orchestrator

2024.10

true

Getting started
- Introduction
- User options
- Logging in to Orchestrator
- Resetting your password
- Robots
  - Robot Statuses
  - Robot Settings
- Auto Updating Client Components
- Orchestrator Configuration Checklist
Best practices
- Organization Modeling in Orchestrator
- Managing Large Deployments
- Automation Best Practices
- Optimizing Unattended Infrastructure Using Machine Templates
- Unattended automation
- Organizing Resources With Tags
- Orchestrator Read-only Replica
- Exporting grids in the background
Tenant
- About the Tenant Context
- Searching for Resources in a Tenant
- Robots
- Folders
- Monitoring
- Access control
- Configuring automation capabilities
- Machines
- Packages
- Audit
- Credential Stores
  - Managing credential stores
  - Integrating credential stores
- Webhooks
  - Types of Events
  - Managing Webhooks
- Licensing
  - Managing Your Licenses
- Alerts
- Settings - Tenant Level
Resource Catalog Service
- About Resource Catalog Service
Folders Context
- About the Folders Context
- Home
Automations
- About Automations
Processes
- About Processes
- Managing Processes
- Managing Package Requirements
- Recording
Jobs
- About Jobs
- Managing Jobs
- Job States
- Working with long-running workflows
- Running Personal Remote Automations
- Process Data Retention Policy
Triggers
- About triggers
  - Time triggers
  - Queue triggers
- Managing triggers
  - Creating a time trigger
  - Creating a queue trigger
- Managing Non-Working Days
- Using Cron Expressions
  - Triggering jobs on the last day of the month
Logs
- About Logs
- Managing Logs in Orchestrator
- Logging Levels
- Orchestrator Logs
Monitoring
- About Monitoring
- Machines
- Processes
- Queues
- Queues SLA
Queues
- About Queues and Transactions
- Bulk uploading Queue Items using a CSV file
- Managing Queues in Orchestrator
- Managing Queues in Studio
- Managing Transactions
  - Editing Transactions
  - Field Descriptions for the Transactions .csv File
- Review Requests
Assets
- About Assets
- Managing Assets in Orchestrator
- Managing Assets in Studio
- Storing Assets in Azure Key Vault (read only)
- Storing Assets in HashiCorp Vault (read only)
- Storing Assets in AWS Secrets Manager (read only)
Storage Buckets
- About Storage Buckets
  - CORS/CSP Configuration
- Managing Storage Buckets
- Moving Bucket Data Between Storage Providers
Test Suite - Orchestrator
- Test Automation
- Test Cases
  - Field Descriptions for the Test Cases Page
- Test Sets
  - Field Descriptions for the Test Sets Page
- Test Executions
  - Field Descriptions for the Test Executions Page
- Test Schedules
  - Field Descriptions for the Test Schedules Page
- Test Data Queues
- Testing Data Retention Policy
Other Configurations
- Increasing the Size Limit of Package Files
- Setting up Encryption Key Per Tenant
- GZIP Compression
Integrations
- About Input and Output Arguments
  - Example of Using Input and Output Arguments
Host administration
- About the host level
- Managing system administrators
- Managing tenants
- Configuring host authentication settings
- Managing your host license
  - Allocating Licenses to Tenants
- Configuring system email notifications
- Configuring other host settings
- Audit logs for the host portal
- Maintenance Mode
Organization administration
- About organizations
- Managing organization administrators
- Managing organization settings
- Configuring organization authentication
- Configuring organization security
  - Session policy
  - Restricting access to a set of users
- About licensing
  - Activating your license
- Accounts and groups
  - Managing access
  - Managing accounts and groups
- Authorizing external applications
  - Managing external OAuth applications
  - Configuring fine-grained access for confidential apps
- Managing tags
- Overriding system email settings
  - Email setup
    - System emails are not sent - SslHandshakeException
- Audit logs
Troubleshooting
- About Troubleshooting
- Frequently Encountered Orchestrator Errors
- Browser group policies
- Cron Expressions

Orchestrator User Guide

DELIVERY:

Automation Cloud Automation Cloud Public Sector Automation Suite Standalone

Last updated Nov 11, 2024

Reconfiguring authentication after upgrade

If you are upgrading Orchestrator to this version and you've previously enabled any external identity provider authentication, there are a series of manual configurations to be performed at the external identity provider level.

Previously created users are propagated to the UiPath Identity Server database.

UiPath® Identity Server acts as a federation gateway for a series of external identity providers (Google, Windows, Azure AD, and SAML2). You can configure their settings from the Management portal, under Users > Authentication Settings, in the External Providers section.

