orchestrator
2020.10
false
OUT OF SUPPORT
Orchestrator User Guide
Automation CloudAutomation Cloud Public SectorAutomation SuiteStandalone
Last updated Dec 12, 2023

Configuring SSO: SAML 2.0

Orchestrator can handle Single Sign-On Authentication based on SAML 2.0. To enable it, both Orchestrator/Identity Server as Service Provider, and an Identity Provider must be properly configured so that they can communicate with each other. If SAML is enabled and correctly configured, a button is displayed at the bottom of the Login page. If the external identity provider uses a multi-factor authentication protocol, the user needs to comply with the corresponding rules as well in order to successfully log in.



Important:

Orchestrator/Identity Server supports multiple Identity Providers. In this guide we exemplify the following four:

Overview

Before we get to the detailed procedure, here is a quick overview of what you have to do to enable SAML authentication.

  1. Define a user in Orchestrator and have a valid email address set on the Users page.
  2. Import the signing certificate provided by the Identity Provider to the Windows certificate store using Microsoft Management Console, and set Orchestrator/Identity Server to use it accordingly. See here how to do that.
  3. Add the configuration specific to the Identity Provider in Identity Server's Saml2 settings within the External Providers page, making sure that the Enabled check box is selected.



The above method is valid if your email address is set as a SAML attribute, however you can configure your own mapping strategy as well. See here how to do that.

Find the specific configuration and how to obtain the certificates for each Identity Provider on the dedicated pages: ADFS Authentication, Google Authentication, OKTA Authentication.

  • Overview

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.