Disable Orchestrator App login aka Basic Auth (hosted as App Service Azure)

Hi,

Is there a way to disable uiPath Orchestrator login, and only show the SSO part of the login screen?

I’m running uiPath via the App Service in Azure
Version: 2020.10.8

Yes, I do understand this will be create an issue for how to make changes to the “host” tenant, which doesn’t provide SSO login at all, but for this Use Case we plan to setup an extra Orchestrator server that we can start temporary.

/DJ

1 Like

Hello @david.jonsson!

It seems that you have trouble getting an answer to your question in the first 24 hours.
Let us give you a few hints and helpful links.

First, make sure you browsed through our Forum FAQ Beginner’s Guide. It will teach you what should be included in your topic.

You can check out some of our resources directly, see below:

  1. Always search first. It is the best way to quickly find your answer. Check out the image icon for that.
    Clicking the options button will let you set more specific topic search filters, i.e. only the ones with a solution.

  2. Topic that contains most common solutions with example project files can be found here.

  3. Read our official documentation where you can find a lot of information and instructions about each of our products:

  4. Watch the videos on our official YouTube channel for more visual tutorials.

  5. Meet us and our users on our Community Slack and ask your question there.

Hopefully this will let you easily find the solution/information you need. Once you have it, we would be happy if you could share your findings here and mark it as a solution. This will help other users find it in the future.

Thank you for helping us build our UiPath Community!

Cheers from your friendly
Forum_Staff

Not possible to hide this region but you can disable the native authentication and keep only SSO enabled, with an option to keep native auth enabled for host admin.

Please set below two properties in UiPath.Orchestrator.dll.config and reset the IIS -

<add key="Auth.RestrictBasicAuthentication" value="true" />
<add key="Auth.EnableBasicAuthenticationForHostTenant" value="true" />

Thanks Anuj,
but Sorry that didn’t work.

uiPath support first came back with a very similar solution edit: appsetting.Production.json in the Identity Server

However, they then sent another email and took that statement back with the folling explanation:

I have checked with the dedicated team and they informed me that “Auth.RestrictBasicAuthentication” - Enables you to configure if a user can make an authenticated API request to an Orchestrator instance using basic authentication credentials. But making the login fields disappear is only possible through editing the branding and setting some display none here and there.

Currently I have both custom changes added,
appsetting.Production.json:
“SigningCredentialSettings”: {
“RestrictBasicAuthentication”: true,
“EnableBasicAuthenticationForHostTenant”: false
}

UiPath.Orchestrator.dll.config
add key=“Auth.RestrictBasicAuthentication” value=“true”
add key=“Auth.EnableBasicAuthenticationForHostTenant” value=“false”

… but I’m still able to login with my uiPath login.

David,
These properties work fine in our environment. You may work with UiPath tech support to understand whether you have added these properties correctly. Hope you had reset the IIS server after adding these properties in UiPath.Orchestrator.dll.config

FYI, there is NO change needed in appsetting.Production.json

Thanks Anuj,

Yes, restarted the App Service.
I got several people involved from uiPath support but no solid answer yet.

What version are you on?

I’m running the Marketplace deployment in Azure. currently at 2020.10.8

Weird. For us it worked without any fuss. We are also on release 2020.10.8 as of now, deployed manually on OCI, non-HA. Are you running single server or HA?

Single node
Will try redeploy it

I forgot to mention that after setting above properties, a new option will appear under User profile in Orchestrator called - Always allow basic authentication for this user

For all existing Orchestrator users, by default this option will be enabled so you may need to manually update existing user profiles to disable this option (after setting above mentioned properties).

For all new users which you will create after setting above properties, by default this option will be disabled however you can enable it, if needed.

Thanks again Anuj for your tips and efforts!

but Sorry no, something seems to be different with a headless Orchestrator setup on App Services in MS Azure.

I now started to doubt if the UiPath.Orchestrator.dll.config file was used at all, but yes it is.
Made it invalid XML and the App crashed (as expected)

I can confirm the Toggle shows and disappears as I add the custom config tag:


Default config settings


image

My problems is still the same, regardless if I enable that feature AND leave the user setting as unticked (to force SSO via an external IdP), I’m still able to login using uiPath username + password.

Could this be related to how Windows Auth is configured?
note: With an App Service in Azure there is no such thing as Active Directory and Domains

hi,

I finally got a confirmation from uiPath support!
For the PaaS deployment - you can’t use the “appsetting.Production.json”, instead you have to enter the custom AppSettings values into: “appsetting.json”.

  1. Edit the json
    At Identity Server:
    /site/wwwroot/UiPath.IdentityServer.Web/appsettings.json

Add this to the “AppSettings” section:

RestrictBasicAuthentication: true
EnableBasicAuthenticationForHostTenant: false

e.g
“AppSettings”: {
“RestrictBasicAuthentication”: true,
“EnableBasicAuthenticationForHostTenant”: false,
“IncludeGroupsInWindowsAuthentication”: false,
“EnablePII”: false,
“UseTicketStore”: true,
“IdentityServerAddress”: “https://localhost:44351/identity
}

  1. Restart your Identity Server App Service

  2. Try login
    You should now see this:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.