- Getting started
- Best practices
- Tenant
- About the Tenant Context
- Searching for Resources in a Tenant
- Managing Robots
- Connecting Robots to Orchestrator
- Storing Robot Credentials in CyberArk
- Storing Unattended Robot Passwords in Azure Key Vault (read only)
- Storing Unattended Robot Credentials in HashiCorp Vault (read only)
- Storing Unattended Robot Credentials in AWS Secrets Manager (read only)
- Deleting Disconnected and Unresponsive Unattended Sessions
- Robot Authentication
- Robot Authentication With Client Credentials
- Configuring automation capabilities
- Audit
- Settings
- Cloud robots
- Folders Context
- Automations
- Processes
- Jobs
- Apps
- Triggers
- Logs
- Monitoring
- Queues
- Assets
- Storage Buckets
- Test Suite - Orchestrator
- Resource Catalog Service
- Authentication
- Integrations
- Classic Robots
- Troubleshooting
Configuring automation capabilities
Configuring automation capabilities involves allowing specific users or groups within an organization to automate various tasks, processes, or workflows. Whether the jobs should run attended or unattended, you can choose from the following options to suit your automation scenarios:
- enabling users to run personal automations
- running automations on unattended infrastructure via unattended robots
- configuring robot accounts to run unattended automations
Personal automations are automations that can run under a user's identity either locally on the user's machine, or remotely (personal remote automations) on server-side resources to which the user has no direct access to. User accounts and their association with roles allows for a certain level of access to resources in Orchestrator.
This article describes how to enable your users to:
- Run automation on their local machine via the UiPath® Assistant;
- Run background personal remote automations in folders where the user has the necessary permissions and in their personal workspaces;
- Run and debug in UiPath Studio, both desktop and web;
- Manage automations in their personal workspace.
For developers and business users: See how to manually run a job or configure a trigger to launch jobs as yourself .
This procedure walks admins through the steps for enabling personal automation capabilities for a group of users. Groups are used to simplify administration for accounts with similar needs, that are managed together.
This procedure walks admins through the steps for enabling personal automation capabilities for individual user accounts. This is recommended if group members require additional capabilities on top of those granted by group membership and it helps achieve granular control in terms of user configuration.
UiPath® accounts can be thought of as identities intended to represent human (user accounts) or non-human users (robot accounts) that need to be authorized to access Orchestrator resources. These accounts and their association with roles allows for a certain level of access to resources in Orchestrator.
Unattended automation typically runs on robot accounts, the UiPath equivalent of Windows service accounts. An administrator can enable an unattended robot to impersonate a user account, that is act on behalf of that user identity, to allow the robot to run automations with the same privileges as the user it impersonates.
Running unattended automations on user accounts is typically done by developers debugging their automation projects, and business users running automations under their own identity, but on server-side resources instead of their local machines.
Running background processes on unattended infrastructure is also possible via personal remote automation which is easier to set up since it does not need an unattended robot enabled for the user account. See how to enable your users to run personal automations .
The differences between personal remote automations and unattended automation capabilities on a user account are:
- You can only run personal remote automations if the underlying process is a background process; it does not work for processes that require user interaction. To execute processes that require user interaction configuring an unattended robot is still required.
- In personal remote automation, the user's identity is used for executing that single process, so it helps achieve granular control in terms of when and how the user's identity is used. Unattended robots, on the other hand, act as the user they impersonate to execute processes across all folders the user has access to.
This article describes how administrators can enable developers and business users to:
- Run background processes on unattended infrastructure, by allowing an unattended robot to impersonate a user for execution;
- Run processes that require user interaction on unattended infrastructure; by allowing an unattended robot to impersonate a user for execution.
Running automations in a folder
Users can debug and run processes from all folders they have access to. They can use unattended infrastructure for execution, provided that an administrator has allocated to that folder the physical resources to run unattended automation, that is they assigned to that folder a machine template object with at least one runtime. Typically, for debugging, a NonProduction runtime is used.
Developers and business users can launch a process either by launching a job manually or via triggers in that folder.
If the user does not see any runtimes available when starting a job from Orchestrator, then the admin should make sure that:
- they assigned both the user account and a machine template to the folder that contains the process to be executed.
- they assigned runtimes to the machine template. This is not necessary in personal workspaces.
