I think the better way to put this is that the bot developer (a person) will need access to all of the applications. The bot user of the attended bot will need the same.
Developer must be able to interact with the applications to gather descriptors and generate the process.
The attended bot will be operating with the credentials of the user.
If SSO gets you access to all of the applications for both, then you’re good and done. If there are individual separate authentications for some or all of the applications, then you have options. Probably the best is to get the user (and the developer) to enter the credentials. But you can store those credentials in local store or Orchestrator to automate the authentication.
In the Unattended robot scenario, the same basic rules apply. The Unattended robot is installed for a user and operates with that user’s credentials.