Am I understanding correctly, that even though I have coupled the Azure Active directory now, I still have to add people manually?
When I add a colleague by creating an account with their email address, they are able to login to the orchestrator via SSO. I see that a ‘Directory user’ account type is created in my tenant.
So, the only thing that saves me time here is that I then won’t have to provide them with the password I created?
I am wondering, how can I add an existing Entra ID group? In our company the normal way is to add a group to a certain role, for example - the role DepartmentX contains the group DepartmentX_UiPath_Orchestrator_Testers. And then, new people will automatically be added to that group when they get assigned the role DepartmentX.
Can anybody provide me with some expertise on this part?
For licenses referred to as “named user” you still would need to manually allocate the license.
For everything else you should be able to just add your Entra ID groups to one or more of the groups you’ve created within the orchestrator itself.
Then when you add people to the Entra ID group the rest takes care of itself.
The WindowsAuth.Domain parameter is filled in with a valid domain. All domains and subdomains from forests 2-way trusted with the domain specified in the WindowsAuth.Domain parameter are available when adding users/groups.
The machine on which Orchestrator is installed is joined to the domain set in the WindowsAuth.Domain parameter. To check whether the device is joined to the domain, run the dsregcmd /status from the Command Prompt, and navigate to the Device State section.
The identity under which the Orchestrator application pool is running must be a part of the Windows Authorization Access group (WAA).
