test-cloud
latest
false
  • Getting started with Test Cloud
  • Managing Test Cloud organizations
    • Overview
  • Working with Test Cloud
UiPath logo, featuring letters U and I in white

Test Cloud admin guide

Last updated Feb 12, 2026

Overview

This section gives an introduction to managing Test Cloud Dedicated organizations in the UiPath® ecosystem. This overview covers the basic aspects of Test Cloud Dedicated organizations, such as their creation, operation, and various features.

For more detailed information on the platform capabilities of Test Cloud Dedicated, visit the Automation Cloud Dedicated Admin guide.

Data security and compliance

Test Cloud Dedicated is built to meet the security, privacy, and compliance requirements of large enterprises that manage sensitive data. The platform combines dedicated infrastructure, strong encryption, controlled connectivity, and certified security controls to help organizations operate securely and meet regulatory obligations.

UiPath voluntarily completes and maintains multiple industry recognized security certifications and attestations, and continuously validates its security posture through internal and external assessments. Test Cloud Dedicated is certified for ISO 27001, 27017, 27018, and 9001, and holds HITRUST certification, along with SOC 1, SOC 2, HIPAA, and C5 attestations. Additional security and operational details can be provided under NDA through your UiPath account team.

Core security capabilities

  • Data residency control: Choose the Azure region where your Test Cloud Dedicated instance is deployed, supporting regional data residency and compliance requirements.
  • Encryption by default: All data is encrypted at rest and in transit using AES 256 bit encryption and TLS 1.2 or higher. Encryption is enabled by default across platform data stores.
  • Managed key protection: UiPath manages encryption keys using Azure Key Vault, with automatic key rotation enabled to ensure continuous protection.
  • Certificate management: The platform uses trusted certificate authorities to secure communications and supports automated certificate rotation to maintain secure connectivity.
  • Secure access and authentication: Supports enterprise authentication models including SSO with identity providers, role based access control, session policies, and IP based access restrictions.
  • Audit and monitoring: Built-in audit logging captures user actions and system events to support monitoring, investigation, and compliance needs.
  • Controlled connectivity: Enables secure communication between your environment and the dedicated platform, with support for private access models and defined network allow lists.

Organizations

In Test Cloud Dedicated, an organization represents a fully isolated, single tenant environment where you manage all automation services, users, and resources. It is the highest level of structure in the UiPath platform and serves as the central control plane for configuration, security, and access management.

Each Test Cloud Dedicated deployment creates a dedicated organization that provides a unique operating space tailored to your company’s requirements. Organizations are identified by a unique URL, an organization name, and a support ID used for administrative and support interactions.

From the organization level, administrators manage authentication and security settings, users and roles, licensing, integrations with external applications, notifications, logging, and platform wide preferences. Organization settings apply across all services and tenants unless more granular controls are configured.

This organizational model ensures strong isolation, centralized governance, and consistent management across all Test Cloud Dedicated services.

Authentication and security

Test Cloud Dedicated inherits the same authentication and security framework as Automation Suite, providing flexible, enterprise-grade controls for managing access, identity, and data protection.

Authentication options

Administrators can configure one or more authentication methods at the organization level, ensuring consistent and secure access for all users:

  • Basic authentication: Allows users to sign in with a username and password for a local account. This method can be restricted so that only directory-based authentication (through an external identity provider) is permitted.

  • Microsoft Entra ID integration: Enables Single Sign-On (SSO) using OpenID Connect and synchronization with Microsoft Entra ID users and groups, allowing gradual rollout without service disruption.

  • SAML 2.0 integration: Provides secure SSO and Single Logout (SLO) with any SAML 2.0–compliant Identity Provider (IdP), improving efficiency and user experience across connected applications.

Password and account protection

Test Cloud supports customizable security policies to help maintain strong password and account hygiene:

  • Password complexity: Define requirements for character types, minimum length, expiration period, and reuse restrictions.

  • Account lockout: Protect against repeated failed login attempts by automatically locking accounts after a configurable number of unsuccessful tries.

  • Change-on-first-login: Optionally require users to reset their password on first access.

Encryption and tenant-level security

To ensure data segregation and compliance, each tenant can be encrypted using Microsoft Azure Key Vault. This setup allows unique encryption keys per tenant, managed securely through Azure services.

Administrative control

Organization administrators can configure all authentication and security settings from Admin > Security Settings in the Management portal. System administrators at the host level define global policies, which organizations inherit by default but can override where necessary.

For more information, refer to the Authentication and security section.

