- Release Notes
- Getting Started
- Introduction
- Setting Up Interactive Sign-In
- UiPath Assistant
- Installation and Upgrade
- Robot Types
- Robot Components
- Licensing
- Connecting Robots to Orchestrator
- Processes and Activities
- Logging
- Robot JavaScript SDK
- Specific Scenarios
- Troubleshooting
Setting Up Interactive Sign-In
The Interactive Sign In feature provides an option to connect Orchestrator, Studio, and UiPath Assistant using the user's account, simplifying the process and offering better sync across the platform. This turns the user's account into the main link between all of the UiPath products, removing the need to use a machine or license key while creating a frictionless experience for deploying and connecting Robots and Studio to Orchestrator.
- Instant access to queues, assets, and processes in Orchestrator folders without any complicated steps, provided they have been granted access to them. Simply authenticate in Studio or Assistant with your user credentials and everything is there. Syncing all Desktop products to the same Orchestrator tenant is being taken care of as well. All products are connected using a single user account, this includes licensing which is being inherited via Orchestrator removing the need for using a License Key.
- You no longer need to create individual machines or machine templates for each robot. These are created automatically and the robots are seamlessly connected to Orchestrator in the authentication process of the user, fully removing the need for users to configure the robots with Machine Keys.
- Processes tied to the user account in Orchestrator (individually or via folders) are found immediately in the UiPath Assistant and a personal workspace is created for that user in Orchestrator. Besides being able to view, configure, and run, you can also remove processes tied to a personal workspace directly from the UiPath Assistant.
Attended Robots need to be installed in User Mode to be able to sign in without machine key and they work in the same Windows Session as the user is logged in on the machine. The UiPath Assistant connects to Orchestrator to get access to resources in orchestrator (queues, assets) as well as to determine the processes a user has permissions to execute, when the authentication is completed, the user can start and manage processes from the UiPath Assistant.
When the UiPath Assistant connects to Orchestrator via Interactive Sign In, the necessary resources for running attended processes are synced from Orchestrator and a machine key connection is not required.
services.msc
, not tied to a specific user.
If you want to make use of Interactive Sign In to troubleshoot Unattended Robots, you first need to log on to that machine in a user session, then authenticate with your account in the UiPath Assistant to gain access to processes.
During the installation process, it's important to choose the best type of robot deployment in order to take full advantage of the UiPath products.
Depending on the use case, Robots can be deployed in User Mode or Service Mode and the connection to Orchestrator can be done through machine key or Interactive Sign In.
For more information, see Installing the Robot.
The following tables describe the recommended deployments for classic folders and modern folders
Using Classic Folders
Robot type |
Installation Type |
Orchestrator Connection |
---|---|---|
Attended |
User Mode |
Machine Key |
Unattended |
Service Mode |
Machine Key |
Development (Studio) |
User Mode |
Machine Key |
Using Modern Folders
Robot type |
Installation Type |
Orchestrator Connection |
---|---|---|
Attended |
User Mode |
Interactive Sign In |
Unattended |
Service Mode |
Machine Key |
Development (Studio) |
User Mode |
Interactive Sign In |
The Interactive Sign In feature only works using modern folders. If your environment is based on classic folders, you need to migrate your existing configuration to use modern folders.
General guidelines about the migration are described in this document. The migration can be completed using the Orchestrator Manager tool which can be used to handle scenarios in which you need to add, remove, change, or migrate Orchestrator entities.
.zip
archive containing all the necessary files, including detailed documentation on how it works and how to use it for specific
scenarios.
For this specific scenario, follow the steps described in the Orchestrator Manager documentation in the Migration of Classic Folders to Modern Folders section.
We strongly recommend going through all the information available in that document before starting the migration.
Configuring Users and Licensing in Orchestrator
After the migration is completed, configure the groups and roles assigned to users in Orchestrator to determine the permissions and licenses they receive.
Automation Cloud Orchestrator
Automation Cloud reduces the need to specify explicit access control levels by providing default access rights for typical scenarios.
Default User Groups
We provide four different default user groups with specific access levels for their members. Although the groups come with predefined sets of permissions, these can be customized at any time according to your needs on a per-service basis.
Custom User Groups
If you ever find yourself needing more than the four access levels provided by UiPath, you can at any point create and tailor your very own user groups.
Overview
The entire process involves creating the group in Automation Cloud and customizing the full set of permissions for it using roles in Orchestrator. The access level of a user is relative to the group membership and also relative to the permission configuration made for that group in Orchestrator services.
Remember that default groups are added by default to new Orchestrator services to streamline the first-run experience. Custom groups, on the other hand, need to be added manually in Orchestrator to ensure the correct mapping between the group membership of a user and the corresponding role in Orchestrator. To clarify this bit, it might help to know the following:
- When a user tries to access certain services, the system makes an access-permit decision depending on the user's membership.
- When a user tries to access or use certain resources in a service, the system makes an access-permit decision based on the roles of the user, which can be either inherited from the group or granted explicitly.
See Managing Users for a step by step guide on managing users, assigning roles, working with groups and providing access to folders.
See Managing Processes for details on how to work with processes.
On-Premises Orchestrator
Challenges brought by large deployments and employee dynamics can be addressed by integrating Orchestrator with Active Directory. Broadly, you don't need to go through the hassle of directory duplication in your instance, as added AD identities are checked directly against the directory database.
AD integration enables you to either grant or restrict access to Orchestrator according to the configured group policies and based on your AD group membership. Manual intervention is limited to adding your groups and configuring access rights for them in Orchestrator.
Overview
Adding an AD group creates a user entity in Orchestrator called Directory Group, for which you configure access rights (roles and folders access) as desired. This entry serves as a reference to the group as found in AD.
