- Getting started
- Notifications
- Flex licensing
- Troubleshooting
- Connector Builder
- Act! 365
- Active Directory - Preview
- ActiveCampaign
- Adobe Acrobat Sign
- Adobe PDF Services
- Amazon Bedrock
- Amazon Connect
- Amazon Polly
- Amazon SES
- Amazon Transcribe
- Amazon Web Services
- Anthropic Claude
- Asana
- AWeber
- Azure AI Document Intelligence
- Azure Maps
- BambooHR
- Box
- Brevo
- Calendly
- Campaign Monitor
- Cisco Webex Teams
- Citrix Hypervisor
- Citrix ShareFile
- Clearbit
- Confluence Cloud
- Constant Contact
- Coupa
- Customer.io
- Datadog
- DeepSeek
- Deputy
- DocuSign
- Drip
- Dropbox
- Dropbox Business (Legacy)
- Egnyte
- Eventbrite
- Exchange Server - Preview
- Exchangerates
- Expensify
- Facebook
- Freshbooks
- Freshdesk
- Freshsales
- Freshservice
- GetResponse
- GitHub
- Gmail
- Google Cloud Platform
- Google Docs
- Google Drive
- Google Forms
- Google Maps
- Google Sheets
- Google Speech-to-Text
- Google Tasks
- Google Text-to-Speech
- Google Vertex
- Google Vision
- Google Workspace
- GoToWebinar
- Greenhouse
- Hootsuite
- HTTP Webhook
- Hubspot CRM
- HubSpot Marketing
- HyperV - Preview
- Icertis
- iContact
- Insightly CRM
- Intercom
- Jina.ai
- Jira
- Keap
- Klaviyo
- LinkedIn
- Mail
- Mailchimp
- MailerLite
- Mailgun
- Mailjet
- Marketo
- Microsoft 365
- Microsoft Azure
- Microsoft Azure Active Directory
- Microsoft Azure OpenAI
- Microsoft Dynamics 365 CRM
- Microsoft OneDrive & Sharepoint
- Microsoft Outlook 365
- Microsoft Sentiment
- Microsoft Teams
- Microsoft Translator
- Microsoft Vision
- Miro
- NetIQ eDirectory
- Okta
- OpenAI
- OpenAI V1 Compliant LLM
- Oracle Eloqua
- Oracle NetSuite
- PagerDuty
- PayPal
- PDFMonkey
- Perplexity
- Pinecone
- Pipedrive
- QuickBooksOnline
- Quip
- Salesforce
- Salesforce Marketing Cloud
- SAP BAPI
- SAP Cloud for Customer
- SAP Concur
- SAP OData
- SendGrid
- ServiceNow
- Shopify
- Slack
- SmartRecruiters
- Smartsheet
- Snowflake
- Stripe
- Sugar Enterprise
- Sugar Professional
- Sugar Sell
- Sugar Serve
- System Center - Preview
- TangoCard
- Todoist
- Trello
- Twilio
- UiPath GenAI Activities
- HTTP
- UiPath Orchestrator
- VMware ESXi vSphere
- watsonx.ai
- WhatsApp Business
- WooCommerce
- Workable
- Workday
- Workday REST
- X (formerly Twitter)
- Xero
- YouTube
- Zendesk
- Zoho Campaigns
- Zoho Desk
- Zoho Mail
- Zoom
- ZoomInfo
Integration Service user guide
Connections
About connections
Connections help in establishing tasks between single users and external applications. The connections are created once users authenticate with an API Provider.
Prerequisites
Before you can use connections, make sure the following conditions are met:
- Integration Service is enabled and provisioned for your tenant.
- Users who work with connections have the necessary permissions in Orchestrator. To create a connection, a user must have the Connections - Create permission in the target folder. For more information on permissions, see Configuring access for accounts in the Orchestrator user guide.
Creating a connection
- Access Automation Suite.
