UiPath-Beyond Trust Credential Store Plugin

UiPath-Beyond Trust credential store plugin details.

General Concepts:

  • The purpose of a UiPath Orchestrator Credential Store is to save Robot / Asset credentials on an external platform, such as the BeyondInsight platform from BeyondTrust.
  • Inside Beyond Insight, a credential is stored as a Managed Account entity, which sits under a Managed System.
  • Typically, Managed Systems might host multiple Managed Accounts but a Managed Account will sit under only one Managed System. A Managed System can uniquely be identified by the System Name. A Managed Account can uniquely be identified by the Managed System that hosts it and by its Username (for Active Directory accounts, the User Principal Name).
  • Therefore, to uniquely find a particular account under a BeyondTrust instance, you will a Managed System Name + Managed Account Username combination


Single System Vs Dynamic System:

  • There are 2 ways to use this integration, depending on the setup. It is possible to use both, having multiple Credential Stores set up in the Orchestrator at the same time.

Single System:

  • The Single System setup assumes that all the Managed Accounts going to be used with the Orchestrator, are linked to the same Managed System.
  • In this scenario, specify the Managed System name upon initial setup, in the Credential Store configuration page (screenshots and detailed steps in the following pages).
  • Then, when setting up Credential Assets / Robot Credentials, under the “External Name” field, type only the Managed Account username, and the plugin will automatically match it using the Managed System name from the initial settings.

Dynamic System:

  • The Dynamic System setup should be used especially when the Managed Accounts going to be used with the Orchestrator are linked to different Managed Systems.
  • In this scenario, you can specify a Delimiter Character (E.g. “/“, “|”, “$”, “#”) upon initial setup, in the Credential Store configuration page (screenshots and detailed steps in the following pages).
  • Make sure to pick a character that is not found in the Managed System names or in the Managed Account usernames (E.g. “@“ is very likely to be found in Managed Account usernames so it should be avoided).
  • Then, when setting up Credential Assets / Robot Credentials, under the “External Name” field, type the Managed System name, followed by the Delimiter, followed by the Managed Account username, and the plugin will automatically use both to create the combination and find it in the Beyond Insight system. E.g. External name: “mySystem/a***ei.c*****a@uipath.com".
  • Only if sure that the Managed Accounts are going to be linked to the Orchestrator, all live under the same Managed System, go for the Single System version. Otherwise, go for Dynamic System.


Configuring the integration:

Follow the configuration steps under BeyondTrust integration and the options to configure it in Orchestrator under Managing Credential Stores -> BeyondTrust official documentation.