Can we use Group Managed Service Accounts (gMSA) to access Orchestrator & robots?
We cannot use Group Managed Service Accounts to access Orchestrator & Robots, due to below reasons -
- Interactive Logon isn’t allowed for gMSA.
- Their randomly generated passwords aren’t available either outside the AD.
Therefore they can’t connect to RDP session on log into some website such as Orchestrator.
They are made for Services, however Robot services can’t use it either.
Robot service must use Local System because impersonation role is needed while the service writes and secures packages access rights in Robot user profiles