- Getting started
- Best practices
- Tenant
- About the Tenant Context
- Searching for Resources in a Tenant
- Managing Robots
- Connecting Robots to Orchestrator
- Setup Samples
- Storing Robot Credentials in CyberArk
- Setting up Attended Robots
- Setting up Unattended Robots
- Storing Unattended Robot Passwords in Azure Key Vault (read-only)
- Storing Unattended Robot Credentials in HashiCorp Vault (read-only)
- Deleting Disconnected and Unresponsive Unattended Sessions
- Robot Authentication
- Robot Authentication With Client Credentials
- Audit
- Resource Catalog Service
- Folders Context
- Automations
- Processes
- Jobs
- Triggers
- Logs
- Monitoring
- Queues
- Assets
- Storage Buckets
- Test Suite - Orchestrator
- Identity Server
- About Identity Server
- Authentication
- Integrations
- Classic Robots
- Troubleshooting
About Identity Server
UiPath® Identity Server is a service that offers centralized authentication and access control across UiPath products. Its purpose is to provide a coherent experience and parity of functionality for authentication and some aspects of authorization across all UiPath products and services. For Identity Server, these products and services are considered clients.
With the integration of Identity Server, its clients have a shared onboarding and user management experience. Behind the scenes, authentication is performed via Identity Server, which offers SSO experience and generates tokens to communicate with other products via APIs. Once a user signs in, Identity Server seamlessly performs the calls when accessing other products or services. The sign-out experience is similar - once a user signs out of one client, Identity Server performs the sign-out calls to all the other clients.
Identity Server also acts as a federation gateway, supporting external identity providers, thus shielding its client applications from details of how to connect to these external providers.
Identity Server offers Authentication as a Service, containing the centralized login logic and workflow for all its integrated applications, making it easier for services to integrate with each other over one standard protocol family: OAuth. It is built in .NET Core 3.1 on top of the IdentityServer4 open-source library, and supports the OpenID Connect and OAuth 2.0 frameworks.
Identity Server's settings can be configured as follows:
- A series of settings are configured during installation. Read about it here.
- In-depth configurations specific for your environment are performed within its appsettings.json file.
-
External identity provider specific settings are configured within its Identity Management portal.
Important: Identity Server is mandatory in an Orchestrator installation or upgrade process. We don't support Orchestrator deployments without it.
Orchestrator is fully integrated with Identity Server. For Orchestrator, this integration means that:
- Logging in to Orchestrator is performed via Identity Server, and not through external identity providers.
- Orchestrator can consume user access tokens, service to service (S2S) access tokens, and robot access tokens generated by Identity Server.
- Orchestrator propagates to and reads data from Identity Server. When creating a user or a tenant in Orchestrator, an entry for that user/tenant is automatically created in Identity Server. Robot information and some settings are also propagated to Identity Server. The user login attempts are sent from Identity Server to Orchestrator.
Orchestrator is fully integrated with Identity Server. For Orchestrator, this integration means that:
- Logging in to Orchestrator is performed via Identity Server, and not through external identity providers.
- Orchestrator can consume user access tokens, service to service (S2S) access tokens, and robot access tokens generated by Identity Server.
- Orchestrator propagates to and reads data from Identity Server. When creating a user or a tenant in Orchestrator, an entry for that user/tenant is automatically created in Identity Server. Robot information and some settings are also propagated to Identity Server. The user login attempts are sent from Identity Server to Orchestrator.
Signing in to your Orchestrator service from the Assistant redirects you to the SSO page. In some browsers, you may be prompted to open UiPath Assistant. This happens due to the Assistant's protocol handler not being added to the browser's group policies.
To prevent this behavior, make sure to follow the next steps, depending on the browser (Chrome/Microsoft Edge):
Identity Server's settings can be configured as follows:
- A series of settings are configured during installation. Read about it here.
- In-depth configurations specific for your environment are performed within its appsettings.json file.
-
External identity provider specific settings are configured within its Identity Management portal.
Important: Identity Server is mandatory in an Orchestrator installation or upgrade process. We don't support Orchestrator deployments without it.