orchestrator
2022.4
false
UiPath logo, featuring letters U and I in white
Orchestrator User Guide
Automation CloudAutomation Cloud Public SectorAutomation SuiteStandalone
Last updated Oct 17, 2024

Robot Authentication With Client Credentials

Client credentials is a robot authentication mechanism that uses the OAuth 2.0 framework as the basis for its authentication protocol, meaning unattended robots can connect to Orchestrator using a client ID - client secret pair generated via machine template objects. The client ID - client secret pair generates a token that authorizes the connection between the robot and Orchestrator and provides the Robot with access to Orchestrator resources.

Client credentials allow the UiPath Robot to access Orchestrator resources by using its own credentials, instead of impersonating a user. When the robot requests resources from Orchestrator, Orchestrator enforces that the robot itself has authorization to perform an action since there is no user involved in the authentication.

Important: Client credentials work with the UiPath Robot 2022.2 or higher.

How It Works



  1. The user enters the Client ID and Client Secret as generated by a machine object in Orchestrator.
  2. The robot requests the authentication configuration from Orchestrator.
  3. Orchestrator confirms Client Credentials is the mechanism used for robot authentication.
  4. The robot requests an access token from the Identity Server by presenting the client ID and client secret as authentication of its own identity.
  5. If the robot identity is validated, Identity Server issues an access token to the robot. Authorization is complete.
  6. The robot requests the resource from Orchestrator and presents the access token for authentication.
  7. If the access token is valid, Orchestrator serves the resource to the robot.

Generating Authorization Credentials

The following steps explain how to generate credentials to authenticate your robots.

  1. Go to the Tenant > Machines.
  2. Create a machine template or a standard machine as you would normally do.
  3. After you are done configuring its fields, click Provision. The machine object is created and a confirmation windows is displayed with details about the machine, including the Client ID and Client secret.
    Important: You will need the client ID and client secret to connect the robot to Orchestrator. The client secret is only visible once, right after its creation, so if you want to use the same secret multiple times, make sure to copy it and store it in a safe storage location. Consider using encryption or hashing to secure the storage.

Generating New Client Secrets

You can generate new client secrets for the same client ID by editing the machine object. The following steps explain how to generate new secrets.

  1. Go to the Tenant > Machines.
  2. For the machine for which you want to generate new secrets, click More Actions > Edit Machine
  3. In the Client secrets section, click Add new to add a new secret. A new secret is generated and visible for you to copy it.
    Important: The client secret is only visible once, right after its creation, so if you want to use the same secret multiple times, make sure to copy it and store it in a safe storage location. Make sure to also store the corresponding Secret ID as well, since this is the only way to identify the secret in case you want to later delete it, for example.

Deleting Existing Client Secrets

You can delete any secrets in order to revoke access to resources from machines employing those secrets to connect to Orchestrator. The following steps explain how to delete existing secrets.

  1. Go to the Tenant > Machines.
  2. For the machine for which you want to delete secrets, click More Actions > Edit Machine
  3. In the Client secrets section, click Delete client secret for the secret you want to delete. A confirmation window is displayed.
  4. Click Delete in the confirmation window to confirm the delete operation. The secret is successfully deleted and all host machines employing them to connect to Orchestrator get disconnected.
    Important: Deleting a secret is permanent and causes the robot to disconnect, thus revoking access from host machines using that secret to connect to Orchestrator. This brings any execution taking place on those host machines to a halt and prevents any further executions from happening.

Was this page helpful?

Support and Services
Get The Help You Need
UiPath Academy
Learning RPA - Automation Courses
UiPath Forum
UiPath Community Forum
Uipath Logo White
Trust and Security
Terms of Use
Privacy Policy
Cookies Policy
© 2005-2024 UiPath. All rights reserved.