Automation Cloud(tm) Previews: Azure AD Integration for enterprise and OAuth 2.0 for 3rd party apps

Comprehensive RPA platform governance and management have been a key focus for us here at UiPath from our first releases. Continuing this commitment, we introduce two new preview capabilities that deliver even better enterprise-scale TCO and compliance outcomes by more deeply integrating UIPath Automation Cloud™ with the core management technologies many of our customers are already using - Azure AD and OAuth 2.0. Our new previews offer:

  • Comprehensive integration with Azure AD for Automation Cloud for enterprise customers, including rich user/group access management, automatic onboarding, and simplified sign-in
  • Support for controllable, limited access to 3rd party apps with OAuth 2.0

Once you see the details below, we hope you’ll take advantage of the preview phase to try them out, and we welcome your feedback. Automation Cloud for enterprise customers can request access to one or both previews through the UiPath Insider Portal.

3rd party OAuth 2.0 (preview) is also now live in Automation Cloud for community, and both previews are included in the Automation Cloud for enterprise trial.

Both of these new capabilities are expected to finish preview and release in Q2.

Azure AD Integration

Automation Cloud customers can already benefit from single sign-on with Azure AD when they invite new users, but many enterprise Organization administrators want the ability to scale user and access management to ensure compliance across all internal applications. With this preview, UiPath Automation Cloud for enterprise now enables enterprise-wide scalability and governance with Azure AD integration. if your organization is using Azure AD or Office 365, you can connect an Automation Cloud organization directly to your Azure AD tenant and realize the following additional benefits:

Automatic user onboarding with seamless migration

All users and groups from Azure AD are readily available for most Automation Cloud services to assign permissions, without the need to invite and manage Azure AD users in the Automation Cloud organization directory. This integration can be deployed in your organization in a staged fashion so users leveraging other sign in options will still be able to do so.

Simplified sign-in experience

Users do not have to accept an invitation by creating a UiPath user account to access the Automation Cloud organization. They will be able to sign in with their Azure AD connected account by selecting the Enterprise SSO option or using their organization specific URL cloud.uipath.com/organizationName. If the user is already signed into Azure AD/Office 365 they will not even be prompted to enter their credentials.

Scale governance and access management with existing Azure AD groups

Auditing Automation Cloud access is as simple as configuring permissions in Automation Cloud services using Azure AD groups and utilizing your existing validation processes with Azure AD group membership. This eliminates the need to configure permissions for each user separately in Automation Cloud services.

Pre-requisites

To set up the Azure AD integration, you need:

Admin permissions in both Automation Cloud and Azure AD (you can do it yourself, or get help from an administrator friend);

An Azure AD account for the Automation Cloud organization administrator, even a non-admin one;

UiPath Studio and Assistant version 20.10.3 or later;

UiPath Studio and Assistant to use the recommended deployment.

There are also known limitations that you should take into consideration:

Azure AD Guest users aren’t fully supported.

Action Center doesn’t support the Azure AD Integration

Getting Started

This feature is available for all enterprise trial customers today. If you are an existing enterprise customer and would like to add this preview, you can do that through the UiPath Insider Portal, then:

Learn more about the Azure AD Integration

Work with your Azure AD administrator to create an app registration for this integration

Follow the recommended deployment steps

OAuth 2.0 for 3rd-party apps

Customers frequently have a need to enable users to authorize 3rd party apps with limited, controllable access to their resources within UiPath - without sharing any credentials. OAuth 2.0 is the industry standard for authorizing such requests from 3rd party apps. We built upon the support offered by Identity Server to integrate the OAuth feature directly into our offering.

Our implementation accepts the registration of both confidential and non-confidential applications, and differentiate between user scopes and application scopes. We have also implemented the correct grant type to complete the authorization flow, based on on the application type and scopes requested. Applications can request an access token (and, optionally, a refresh token) from our Identity Server, then use the token to access protected resources.

Community cloud and Enterprise trial users will find everything they need to manage this new capability in a new tab we’ve added to the Portal under the Admin settings named “External Applications”. Existing enterprise customers can elect to join this preview from the UiPath Insider Portal if they so wish.

We’re excited to bring you these new enterprise-ready governance capabilities to you. Thank you for trying them out in preview, giving us your feedback, and being a UiPath customer!

4 Likes

unable to work on oauth 2.0 as its throwing exception,

Documentation provided is not sufficient and how to use guide is not updated properly Please create a stepby step guide

Hi @Vajrang

Could you please share more details (the errors that you are getting)?

I have added external application to UiPath orchestrator, and used same in Custom Connector for MicrosoftFlow, and even to call it in Postman, proper documentation is not available on how to work.

@Vajrang can you elaborate more on what your goal is with this external application?

i want to call orchestrator api using custom connector in Microsoft power flow

I was able to build a simple Cloud OR get users custom connector in Microsoft Power Automate.

Client Id = Automation Cloud External application’s app ID

Client secret = Automation Cloud External application’s app secret

Authorization URL = https://cloud.uipath.com/identity_/connect/authorize

Token URL = https://cloud.uipath.com/identity_/connect/token

Refresh URL = https://cloud.uipath.com/identity_/connect/token

Scope = Are the scopes you require

The information is available here: Accessing UiPath Resources Using External Applications

1 Like

Thanks for your response, which type of application have you used and why

6805496F1BE742B08F6F81E043D880BA.png

and this is what i am getting while i try to authorize with auth2.0
image

I used a confidential application because Power Apps can safely store the client secret as documented here: About Authorizing External Applications (uipath.com)

After creating the connector you will notice that PowerApps provides a redirect URL for the app. For example for my app they provided me with this URL: https://global.consent.azure-apim.net/redirect

You have to make sure that your Automation Cloud External App registration has configured this redirect URL that PowerApps provides.

When are you getting this error? I noticed that the Swagger Editor doesn’t really work because you have a define a different redirect URL, and Automation Cloud currently doesn’t support multiple redirect URLs.

I am not sure can we connect, please help me to resolving this issue

@Vajrang can you share more details on the problems you are facing? I am not sure where you are stuck.