For our client we need to figure out what kind of authentication methode is used when connecting an unattended robot with orchestrator via Client Secret and Machine Key. How secure is this methode in comparison to for example SSH key authentication. Also where is the Client Secret stored. Are there any other methods we can use to connect except from Client secret and Machine key?
The Client Secret and Machine Key authentication method is a secure way to connect an unattended robot to Orchestrator. It is a two-factor authentication method that uses a client secret and a machine key to authenticate the robot.
The client secret is a unique identifier that is generated for each robot. It is stored in the robot’s configuration file, which is encrypted at rest. The machine key is a shared secret that is generated for each Orchestrator instance. It is stored in the Orchestrator database.
To connect to Orchestrator, the robot sends its client secret and machine key to Orchestrator. Orchestrator verifies the client secret and machine key and authenticates the robot.
Client Secret and Machine Key authentication is more secure than SSH key authentication because it uses two factors of authentication. SSH key authentication only uses one factor of authentication, the SSH key.
Other methods of connecting to Orchestrator include
Windows Authentication SAML Authentication OAuth 2.0 Authentication
The best authentication method to use depends on your specific needs and security requirements. If you need a secure two-factor authentication method, then Client Secret and Machine Key authentication is a good option.
Thanks for your response! Do you know what this protocol is called that you just described? A question from the client would be:
For example with SSH the Private Secret key is kept on the machine itself. The protocol described above keeps the Client Secret in the robot’s configuration. What is the robot’s configuration and where is this stored?
How do machine objects play a role in connecting to machines?
The protocol that I described is called the Client Credentials authentication method. It is a two-factor authentication method that uses a client secret and a machine key to authenticate the robot.
The robot’s configuration is a file that contains information about the robot, such as its name, description, and authentication credentials. The robot’s configuration is stored on the same machine as the robot.
Machine objects are used to represent the machines that robots connect to. Machine objects contain information about the machine, such as its name, IP address, and operating system.
When a robot connects to a machine, it uses the machine object to identify the machine. The machine object also contains information about the authentication credentials that the robot needs to use to connect to the machine.
To create a machine object, you can use the UiPath Orchestrator Administrator Console. Once you have created a machine object, you can assign it to robots.
Thank you for your response @Palaniyappan! Very helpful information. I can take this back to our client. Is there a way to find the robot configuration file on the machine?