orchestrator
2021.10
false
重要 :
请注意,此内容已使用机器翻译进行了部分本地化。 新发布内容的本地化可能需要 1-2 周的时间才能完成。
UiPath logo, featuring letters U and I in white
OUT OF SUPPORT

Orchestrator User Guide

上次更新日期 2024年10月31日

Configuring SSO: Azure Active Directory

If you enable the Azure AD integration at the host level, as described on this page, you cannot enable it at the organization/tenant level.

The integration at the host level only enables SSO. But if enabled at the organization/tenant level, the integration allows for SSO, but also for directory search and automatic user provisioning.

Step 1. Create an Azure AD App Registration

Note: The below steps are a broad description of a sample configuration. For more detailed instructions, see the Microsoft documentation for configuring Azure AD as an authentication provider.
  1. Log in to the Azure portal as an administrator.
  2. Go to App Registrations, and click New Registration.
  3. In the Register an application page, fill in the Name field with a name for your Orchestrator instance.
  4. In the Supported account types section, select Accounts in this organizational directory only.
  5. Set the Redirect URI by selecting Web from the drop-down list and filling in the URL of your Orchestrator instance, plus the suffix /identity/azure-signin-oidc. For example, https://baseURL/identity/azure-signin-oidc.
  6. At the bottom, select the ID tokens checkbox.
  7. Click Register to create the app registration for Orchestrator.
  8. Save the Application (Client) ID to use it later.

Step 2. Configure Azure AD SSO

  1. Log in to the Management portal as a system administrator.
  2. Go to Users and select the Security Settings tab.
  3. In the External Providers section, click Configure under Azure AD.
    • Select the Enabled checkbox.
    • If you want to only allow logging in to Orchestrator using AzureAD, select the Force automatic login using this provider checkbox.
    • Fill in the Display Name field with the label you want to use for the AzureAD button on the Login page.
    • In the Client ID field, paste the value of the Application (Client) ID obtained from the Azure portal.
    • (Optional) In the Client Secret field, paste the value obtained from the Azure portal.

    • Set the Authority parameter to one of the following values:

      • https://login.microsoftonline.com/<tenant>, where <tenant> is the tenant ID of the Azure AD tenant or a domain associated with this Azure AD tenant. Used only to sign in users of a specific organization.
      • https://login.microsoftonline.com/common. Used to sign in users with work and school accounts or personal Microsoft accounts.
    • (Optional) In the Logout URL, paste the value obtained from the Azure portal.
  4. Click Save to save the changes to the external identity provider settings.
  5. Restart the IIS site. This is required after making any changes to External Providers.

Step 3. Allow Azure AD SSO for the Organization

Now that Orchestrator is integrated with Azure AD Sign-In, user accounts that have a valid Azure AD email address can use the Azure AD SSO option on the Login page to sign in to Orchestrator.

Each administrator must do this for their organization/tenant if they want to allow login with Azure AD SSO.



  1. Log in to Orchestrator as an administrator.
  2. Add local user accounts for your users, each with a valid Azure AD email address.

此页面有帮助吗?

支持与服务
获取您需要的帮助
UiPath Academy
了解 RPA - 自动化课程
UiPath 论坛
UiPath Community 论坛
Uipath Logo
信任与安全
使用条款
隐私策略
Cookie 政策
© 2005-2025 UiPath。保留所有权利。