- Release notes
- Getting started
- Installation
- Configuration
- Integrations
- Authentication
- Working with Apps and Discovery Accelerators
- AppOne menus and dashboards
- AppOne setup
- TemplateOne 1.0.0 menus and dashboards
- TemplateOne 1.0.0 setup
- TemplateOne menus and fashboards
- TemplateOne 2021.4.0 setup
- Purchase to Pay Discovery Accelerator menus and dashboards
- Purchase to Pay Discovery Accelerator Setup
- Order to Cash Discovery Accelerator menus and dashboards
- Order to Cash Discovery Accelerator Setup
- Basic Connector for AppOne
- SAP Connectors
- Introduction to SAP Connector
- SAP input
- Checking the data in the SAP Connector
- Adding process specific tags to the SAP Connector for AppOne
- Adding process specific Due dates to the SAP Connector for AppOne
- Adding automation estimates to the SAP Connector for AppOne
- Adding attributes to the SAP Connector for AppOne
- Adding activities to the SAP Connector for AppOne
- Adding entities to the SAP Connector for AppOne
- SAP Order to Cash Connector for AppOne
- SAP Purchase to Pay Connector for AppOne
- SAP Connector for Purchase to Pay Discovery Accelerator
- SAP Connector for Order-to-Cash Discovery Accelerator
- Superadmin
- Dashboards and charts
- Tables and table items
- Application integrity
- How to ....
- Working with SQL connectors
- Introduction to SQL connectors
- Setting up a SQL connector
- CData Sync extractions
- Running a SQL connector
- Editing transformations
- Releasing a SQL Connector
- Scheduling data extraction
- Structure of transformations
- Using SQL connectors for released apps
- Generating a cache with scripts
- Setting up a local test environment
- Separate development and production environments
- Useful resources
Security
This guide describes the security possibilities of the UiPath Process Mining platform. It also contains recommendations and best practices inside and outside the platform regarding security.
It is recommended to always use the latest version of Windows Server and keeping it up-to-date.
While UiPath Process Mining stores all passwords in an encrypted form, the software does not encrypt data on disk. It is recommended for the server administrator to encrypt the data disk, using, for example, BitLocker.
The In-Memory database stores all data. In this way, it can be accessed very quickly without using the input databases. The Analytics engine handles calculations. The Visualization and Process mining engines create visuals that can be used on dashboards.
Windows Defender is deemed as secure for end-point protection. If other tools are used, ensure that the UiPath Process Mining platform is whitelisted.
It is recommended to set up an HTTPS binding for the platform in IIS. For setting up HTTPS a certificate is needed. The certificate should at least be TLSv1.2.
For cloud servers, secure VPN tunnels are used to add the servers to the trusted network of the users.
To ensure data security while in transit, it is highly encouraged to set up this HTTPS binding. Furthermore, for accepted cipher suites on the server, it is recommended to use the ‘Modern compatibility’ list provided by Mozilla: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility.
To further increase security in transit, it is recommended to set up VPN tunnels for all connections to and from the server. A modern protocol should be used, older protocols such as PPTP should not be used.
Out of the box, all security-related settings of the platform are in their most restricted state:
- At first startup, only a single superadmin user has access. Access is restricted to the localhost.
-
HTTP can only be used from localhost, other hosts can only connect through HTTPS. While not recommended, HTTP can be enabled for all hosts in the server settings.
It is possible to enable Two-Factor Authentication (2FA) to make your UiPath Process Mining application more secure. Two-Factor Authentication is an additional verification check to secure UiPath Process Mining accounts for unauthorized access. Two-Factor Authentication is available for developer accounts. It is recommended to enable 2FA in the Server Settings.
Two-Factor Authentication is also available for end-user accounts. By default, 2FA is not enabled for end-user accounts. Contact your UiPath Process Mining account manager if you want to set up Two-Factor Authentication for end-user accounts.
End-users only have access to the projects and data they have access rights for.
Application developers have access to everything in the complete installation. Therefore, it is recommended to set IP-address restrictions on the developer accounts. This can be done in the Superadmin users tab of the Superadmin interface.
Passwords are stored using a secure password hash. A password strength calculator is used to determine if passwords are strong. Brute forcing the login forms is prevented by delaying subsequent requests.
The password field is encrypted using a hash function. PBKDF2 with HMAC-SHA512 as pseudorandom function and 10000 iterations, together with a salt is used.
A salt is used to extend the input of the hash function. The salt consists of a fixed part (application-specific) and a 128bit randomly generated salt which is stored in the database. The random seed is generated on initializing the application in a session.
Since a cryptographic hash function is used, an encryption key is not required. No initialization vector is used in the hash function.
