Comprehensive RPA platform governance and management have been a key focus for us here at UiPath from our first releases. Continuing this commitment, we introduce two new preview capabilities that deliver even better enterprise-scale TCO and compliance outcomes by more deeply integrating UIPath Automation Cloud™ with the core management technologies many of our customers are already using - Azure AD and OAuth 2.0. Our new previews offer:
- Comprehensive integration with Azure AD for Automation Cloud for enterprise customers, including rich user/group access management, automatic onboarding, and simplified sign-in
- Support for controllable, limited access to 3rd party apps with OAuth 2.0
Once you see the details below, we hope you’ll take advantage of the preview phase to try them out, and we welcome your feedback. Automation Cloud for enterprise customers can request access to one or both previews through the UiPath Insider Portal.
Both of these new capabilities are expected to finish preview and release in Q2.
Automation Cloud customers can already benefit from single sign-on with Azure AD when they invite new users, but many enterprise Organization administrators want the ability to scale user and access management to ensure compliance across all internal applications. With this preview, UiPath Automation Cloud for enterprise now enables enterprise-wide scalability and governance with Azure AD integration. if your organization is using Azure AD or Office 365, you can connect an Automation Cloud organization directly to your Azure AD tenant and realize the following additional benefits:
Automatic user onboarding with seamless migration
All users and groups from Azure AD are readily available for most Automation Cloud services to assign permissions, without the need to invite and manage Azure AD users in the Automation Cloud organization directory. This integration can be deployed in your organization in a staged fashion so users leveraging other sign in options will still be able to do so.
Simplified sign-in experience
Users do not have to accept an invitation by creating a UiPath user account to access the Automation Cloud organization. They will be able to sign in with their Azure AD connected account by selecting the Enterprise SSO option or using their organization specific URL cloud.uipath.com/organizationName. If the user is already signed into Azure AD/Office 365 they will not even be prompted to enter their credentials.
Scale governance and access management with existing Azure AD groups
Auditing Automation Cloud access is as simple as configuring permissions in Automation Cloud services using Azure AD groups and utilizing your existing validation processes with Azure AD group membership. This eliminates the need to configure permissions for each user separately in Automation Cloud services.
To set up the Azure AD integration, you need:
Admin permissions in both Automation Cloud and Azure AD (you can do it yourself, or get help from an administrator friend);
An Azure AD account for the Automation Cloud organization administrator, even a non-admin one;
UiPath Studio and Assistant version 20.10.3 or later;
UiPath Studio and Assistant to use the recommended deployment.
There are also known limitations that you should take into consideration:
Azure AD Guest users aren’t fully supported.
Action Center doesn’t support the Azure AD Integration
This feature is available for all enterprise trial customers today. If you are an existing enterprise customer and would like to add this preview, you can do that through the UiPath Insider Portal, then:
Learn more about the Azure AD Integration
Work with your Azure AD administrator to create an app registration for this integration
Follow the recommended deployment steps
Customers frequently have a need to enable users to authorize 3rd party apps with limited, controllable access to their resources within UiPath - without sharing any credentials. OAuth 2.0 is the industry standard for authorizing such requests from 3rd party apps. We built upon the support offered by Identity Server to integrate the OAuth feature directly into our offering.
Our implementation accepts the registration of both confidential and non-confidential applications, and differentiate between user scopes and application scopes. We have also implemented the correct grant type to complete the authorization flow, based on on the application type and scopes requested. Applications can request an access token (and, optionally, a refresh token) from our Identity Server, then use the token to access protected resources.
Community cloud and Enterprise trial users will find everything they need to manage this new capability in a new tab we’ve added to the Portal under the Admin settings named “External Applications”. Existing enterprise customers can elect to join this preview from the UiPath Insider Portal if they so wish.
We’re excited to bring you these new enterprise-ready governance capabilities to you. Thank you for trying them out in preview, giving us your feedback, and being a UiPath customer!