- On the left-side menu, select Integration Service. The Integration Service windows includes three separate tabs: Connectors, Connections, and Triggers. By default, the Connectors tab is selected. Only the connectors installed in your on-premises environment are displayed.
- In the My Folders section you can select whether you want to work in your personal workspace, or in a shared folder, where created connections can be used by all users that have access to this folder.
- Select the desired Connector to create a new connection or update an existing one.
- Select Connect to <connector name>. Depending on the connector you have chosen, the specific credentials required for your connections are requested.
Shared connections
When a connection is created in a shared folder, all users with access to that folder can use the connection in their automation workflows. The connection can be edited by all users with access to it.
All the Integration Service connectors support connection sharing and configuration at run time. For more information on configuring connections at run time, refer to the Orchestrator User Guide.
Modifying connections
- From the left rail, select Integration Service. The Integration Service window includes three separate tabs: Connectors, Connections and Triggers.
- Select the Folder you want to modify the connection in.
Note:
The folder you want to create the connection in can also be selected after step 4.
- Go to the Connections tab, where the list of created connections is displayed.
- Select the More button corresponding to the desired connection to modify it. You can perform the following actions:
- Delete the connection.
- Set it as default (this option is only available if you have several connections established for the same application.
- Check the connection to verify its status.
Renaming connections
To rename a connection, you have to:
- Access the Connections tab.
- On the left-side menu, select Integration Service. The Integration Service window includes separate tabs for Connectors, Connections and Triggers, along with a left navigation window displaying the folders.
- Select the Folder you want to modify the connection in.
Note:
The folder can be selected after step 4.
- Go to the Connections tab, where the list of created connections is displayed.
- Hover with the mouse cursor over the name of the connection you wish to modify. The Edit button is displayed.
Note:
Alternatively, you can select your connection from the list to access the detailed view. The Edit button is located on the right side of your connection name.
- Select the Edit button and you can choose a new name for your connection.
Selecting the authentication type
Some connectors in Integration Service support multiple authentication methods. You can select your preferred method before initiating a connection.
- In Integration Service, from the Connectors list, select a supported connector.
- Select Connect to <connector name> to go to the connection setup page.
- Use the Folder in which connection is stored dropdown to choose the appropriate folder (e.g., My Workspace).
- Use the Authentication Type dropdown to select from the available options, such as:
- OAuth 2.0 Authorization code
- OAuth 2.0 Password
- Bring your own OAuth 2.0 app
- Personal Access Token (PAT)
Note:Available options may vary depending on the connector.
- Enter the required credentials for your selected authentication type, then select Connect to establish the connection.
Bring your own OAuth 2.0 app
UiPath Integration Service offers a Bring your own OAuth 2.0 app (BYOA) model that allows enterprises to connect using their own OAuth 2.0 applications instead of the default UiPath-registered public OAuth app.
UiPath registers and maintains OAuth 2.0 apps on vendor developer portals for the majority of connectors (for example, Microsoft, Google, Salesforce, Atlassian Jira, etc.). In most cases, these apps come with predefined scopes and are managed entirely by UiPath.
However, some organizations may have strict IT, security, or compliance policies that prevent them from using external app registrations. In such cases, BYOA enables customers to use their own Client ID and Client Secret to authenticate and authorize Integration Service connections.
When using Integration Service in an on-premises environment, if you are required to authenticate using a Client ID and Secret, you must create your own OAuth 2.0 application, similar to the Bring your own OAuth 2.0 app option.
Common scenarios for when to use BYOA
Use BYOA when:
- The application supports the OAuth 2.0 Authorization code grant authentication type. Other OAuth 2.0 types cannot be used under BYOA.
- Your enterprise requires that all third-party integrations use internally managed OAuth apps.
- You need to add or modify scopes that are not part of UiPath’s default registered app.
- Your organization’s security or compliance policies prohibit shared app usage.
- You want to control the OAuth app lifecycle, including rotation of secrets.
UiPath’s public OAuth apps use fixed scopes and cannot be modified per customer request. If you require additional scopes, BYOA is the correct option.
