Authentication methode unattended robot with orchestrator

For our client we need to figure out what kind of authentication methode is used when connecting an unattended robot with orchestrator via Client Secret and Machine Key. How secure is this methode in comparison to for example SSH key authentication. Also where is the Client Secret stored. Are there any other methods we can use to connect except from Client secret and Machine key?

Thanks!

2 Likes

Welcome to UiPath forum

The Client Secret and Machine Key authentication method is a secure way to connect an unattended robot to Orchestrator. It is a two-factor authentication method that uses a client secret and a machine key to authenticate the robot.

The client secret is a unique identifier that is generated for each robot. It is stored in the robot’s configuration file, which is encrypted at rest. The machine key is a shared secret that is generated for each Orchestrator instance. It is stored in the Orchestrator database.

To connect to Orchestrator, the robot sends its client secret and machine key to Orchestrator. Orchestrator verifies the client secret and machine key and authenticates the robot.

Client Secret and Machine Key authentication is more secure than SSH key authentication because it uses two factors of authentication. SSH key authentication only uses one factor of authentication, the SSH key.

Other methods of connecting to Orchestrator include

Windows Authentication
SAML Authentication
OAuth 2.0 Authentication

The best authentication method to use depends on your specific needs and security requirements. If you need a secure two-factor authentication method, then Client Secret and Machine Key authentication is a good option.

For more details refer this doc

https://docs.uipath.com/orchestrator/standalone/2022.10/installation-guide/security-best-practices

https://docs.uipath.com/orchestrator/automation-cloud/latest/user-guide/robot-authentication-with-client-credentials

Cheers @ajay.malhi

1 Like

Thanks for your response! Do you know what this protocol is called that you just described? A question from the client would be:

  1. For example with SSH the Private Secret key is kept on the machine itself. The protocol described above keeps the Client Secret in the robot’s configuration. What is the robot’s configuration and where is this stored?
  2. How do machine objects play a role in connecting to machines?

Thanks you!

1 Like

Let’s go one by one

The protocol that I described is called the Client Credentials authentication method. It is a two-factor authentication method that uses a client secret and a machine key to authenticate the robot.

The robot’s configuration is a file that contains information about the robot, such as its name, description, and authentication credentials. The robot’s configuration is stored on the same machine as the robot.

Machine objects are used to represent the machines that robots connect to. Machine objects contain information about the machine, such as its name, IP address, and operating system.

When a robot connects to a machine, it uses the machine object to identify the machine. The machine object also contains information about the authentication credentials that the robot needs to use to connect to the machine.

To create a machine object, you can use the UiPath Orchestrator Administrator Console. Once you have created a machine object, you can assign it to robots.

Hope it’s clarified

Cheers @ajay.malhi

Thank you for your response @Palaniyappan! Very helpful information. I can take this back to our client. Is there a way to find the robot configuration file on the machine?

Thank you!

1 Like

You can fine the complete details here in settings file

Hope it’s now clarified

If yes

Cheers @ajay.malhi

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.