Windows Authentication

After following all steps presented here: https://docs.uipath.com/orchestrator/docs/configuring-sso-active-directory
I managed to get the Windows Authentication Button but when I enter AD credentials I get to this page that does nothing:


What am I missing?

Hi,

Did you restart after AD configuration in the IIS. If not please restart IIS server and also restart your machine.

As per the screenshot you are running orch main url not with the organisation name in it.

If we open orch url eg: https://cloud.uipath.com it will ask for choose to organisation to proceed further. If we launch with organisation like UiPath it will take you to orchestrator page.

Did you already created organisation in your orchestrator.

Try above steps and see you are able to access. Thanks.

Hi, thanks for the reply. Let me add a few details.
I am logged as Administrator on the domain controller where I have ISS and the Orchestrator web application installed.
Here is the login page:


Even if I want to go to win-ho2kte21f7u.tib.local/default it goes to identity/…
When I press the “WindowsAuth” button is asking for credentials:
image
If I enter credentials it reaches the page I listed in the 1st post. If is was OK it shouldn’t be asking for credentials, no?
I don’t know, something is not right. Maybe I need to to something about the administrator account in the AD?
And one more thing. If I’m logged with Organization “Host” I don’t see seetting regarding Organization… just these:
image

Got it. since it is SSO it should not ask for the below page for sure.

i sense you have done correct AD configuration but there should be some security policies or network gateway it is considering the Uipath orch as external application in your network since it is asking credentials for one more time even it is using SSO. i have faced the same issue earlier and it is resolved by the IT admin in our organisation. thanks.

1 Like

As it is prompting you for credentials and presumably when you enter them you are granted access to your Orchestrator, than you Windows Authentication in Orchestrator is configured correctly.

The reason you are prompted is because between the Client Browser and your Server it is unable to authenticate with the NTLM Token / Kerberos Ticket during the authentication handshake, which most likely your Client Browser is not providing as it is probably not treating your URL/Host as a trusted site.

There are a number of settings that can affect this from your Internet Options that affect Edge, IE, Chrome, etc. to Local and Group Policies enforced locally on the host or by your domain.

One quick setting to check is in your Internet Options / Properties → Security Tab → Local Intranet or Trusted Sites → Add your site to the list. From there go in the Custom Level for your desired zone, scroll to the button and you’ll find a User Authentication section and double check that it is configured to Automatically login.

In addition to the above check under the Advanced Tab and scroll down about half way looking for Enable Integrated Windows Authentication under the Security section is enabled.

^^ If the above works for you, then you need to work with whomever look after your network and policies to make the necisarry adjustments company wide. as you are using a .local I assume it’s simply a matter of using a DNS record that is part of your trusted domain.

Another side note, Using Windows Authentication with Identity Server is only half of the configuration. If you plan on referencing Domain Users or Groups, you’ll need to be sure to configure Windows Authentication in the Orchestrator Configuration File as well, linke to details below.

1 Like

Hey,
to avoid asking for credentials you have to enable SSO.
Choose an organization it means to which tenant you want to connect. Do you have more that one tenant ?
You can verify if you have created tenants and if account has access to them.

1 Like

Thanks for all the suggestions. I tried everything. I reinstalled Orchestrator countless times. Still I can’t get passed the “Choose an organization” page with no option to choose from. I still don’t know if I properly provision the AD user to Orchestrator since I can’t find a field for the domain name when creating a new user…

The error from Event Viewer is this (one of them)


But the database works, i can login as I please but not with Windows Authentication.

I have found the solution! I will edit this post a little bit later when I will find some free time because it deserves an elaborate conclusion. Of course the solution was simple but the struggle…

Anyway, for now, I will post this real quick so that the kind forum members don’t bother with my problem anymore. Be right back!

LATER EDIT:

So the problem was as I suspected in the last post with provisioning the AD user.
First there has to be a FOLDER (this ever changing Ochestrator software…) where you can add the AD user from “Assign Account/Group” option.

This has nothing to do with the usual “Add user” option from users management:

With “Assign Account/Group” option you can find the AD user and provision it to the Folder:
image

After that the “Choose an Organization” page displays options for Organization:
image

GREAT SUCCES! :smiley:

4 Likes

Glad to hear that you have resolved the issue related to AD configuration. Really appreciate it would really helpful for others who are facing this issue. i think lot of forum members are facing this issue. thanks.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.