Manual configuration after an upgrade

Upon upgrading to this version of Orchestrator, any external identity provider authentication enabled in Orchestrator is automatically migrated to Identity Server, along with all the existing users. However, some manual changes are required after the upgrade.

Upgrading from versions prior to 2020.4

If you upgraded Orchestrator from version 2020.4 (or from a later version) to the current version, skip this section.

If you upgraded from a version prior to 2020.4:

In the external provider's settings, modify the Return URL by adding /identity at the end of your Orchestrator URL so that you have https://OrchestratorURL/identity.
Save the changes to the external provider.
Restart the IIS site for the changes to apply.

Continue with the instructions on this page for additional configuration that is required actions for the external identity providers you use with Orchestrator.

Google OpenID Connect authentication

If you've previously configured Google to recognize a new Orchestrator instance , then you need to perform these steps:

Access Google APIs and search for your previously created project.
In the Credentials page, select your previously created OAuth 2.0 client:
In the Client ID for Web application page, edit the Authorized redirect URIs value by adding the suffix /identity after your Orchestrator URL. For example, https://OrchestratorURL/identity/google-signin.
Save your changes.

Windows authentication

If you've previously enabled Windows authentication, no further actions are required.

Azure AD authentication

If you've previously configured Azure AD to recognize a new Orchestrator instance, then you need to perform these steps:

Access App Registrations in the Microsoft Azure portal and select your existing Orchestrator app registration.
In the selected app's page, select Redirect URIs.
In the selected app's Authentication page, modify the Redirect URL by adding /identity/azure-sign-in-oidc at the end of your Orchestrator URL:
Save the changes.
Restart the IIS server.

SAML2 authentication

ADFS

If you've previously configured ADFS to recognize a new Orchestrator instance, then you need to perform these steps after upgrading Orchestrator:

Open ADFS Management and modify your existing relying party trust for Orchestrator as follows:
- In the Configure URL section, select the Enable support for the SAML 2.0 Web SSO Protocol and, in the Relying party SAML 2.0 SSO service URL field, fill in the Orchestrator URL plus the suffix identity/Saml2/Acs. For example, https://OrchestratorURL/identity/Saml2/Acs.
- In the Configure Identifiers section, in the Relying party trust identifier field, fill in the Orchestrator URL plus the suffix identity. For example, https://OrchestratorURL/identity.
Save the changes.
After ADFS is configured, open PowerShell as an administrator and run the following commands:
```
Set-ADFSRelyingPartyTrust -TargetName "https://OrchestratorURL/identity" -SamlResponseSignature MessageAndAssertion
Restart-Service ADFSSRVSet-ADFSRelyingPartyTrust -TargetName "https://OrchestratorURL/identity" -SamlResponseSignature MessageAndAssertion
Restart-Service ADFSSRV
```
Restart the IIS server.

Google

If you've previously configured Google to recognize a new Orchestrator instance, then you need to perform these steps:

Open the Google administration console and modify your existing service's details as follows:
- In the Service Provider window, in the ACS URL field, fill in the Orchestrator URL plus the suffix identity/Saml2/Acs. For example, https://OrchestratorURL/identity/Saml2/Acs.
- In the same window, in the Entity ID field, fill in the Orchestrator URL plus the suffix identity. For example, https://OrchestratorURL/identity.
Save the changes.
Restart the IIS server.

Okta

If you've previously configured Okta to recognize a new Orchestrator instance, then you need to perform these steps:

Log in to Okta and locate your existing application.
Modify the details in the SAML Settings window, in the General section, as follows:
- In the Single sign on URL field, fill in the Orchestrator URL plus the suffix /identity/Saml2/Acs. For example, https://OrchestratorURL/identity/Saml2/Acs.
- If not already, enable the Use this for Recipient URL and Destination URL. This overwrites the Recipient URL and Destination URL fields with the value entered for Single Sign On URL, which in this example is https://OrchestratorURL/identity/Saml2/Acs.
- In the Audience URI field, fill in the Orchestrator URL plus the suffix /identity. For example, https://OrchestratorURL/identity.
Save the changes.
Restart the IIS server.

On this page

Manual configuration after an upgrade
Upgrading from versions prior to 2020.4
Google OpenID Connect authentication
Windows authentication
Azure AD authentication
SAML2 authentication

Was this page helpful?

PREVIOUSConfiguring host authentication settings

NEXTAllowing or restricting basic authentication

Support and Services

Get The Help You Need

UiPath Academy

Learning RPA - Automation Courses

UiPath Forum

UiPath Community Forum

Trust and Security

Cookies Policy