Enable SSO in orchestrator 2021.10

Hello team,

Today i installed uipath Orchestrator v 2021.10 on-Premises, when i enabled the SSO ( like described in this link : Configuring SSO: Active Directory) i forgot to create an organization before configuring my active directory.
The problem is that when i type the link to orchestrator i have always this screen below and i cannot do a revert to access to the orechestrator :


Thank you for your help.

I saw something similar when I was testing a beta build before the final 21.10.0 release was made. I haven’t gotten back to testing it so cannot confirm the behavior for you at this time.

Have you attempted to click in the whitebox below the Choose an Organization? I seem to recall their was a rendering issue with the Default organization and/or there was a delay in populating the list. There were other visual issue in the beta builds when say managing users or logging into the Identity server and the top right menu would show “No valid tenant”, opening the menu and selecting an empty item would remove the “No valid tenant”.

When you are attempting to login are you logging into the base URL or Orchestrator, or Identity?

^ take my feedback with a grain of salt as I haven’t revisited the final and recent patch builds of 21.10 yet.

Hello @codemonkee,

Thank you for your reply.

I’m not using a version beta of orchestrator, and when i click in the white below choose an organization ni changes. When typing orchestrator url i’m automatically redirected to identity…

Hi!

When you created more than one organizations this screen will appears and asks you to choose the organization.

so in this case if you have already created the organization you can delete that and create new organization.

when we have only one organization we no need to choose/select the organization.

You can delete the organization Navigate to admin->Organization->Delete Organization

Regards,
NaNi

@THIRU_NANI,
Thank you for your reply.

I didn’t create another organization.

My problem is that im blocked in this screen and i don’t know how to navigate to other funtionnalities to dix this issue.

Hi!

So can we login to the cloud by using incognito or other browser? if still facing the same issue just hit back button you may navigate to the cloud.

else

contact cloud technical support

Regards,
NaNi

Yes, I was merely offering an observation that I’ve seen similar behavior before in the last version that I did test.

I’m gone ahead and Upgraded a sandbox instance of mine from 20.10 to 21.10.2. The instance already had Windows Authentication configured in Orchestrator and Identity prior to the upgrade.

Check your Traffic Inspector in your browser when attempting to login, there should be a request for https://<fqdn>/identity/ExternalIdentity/tenants that returns a list of Tenants. Confirm whether this endpoint is returning any results. If there is no Active Tenant I would expect it to return an HTTP 400 with a JSON payload containing an error.

Although UiPath has improved the AD caching of Groups and Users it can still sometimes be slow depending on your AD/Network configuraton, as such it might be delaying the listing of available tenants (Can review your Windows Event Logs on the Orchestrator host for any errors)

With a fresh install there are two tenants that are available one called “Host” which I wouldn’t expect to see listed in selection list and the other would be “Default”. If you are not seeing that try visiting https://<fqdn>/identity/management/authsettings directly to see if you can adjust your authentication settings, depending on how you setup user access.

  1. When you configured Active Directory did you also check “Force automatic login using this provider”?

If you do have it auto-signin, you can go into the Orchestrator database and modify the `AuthenticationScheme=Windows.Scheme record in the identity.ExternalIdentityProviders table and update the Field IsExclusive from True to False followed by a restart of your IIS Site.

After that visit https://fqdn/identity/admin you should be re-greeted with the basic login form which you can change the Organization from Default to Host and login using your Host Admin User to access the Identity Management Hub.

Keep in mind that there are two Admin users which are separate credentials. One is the Admin for the Host tenant and the other is Admin for the Default tenant.

image

Select Orchestrator App to be taken to the Host Tenant view, here you can review your available Tenants, Licenses and default settings that apply to new tenants or the host in general.

image

Let us know how you make out.

Some quick URL references

  • /host/
  • /identity/admin/hub/
  • /identity/management/

The Organization / Tenant select will display even if there is a single Tenant with External Authentication Providers when using an On-Prem installation of Orchestrator 2021.

If using Basic login / local account, you are not prompted, as the last selected Organization / Tenant is already selected which would be “Default” for a fresh installation.

Thank you this was the solution :
you can go into the Orchestrator database and modify the `AuthenticationScheme=Windows.Scheme record in the identity.ExternalIdentityProviders table and update the Field IsExclusive from True to False followed by a restart of your IIS Site.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.