orchestrator
2020.10
false
OUT OF SUPPORT
Orchestrator User Guide
Automation CloudAutomation Cloud Public SectorAutomation SuiteStandalone
Last updated Dec 12, 2023

Connecting Robots to Orchestrator

This article outlines how to choose the Robot to Orchestrator connection method depending on the robot authentication mechanism set in Orchestrator. UiPath provides multiple robot authentication methods, ranging from expiring token authentication to authentication with tokens that never expire.

The three available authentication mechanisms are the resulting state of two Orchestrator tenant settings located on the Settings page > Security tab.



What Are the Types of Robot Authentication

Standard Authentication

Allow only connections with authentication tokens that never expire by clearing both authentication options on the Settings page > Security tab.

  • Allow both user authentication and robot key authentication - not selected

  • Enforce user authentication, disable robot key authentication - not selected

Type

Implications

Attended

Restrict attended robot authentication in the Assistant to Machine Key. There is no Sign in option displayed in the Assistant, hence users cannot connect Studio and the Assistant to Orchestrator using their credentials.

Unattended

Unattended robots require Machine Key connections at all times.

Hybrid Authentication

Allow both standard connections with tokens that don't expire and connections with tokens that expire by enabling Allow both user authentication and robot key authentication and clearing Enforce user authentication, disable robot key authentication.

  • Allow both user authentication and robot key authentication not selected

  • Enforce user authentication, disable robot key authentication selected

Type

Implications

Attended

You can use interactive sign-in to authenticate attended robots. The Sign in option is displayed in the Assistant allowing users to connect Studio and the Assistant to Orchestrator using their credentials.

Unattended

Unattended robots require Machine Key connections at all times.

Secure Authentication

Allow only connections with tokens that expire by enabling both authentication options on the Settings page > Security tab. User login is required to make Orchestrator HTTP requests, run Attended Robots, or view processes in the Assistant.

  • Allow both user authentication and robot key authentication selected

  • Enforce user authentication, disable robot key authentication selected

Type

Implications

Attended

Restrict attended robot authentication in the Assistant to interactive user sign-in.

Attended robot authentication requires sign-in otherwise the user won't see their associated processes in the Assistant and the robot appears as "Connected, Unlicensed".

Unattended

Unattended robots require Machine Key connections at all times.

Unattended in Attended Mode

For unattended, the host machine is connected and licensed in unattended mode so the designated way to execute processes is Orchestrator.

If you want to use the machine in attended mode (opening the Assistant) when user authentication is enforced, you need to sign in, otherwise you cannot see the processes in the Assistant, and the robot appears as "Connected, Unlicensed".

Important:

This authentication method requires recompiling the workflows that use Orchestrator activities or make direct HTTP calls to the Orchestrator API utilizing v2020.10 activity packages or higher.

There is a chance job execution will fail if at least one of below dependencies are used in an automation project:

  • UiPath.System.Activities < 20.10.0
  • UiPath.Persistence.Activities < 1.1.7
  • UiPath.DataService.Activities < 20.10.0
  • UiPath.Testing.Activities < 1.2.0

Use the Project Dependencies Mass Update Tool in Studio to update process dependencies to versions greater than or equal to those provided above. Test before deploying in production.

Connecting Attended Robots to Orchestrator

Interactive Sign-In

Use interactive sign-in to authenticate attended robots. The Sign in option is displayed in the Assistant allowing users to connect Studio and the Assistant to Orchestrator using their credentials. Compatible with:

  • Hybrid Authentication
  • Secure Authentication
  1. Open the Assistant.
  2. On the Preferences menu, select Sign In. You are directed to the Login page of your Orchestrator instance.
  3. Log in as usual.
  4. Once your identity is confirmed, the Assistant is populated with the processes in the folders your user has access to. Learn more about interactive authentication.
    Note: When using interactive sing-in, there is no need to create Machine objects in Orchestrator.
    Important: Interactive sign-in is not supported in a classic folder context.

Using the Machine Key in the Assistant

Use the machine key generated in Orchestrator to authenticate attended robots. Compatible with:

  • Standard Authentication
  • Hybrid Authentication

    Note:
    • The person handling the Orchestrator configuration in the company should provide the attended users and developers with the correct Orchestrator URL and machine key. Machine objects do not need to be assigned to Orchestrator folders, only users.
    • Multiple users working on the same machine each require a robot created in Orchestrator.
  1. Open the Assistant.
  2. On the Preferences menu, select Preferences. The Preferences window is displayed.


