

Use the following links to access product documentation:

2. Connecting Studio and Robot to Orchestrator

The first time you open Studio, you are prompted to connect to Orchestrator, either by signing in or by using your machine key. For attended automation, signing in is the easiest way to do this.

You can also sign in later from the UiPath Assistant or Studio. From Assistant, open the Preferences menu on the top-right side of the window and click Sign In. A browser opens and asks for your credentials. After the login process is complete, the status icon next to the Preferences menu turns green and, when you access the Preferences menu, your name is displayed at the top.

For more information about signing in from Assistant, see Interactive Sign in.



When signing in through the UiPath Assistant, the Robot and Studio are automatically connected to Orchestrator and licensed as per your settings in Orchestrator.

3. Publishing and Configuring a Process in Orchestrator

After you create and publish a process to Orchestrator, you must configure it so that you can add it to the UiPath Assistant.

  1. Go to https://cloud.uipath.com and sign in.
  2. Click on your tenant name.
  3. In the main page of your tenant, select Folders.
  4. If the process was published to the Orchestrator Tenant Processes Feed it was added to the Shared folder. Access that folder and then select the Processes tile.
  5. A new page opens where you can see the processes in the selected folder. Click the plus icon on the right side of the page.
  6. On the Add Process page, select the process you want to configure by typing its name in the Package Name box, and then select the package version (the latest one is selected by default).
  7. Click Create. The process is now listed in Orchestrator.

See the managing processes in Orchestrator documentation page for more details.

4. Running the Process from UiPath Assistant

After the process is configured in Orchestrator, when you open the UiPath Assistant, the process you created is there and ready to run.

Note: If the process is not visible in UiPath Assistant after configuring it in Orchestrator, make sure that it is added to a folder that you have access to.


Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.