Access to Robot's user credentials

orchestrator

#1

At my workplace, most of the important applications work with single sign-on (SSO). This means that the Windows credentials are sufficient in most cases. Since I already have to register these once for each robot, it’s not technically necessary to also store (and keep up to date) them separately as an asset. Would it be possible to also allow direct retrieval of these credentials as well?


#2

You want a GetMyCredential activity?


#3

I think what @sfranzen means is a Get Current Robot Credentials activity. Worth asking how much benefit does this bring? If you have 500 different robots who can run the same process then you would need to add 500 Assets, but if you have a lower number it doesn’t bring too much value.

However, we could consider creating a “per robot” implicit asset automatically when the robot is registered. I.e. this list to be generated automatically:

image


#4

Yes, that’s what I mean, and the benefit would be relatively small, certainly for a small number of robots as you say. It’s more of a matter of principle that I, as a programmer, don’t like to keep (and maintain) two identical copies of information. The automated asset creation would not be as useful, since we currently treat robot accounts similar to all others with respect to security, meaning passwords must be changed fairly regularly and I would still have to update both the robot details and the asset with the same password. It is only a minor issue though. Perhaps we can also consider exempting the robot accounts from this particular policy.


#5

I agree. However, for our project team we need to separate our Robot credentials from the credentials we use with our systems for security reasons.

It might be beneficial to just simply add a setting to the Assets that you can use Windows/Network Password, so you add the Asset but you don’t need to type in the password as it will use whatever you have set in the password field for that Robot.

I have always found getting current password to be tricky because Microsoft avoids easy access to that information to prevent access from Virus scripts. But, if an activity is possible to GetPassword, that would be another solution.