Debugging in a personal workspace
A personal workspace is the personal folder of a user and it acts as a separate and segregated storage space from the official Orchestrator feed. In a personal workspace, Orchestrator takes over several operations an admin would have to perform in a folder, allowing publishing, running and debugging automation projects without the admin intervention:
- Orchestrator automatically creates a process from each package published from Studio to the personal workspace feed of that user;
- Orchestrator automatically manages machine templates on the behalf of the administrator for personal workspace owners and a machine template with a Development runtime is automatically created and assigned to each new personal workspace.
Users can debug or run a process either by launching a job manually or via triggers in that workspace.
For a user to run processes on unattended infrastructure, an administrator needs to enable for them both personal automation capabilities and impersonation by an unattended robot (which enables the robot on a physical host machine to run under that user's identity).
- a user license
- an unattended runtime
- robot units for cloud robots
To enable users to debug processes on unattended infrastructure, do the following when referencing or editing the user account in Orchestrator:
When interactive authentication is enforced, in UiPath Assistant, a user can only see the processes to which they have access and only after signing in to their account. A user license is also required. Therefore, unattended processes which do not run under a user account are not available in UiPath Assistant for troubleshooting, making it impossible for a user to debug an unattended process by logging into that host machine.
To overcome this, an administrator can temporarily enable a troubleshooting session on their machine. Doing this lets the user see and run the unattended process locally, without requiring a user license. The troubleshooting session is temporary and the above only applies while troubleshooting is active.
You can also use Studio for its remote debugging capabilities. It allows running and debugging attended and unattended processes on remote machines, including on Linux robots that can run cross-platform projects.
Step 1. Enable a troubleshooting session
Step 2. Connect to UiPath Assistant
Follow these instructions to connect to the machine and run the unattended processes from UiPath Assistant with your account.
- In Orchestrator, go to Tenant > Machines and click Copy Client ID / Machine key at the end of the machine row to copy the machine key to your clipboard.
- In UiPath Assistant, click the user icon in the title bar and select Preferences.
- Select the Orchestrator Settings tab and click Disconnect or Sign out if needed so that you can edit the connection settings.
- Configure the connection as follows:
- Connection Type - Select Machine Key.
- Orchestrator URL - Add the URL to the Orchestrator instance, which should include the tenant and organization.
- Machine Key - Paste the copied machine key from your clipboard.
- Click Connect and then close the Preferences window.
- If you do not see the unattended processes in Assistant, then go to Preferences > Sign In and log in with your credentials.
Now you can run unattended processes from UiPath Assistant to troubleshoot them.
Step 3. Extend or disable the troubleshooting session
When you have finished debugging, you can disable the troubleshooting session for the machine so that it won't allow attended connections anymore. Or, if you need to, you can extend the amount of time that the session is active.
- Go to Tenant > Monitoring.
- Select Unattended sessions from the Section dropdown menu.
- Click More Actions at the end of the machine row and select Configure troubleshooting session.
-
In the Configure troubleshooting session dialog:
-
Close the session: switch the toggle under Troubleshooting session to Disabled.
When disabled, no further connections are accepted. However, any existing connections remain active until disconnected.
- Extend the session: Edit the value in the Session timeout (minutes) box with a greater value to extend the session to the specified duration.
-
- Click Save.
- Disconnect UiPath Assistant to close the connection.
Unattended automation typically runs on robot accounts, the UiPath® equivalent of Windows service accounts. Robot accounts can be thought of as non-human identities that need to be authorized to access Orchestrator resources. Their association with roles allows for a certain level of access to resources in Orchestrator.
Robot accounts have their unattended capabilities enabled by default, administrators only have to configure several infrastructure related settings.
Enabling unattended automation on a robot account
To configure unattended execution settings under a certain robot account and on specific infrastructure, an administrator must do the following when referencing or editing the robot account in Orchestrator:
- Click the Unattended setup tab to configure execution settings for the account.
- In the Foreground automations settings section, select the infrastructure to be used for executing unattended foreground processes under that account:
- Enable the Run only one job at a time option to restrict the account from simultaneously executing multiple jobs. This helps when automating applications that do not allow for a credential to be be used more than once at a time (e.g., SAP).
- On the Robot settings tab, configure execution settings for the unattended robot. Learn about robot settings.
- Click Add or Update. The robot account is created/updated.
- Enabling personal automations
- Enabling user groups to run personal automations
- Enabling individual users to run personal automations
- Enabling unattended automations
- Enabling users to debug from Orchestrator
- Enabling users without Orchestrator access to debug on the host machine
- Configuring robot accounts to run unattended automations