  3. Navigate to Orchestrator Settings.
  4. In the Orchestrator URL field, enter Orchestrator’s web address, such as https://myOrchestrator.uipath.com/.
  5. In the Machine Key field, enter the key generated by the machine entity in Orchestrator.
  6. Click Connect. The Robot is now connected to Orchestrator.


    Note: The High-Density Robots feature only works if the same machine name and key are used when registering each Robot per user.

Using the Machine Key in the Command Line

  1. Save the machine key generated in Orchestrator to the Clipboard or a file.
  2. Open Command Prompt.
  3. Go to the directory where your UiPath Robot is installed (by default C:\Program Files\UiPath\Studio). For example: cd C:\Program Files\UiPath\Studio.
  4. Use the --connect, -url, and -key command-line arguments in conjunction with the Orchestrator URL and machine key. For example: UiRobot.exe --connect -url https://demo.uipath.com/ -key ba1e4809-2f64-4965-bae2-efda62d20164. UiPath Robot is now connected to Orchestrator. In a High-Density environment, the robot corresponding to each user is connected to Orchestrator.

Connecting Unattended Robots to Orchestrator

Using the Machine Key in the Assistant

Use the machine key generated in Orchestrator to authenticate unattended robots. Machine key connections are required at all times for unattended execution. Compatible with:

  • Standard Authentication
  • Hybrid Authentication
  • Secure Authentication

    Note: Administrator privileges are required to perform this procedure for Service Mode Robots.
Important:

The host machine is connected and licensed in unattended mode so you can execute unattended processes using Orchestrator.

If you want to use the machine in attended mode (opening the Assistant) when user authentication is enforced, you need to sign in, otherwise you cannot see the processes in the Assistant, and the robot appears as "Connected, Unlicensed".

  1. Open the Assistant.
  2. On the Preferences menu, select Preferences. The Preferences window is displayed.


  3. Navigate to Orchestrator Settings.
  4. In the Orchestrator URL field, enter Orchestrator’s web address, such as https://myOrchestrator.domain.local/.
  5. In the Machine Key field, enter the key generated by the machine entity in Orchestrator. Learn about the various machine entities in Orchestrator and when to use each.
  6. Click Connect. UiPath Robot is now connected to Orchestrator.


    Note:
    • Machine objects need to be assigned to folders in Orchestrator.
    • The High-Density Robots feature only works if the same machine name and key are used when registering each Robot per user.

Using the Machine Key in the Command Line

  1. Save the machine key generated in Orchestrator to the Clipboard or a file.
  2. Open Command Prompt.
  3. Go to the directory where your UiPath Robot is installed (by default C:\Program Files\UiPath\Studio). For example: cd C:\Program Files\UiPath\Studio.
  4. Use the --connect, -url, and -key command-line arguments in conjunction with the Orchestrator URL and machine key. For example: UiRobot.exe --connect -url https://demo.uipath.com/ -key ba1e4809-2f64-4965-bae2-efda62d20164. UiPath Robot is now connected to Orchestrator. In a High-Density environment, the Robot corresponding to each user is connected to Orchestrator.

Automatic Enrollment

Use a connection string to automatically enroll service robots to Orchestrator.

The connection string is a URL that contains the following information:

  • the Orchestrator URL - identifies the Orchestrator instance UiPath Robot connects to;
  • tenant ID - identifies the tenant UiPath Robot connects to;
  • domain name - identifies the domain of the machine; this is only necessary if the machine is in a different domain than that specified for the WindowsAuth.Domain parameter (this is valid for subdomain machines as well). The domain needs to be in a two-way trust relationship with the one set for the WindowsAuth.Domain parameter.

Here are two examples of connection strings according to the machine's domain:

  • Same domain as specified in UiPath.Orchestrator.dll.config - https://demo.uipath.com/api/robotsservice/GetConnectionData?tenantId=1
  • Different domain than the one specified in UiPath.Orchestrator.dll.config - https://demo.uipath.com/api/robotsservice/GetConnectionData?tenantId=1&domainName=domain_name
    Note:

    In order to deploy Robots to Orchestrator using connection string, the following are required:

  1. In Orchestrator, navigate to Settings,General tab. (Tenant > Settings > General). Look for the Connection String field on the Application Settings section, and click Copy. The connection string is copied to the clipboard.


  2. Send the connection string to the Robot machine you want to connect to Orchestrator (via e-mail, USB stick, etc.)
  3. Use an automatic deployment tool to install the Robots and provide the connection string copied above in the CONNECTIONSTRING parameter used with the UiPathStudio.msi installer. UiPath Robot is connected to Orchestrator and is displayed as Available in the Robots page.
    Note: Connecting Robots to Orchestrator using the --connectionstring parameter is only possible when Standard Machines are used. Environments with Machine Templates do not support this.

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.