Tenants and services

In Test Cloud Dedicated, tenants let you organize and manage your testing environment within an organization. Each tenant acts as a secure container for services and resources, helping you model your business structure, for example, by department, region, or project, while keeping data, licenses, and configurations isolated.

Tenant structure and management

  • Every organization starts with a DefaultTenant, automatically created during setup.

  • System administrators can create additional tenants from the Admin area, specify regions for data hosting, and choose which services to enable in each tenant.

  • A tenant can be enabled, disabled, or deleted as needed. When disabled, all licenses return to the organization pool, and data remains preserved.

  • You can easily switch between tenants from the tenant picker to work with data specific to each environment.

Services in each tenant

Each tenant includes one Orchestrator service by default, along with any other UiPath services available under your licenses (for example, Test Manager, Insights, or Data Service). This ensures full testing functionality within each isolated tenant.
Note: A tenant in Test Cloud Dedicated is different from an on-premises Orchestrator tenant. Each Test Cloud Dedicated tenant contains one Orchestrator service and can host multiple UiPath services under a single organizational scope.

License and access control

Administrators allocate licenses at the tenant level, deciding how many user and robot licenses to assign. Tenant visibility and access depend on user permissions within each service, ensuring users can only access tenants and services relevant to their roles.

Organizing resources with tags

Tags let you categorize and identify automation and testing resources across tenants and services. You can create labels or key–value pairs (properties) to group related items, such as test assets or environments. Tags created at the platform level are stored centrally and synchronized across Orchestrator and other connected services.

For more information, refer to the Tenants and services section.

Accounts and roles

Test Cloud Dedicated provides centralized identity, access, and permission management through accounts, groups, and roles. This model enables organizations to control who can access the platform, which services they can use, and what actions they can perform, while maintaining strong isolation and governance.

The platform supports both user accounts and robot accounts. User accounts represent individual people and can be managed locally or integrated with an external identity provider such as Microsoft Entra ID. Robot accounts are non human identities designed for running unattended automations securely and independently of individual users.

Groups simplify administration by allowing roles, licenses, and configurations to be assigned once and inherited by all members. Groups can be created locally in the UiPath platform or synchronized from a connected directory, enabling centralized onboarding and consistent access control.

Roles define permissions at two levels:

  • Organization-level roles, which control access to platform wide administration and settings

  • Service-level roles, which govern actions within individual UiPath services and are managed directly in each service

Accounts inherit permissions through group membership, with support for both direct assignment and automatic provisioning from external identity providers. This approach provides flexible access control, reduces administrative effort, and supports enterprise scale security and compliance across Test Cloud Dedicated services.

AI Trust Layer

The AI Trust Layer brings administration and strict governance capabilities to generative AI featuresall UiPath® products. Aimed to ensure data confidentiality and security in every interaction, AI Trust Layer keeps your data restricted within the UiPath® environment. For more information, visit About AI Trust Layer.

External applications

Test Cloud Dedicated supports secure integrations with external applications via OAuth 2.0 and Personal Access Tokens (PATs), enabling controlled API access without sharing user credentials.

OAuth external apps

OAuth external apps are third-party apps registered in your organization to call UiPath APIs with delegated authorization. OAuth apps can be of the following types:

  • Confidential (application scopes): Headless or server apps that can securely store secrets. They act as the app itself.

  • Confidential (user scopes): Server apps that act on behalf of a user. They store secrets securely.

  • Non-confidential (user scopes): Client apps (no secret storage), where user authorizes with short-lived tokens.

Personal access tokens (PATs)

Personal access tokens are user-scoped tokens (local-user accounts only) that substitute passwords for API access with defined scopes and expiry. An organization administrator can enable or disable PATs, set a maximum lifespan, view all PATs, and revoke tokens individually, or by pasting a known token to revoke immediately in case of suspected exposure.

For more information, refer to the External applications section.

Notifications

Stay updated about your actions and their outcomes with notifications. Keep track of user or administrative actions within your organization account through both in-app, and email notifications. For more details on enabling and managing notifications, visit .

Logging

Logging is an important tool for various tasks like debugging issues, reporting trends, and enhancing security and performance. Test Cloud Dedicated, along with other cloud services, uses different types of logs based on their unique requirements. For a thorough walkthrough on the uses and management of logs, visit About logs.

Was this page helpful?

Support and Services
Get The Help You Need
UiPath Academy
Learning RPA - Automation Courses
UiPath Forum
UiPath Community Forum
Uipath Logo
Trust and Security
Terms of Use
Privacy Policy
Cookies Policy
© 2005-2026 UiPath. All rights reserved.