How BYOA works
When creating a connection in Integration Service, you can select Bring your own OAuth 2.0 app as the authentication type.
This allows you to enter:
- Client ID and Client Secret - Credentials obtained from your app registration in the vendor’s developer portal.
- Scopes - Permissions required by the connector.
- Redirect URI - Non-editable callback URL (
https://{yourDomain}/provisioning_/callbackfor Automation Suite). This is the callback URL that Integration Service uses to complete the OAuth flow.
Integration Service uses your credentials to perform the OAuth flow and securely stores the resulting access and refresh tokens.
Configuring a BYOA connection
Step 1: Register an OAuth App on the vendor portal
Create an OAuth 2.0 app in the vendor’s developer portal (for example, Salesforce, Microsoft, Jira or Google). During registration:
- Set the redirect/callback URI to
https://{yourDomain}/provisioning_/callback. - Add the required scopes (see connector-specific documentation for mandatory scopes).
- Ensure the vendor supports the grant type required by the connector (Authorization Code Grant).
Step 2: Create a connection in Integration Service
-
In Integration Service, from the Connectors list, select the desired connector, and then click Connect to open the connection creation page.
-
If multiple authentication types are available, select the authentication type Bring your own OAuth 2.0 app.
-
Enter the following details from your registered app:
- Client ID
- Client Secret
- Scopes (select from existing or type them manually)
Note:Many vendors (Atlassian Jira, Coupa, etc.) expect the same scopes are present in your app as well.
-
Follow the on-screen prompts to complete the OAuth consent flow by providing your username and password on the vendor’s login page.
-
Once authorized, the connection is securely stored and available to be used.
-
Integration Service takes care of periodically refreshing the access token.
Step 3: Verify mandatory scopes
Each connector has mandatory scopes required for its activities and triggers.
If your BYOA app does not include these scopes, connection creation will fail, or certain actions may not work as expected.
Refer to the connector’s documentation to confirm the list of mandatory scopes.
Best practices
- Use a dedicated enterprise app registration for UiPath Integration Service; avoid reusing app IDs from unrelated integrations.
- Include only the necessary scopes for least-privilege access.
- Keep client secrets rotated periodically and update them in Integration Service by editing connections.
- Document app ownership and ensure continuity if admins change.
- Verify redirect URIs exactly match the value displayed in Integration Service; mismatched URIs cause OAuth errors.
Security and maintenance
- BYOA credentials are encrypted and stored securely in UiPath Integration Service and never exposed in plain text.
- UiPath does not manage or monitor your custom app credentials or scopes.
- Secret rotation, app de-registration, or scope maintenance are the customer’s responsibility.
Common issues
The following table lists common issues encountered when using BYOA connections, along with their possible causes and resolutions.
| Issue | Possible Cause | Resolution |
|---|---|---|
| Invalid client or secret | Wrong client ID or secret. | Verify credentials from the vendor app registration. |
| Redirect URI mismatch | The redirect URI in the vendor app does not match UiPath’s value. | Update the redirect URI in the vendor app registration. |
| Insufficient scopes or Access denied | Missing mandatory scopes in vendor app. | Add required scopes and reauthorize. |
| Token expiring frequently | Vendor app configured with short-lived tokens. | Enable refresh tokens in the app or extend token validity. |
If your organization uses BYOA, you can set default values for these credentials through an Integration Service governance policy in Automation Ops. For more information, refer to Settings for Integration Service policies.
Troubleshooting connection issues
For information on how to fix common issues you might encounter when using connections, see Connections troubleshooting.
- About connections
- Prerequisites
- Creating a connection
- Shared connections
- Modifying connections
- Renaming connections
- Selecting the authentication type
- Bring your own OAuth 2.0 app
- Common scenarios for when to use BYOA
- How BYOA works
- Configuring a BYOA connection
- Best practices
- Security and maintenance
- Common issues
- Troubleshooting connection issues