When logging in, Orchestrator checks your group membership against the AD database. If confirmed, it automatically provisions your user as a Directory User and then associates it to the access rights inherited from the Directory Group. Inherited rights are only kept for the duration of the user session.
See About Users for details about user management in Orchestrator.
See Managing Large Deployments for details on how to handle large deployments using AD integration, and user and robot auto-provisioning. See Managing Processes for details on how to work with processes.
When using modern folders, the configuration is already in place and users can easily switch to Interactive Sign In. The only thing to do is to enable the feature from Orchestrator and have the users disconnect from machine key and logging in.
For existing tenants, the feature is disabled by default. To enable Interactive Sign In from Orchestrator:
- Access your Orchestrator instance, and then go to Settings and select the Security tab.
- On the lower part of the page, select Allow both user authentication and robot key authentication, and then click Save.
Users can now sign in with their account. This change is seamless, all the processes and settings are kept in place.
- If you're using the on-prem Orchestrator, make sure that users are connecting to the correct URL. The default login URL for
Interactive Sign In is
https://cloud.uipath.com
. To change it, follow the steps described below. - If a user is part of multiple tenants and the default URL is used, the user is prompted to choose which tenant to connect to.
- If the service URL contains the organization and tenant names (e.g.:
cloud.uipath.com/myorg/mytenant
) the user is directly connected to that specific tenant, without having to select the tenant themselves.
Changing the Orchestrator URL for Interactive Sign In
When signing in from UiPath Assistant:
- Select Preferences > Orchestrator Settings.
- From Connection Type menu, select Service URL.
-
Enter your URL and click Sign In.
When signing in from UiPath Studio:
- Click the profile icon on the top-right side of the screen, and then click Sign In.
-
In the Get Started window, enter the URL of your on-premises Orchestrator, and then click Sign In.
Common Errors when Connecting to Orchestrator
The following table documents errors you may encounter when you try to connect to Orchestrator by signing in or using your machine key, along with causes and solutions.
Error |
Cause |
Solution |
---|---|---|
Interactive sign-in is not enabled for this tenant. Enable it from Orchestrator settings, or connect using the machine key |
You are trying to sign in to your account but user authentication is not enabled from Orchestrator. |
Do one of the following:
|
Unauthorized |
You are trying to sign in to your account but no attended Robot is allocated to your user. |
In Orchestrator, go to Tenant > Users and edit the current user. In the Attended Robot tab, select Automatically create an attended robot for this user and select a License Type. |
The remote name could not be resolved: Orchestrator_URL |
Connection to Orchestrator could not be established. |
Make sure your Internet connection is working. |
1. Creating Your UiPath Organization
- Go to https://cloud.uipath.com/portal_/register and create an account with UiPath.
- Sign in to your account.
- When prompted to create a new organization, fill in the name and region, agree to the Terms of Use, and click Continue.
- The organization is created and a default tenant is created for it. To find out more about tenant management, see About Tenants.
2. Licensing in Orchestrator
Interactive Sign In relies on the licensing you have configured in Orchestrator for the user authentication through Studio or UiPath Assistant. Users receive permissions and licenses based on the groups and roles that they are assigned to.
For a step-by-step guide on managing users, assigning roles, working with groups, and providing access to folders in Automation Cloud, see the Managing Users page.
If you are using the on-prem version of Orchestrator, see About Users for more information on how to manage users and groups.
1. Downloading and Installing UiPath Studio
Log in to your account in Automation Cloud, and then click the resource center link on the right side of the page to access the resources page where you can download the latest Enterprise version of UiPath Studio.
Run the MSI installer and, when prompted to choose what to install, select Studio to install Studio, the Robot, and the Assistant. If you open the advanced options of the installer, make sure not to select the option Register as Windows Service for the Robot.
Use the following links to access product documentation:
2. Connecting Studio and Robot to Orchestrator
The first time you open Studio, you are prompted to connect to Orchestrator, either by signing in or by using your machine key. For attended automation, signing in is the easiest way to do this.
You can also sign in later from the UiPath Assistant or Studio. From Assistant, open the Preferences menu on the top-right side of the window and click Sign In. A browser opens and asks for your credentials. After the login process is complete, the status icon next to the Preferences menu turns green and, when you access the Preferences menu, your name is displayed at the top.
For more information about signing in from Assistant, see Interactive Sign in.
When signing in through the UiPath Assistant, the Robot and Studio are automatically connected to Orchestrator and licensed as per your settings in Orchestrator.
3. Publishing and Configuring a Process in Orchestrator
After you create and publish a process to Orchestrator, you must configure it so that you can add it to the UiPath Assistant.
- Go to https://cloud.uipath.com and sign in.
- Click on your tenant name.
- In the main page of your tenant, select Folders.
- If the process was published to the Orchestrator Tenant Processes Feed it was added to the Shared folder. Access that folder and then select the Processes tile.
- A new page opens where you can see the processes in the selected folder. Click the plus icon on the right side of the page.
- On the Add Process page, select the process you want to configure by typing its name in the Package Name box, and then select the package version (the latest one is selected by default).
- Click Create. The process is now listed in Orchestrator.
See the managing processes in Orchestrator documentation page for more details.
4. Running the Process from UiPath Assistant
After the process is configured in Orchestrator, when you open the UiPath Assistant, the process you created is there and ready to run.
- Benefits of Interactive Sign In
- Deployment
- Attended Robots
- Unattended Robots
- User-Mode and Service-Mode Install
- Recommended Deployment
- Setup - Existing Customer
- Switching From Machine Key to Interactive Sign In With Classic Folders
- Switching From Machine Key to Interactive Sign In With Modern Folders
- Setup - New Customer
- Setting up Orchestrator
- Getting Started With Studio and Assistant