UiPath Documentation
orchestrator
2020.10
false
  • Getting started
    • Introduction
    • Logging in to Orchestrator
    • Resetting Your Password
    • Robots
      • Robot Statuses
      • Robot Settings
  • Best practices
    • Organization Modeling in Orchestrator
    • Managing Large Deployments
    • Automation Best Practices
  • Tenant
    • About the Tenant Context
    • Robots
      • Managing Robots
      • Connecting Robots to Orchestrator
      • Setup Samples
      • Storing Robot Credentials in CyberArk
    • Folders
      • Managing Folders
      • Classic Folders Vs Modern Folders
      • Migrating From Classic Folders to Modern Folders
      • Administration of Modern Folders
      • Personal Workspaces
      • Managing Personal Workspaces
    • About Users
      • Managing Users
      • User Types
      • Field Descriptions
      • FAQ
    • Roles
      • Default Roles
      • Managing Roles
    • Machines
      • Managing Machines
    • Packages
      • Managing Packages
      • About Libraries
      • Managing Libraries
    • Audit
    • Credential Stores
      • Managing Credential Stores
      • CyberArk® Integration
      • CyberArk® CCP Integration
      • Azure Key Vault Integration
    • Webhooks
      • Types of Events
      • Managing Webhooks
    • About Licensing
      • Activating Your License
      • Managing Your Licenses
    • Alerts
      • Alert Emails
      • Setting Up Alert Emails
    • Settings
      • General Tab
      • Deployment Tab
      • Mail Tab
      • Security Tab
      • Scalability Tab
      • Non-Working Days Tab
  • Actions
    • About Actions
    • Managing Actions
  • Folders Context
    • About the Folders Context
    • Home
      • Overview
  • Automations
    • About Automations
  • Processes
    • About Processes
    • Managing Processes
    • About Recording
  • Jobs
    • About Jobs
    • Managing Jobs
    • Job States
  • Triggers
    • About Triggers
    • Managing Triggers
    • Using Cron Expressions
  • Logs
    • About Logs
    • Managing Logs in Orchestrator
    • Logging Levels
    • Orchestrator Logs
    • Protecting Sensitive Information in Studio
  • Monitoring
    • About Monitoring
    • Machines
    • Processes
    • Queues
    • Queues SLA
  • Queues
    • About Queues and Transactions
      • Queue Item Statuses
      • Business Exception Vs Application Exception
      • Studio Activities Used With Queues
    • Managing Queues in Orchestrator
    • Managing Queues in Studio
    • Managing Transactions
      • Editing Transactions
      • Field Descriptions for the Transactions .csv File
    • Review Requests
  • Assets
    • About Assets
    • Managing Assets in Orchestrator
    • Managing Assets in Studio
  • Storage Buckets
    • About Storage Buckets
      • CORS/CSP Configuration
    • Managing Storage Buckets
    • Moving Bucket Data Between Storage Providers
  • Orchestrator testing
    • Test Cases
      • Field Descriptions for the Test Cases Page
    • Test Sets
      • Field Descriptions for the Test Sets Page
    • Test Executions
      • Field Descriptions for the Test Executions Page
    • Test Schedules
      • Field Descriptions for the Test Schedules Page
    • Test Data Queues
      • Managing Test Data Queues in Orchestrator
      • Managing Test Data Queues in Studio
      • Field Descriptions for the Test Data Queues Page
      • Test Data Queue Activities
  • Action Catalogs
    • About Action Catalogs
    • Managing Action Catalogs
  • Profile
    • About the Profile Page
    • Managing Profile Settings
  • System Administrator
    • About System Administrators
    • Managing Tenants
    • Field Descriptions for the Host Settings Page
    • Maintenance Mode
  • Identity Server
    • About Identity Server
    • Identity Management Portal
    • External Identity Providers
      • Field Descriptions for External Providers Page
    • Installation Access Token
  • Authentication
    • Configuring the Active Directory Integration
    • Configuring SSO: SAML 2.0
      • ADFS Authentication
      • Google Authentication
      • OKTA Authentication
      • PingOne Authentication
      • Custom Mapping
      • Self-Signed Certificates
      • Private Key Certificates
    • Configuring SSO: Google
    • Configuring SSO: Azure Active Directory
    • SmartCard Authentication
    • Setting Up Auto Login for Users Under an Active Directory Group
    • Configuring the SMTP Server
    • Changing the Windows Authentication Protocol
  • Other Configurations
    • Increasing the Size Limit of Package Files
    • Opting Out of Telemetry
    • Setting up Encryption Key Per Tenant
    • GZIP Compression
  • Integrations
    • About Input and Output Arguments
      • Example of Using Input and Output Arguments
  • Classic Robots
    • Robots
      • Managing Robots
      • Robot Statuses
      • Setup Samples
    • Environments
      • Managing Environments
    • Jobs
    • Triggers
      • Time Triggers
        • Queued Jobs Scenarios
      • Queue Triggers
      • Non-Working Days
    • Monitoring
      • Robots
    • Resources
  • Troubleshooting
    • IE 11.0.9600.17031 Issues
    • Frequently Encountered Orchestrator Errors
    • Cron Expressions
    • Upgrade Issues
UiPath logo, featuring letters U and I in white
OUT OF SUPPORT

Orchestrator user guide

Last updated Jan 20, 2026

CyberArk® CCP Integration

The Central Credential Provider (CCP) is the agentless method used to integrate with CyberArk allowing UiPath to securely retrieve credentials from a vault without deploying an agent on the server. A client certificate is necessary to ensure secure retrieval of the credential.

Before you can begin to use CyberArk® CCP credential stores in Orchestrator, you must first set up the corresponding application and safe settings in the CyberArk® PVWA (Password Vault Web Access) interface.

Prerequisites

  • A network that allows for interconnectivity between the Orchestrator machines and the CyberArk server.
  • CyberArk® Central Credential Provider must be installed on a machine that allows HTTPS connections.
  • CyberArk® Enterprise Password Vault

For more information about installing and configuring CyberArk® applications, please visit their official page.

Configuring the Integration

From the CyberArk® PVWA, you must perform the following steps:

  1. Create an application for your Orchestrator instance and add client certificates;
  2. Create a Safe and add members to it to ensure proper permissions.

Creating an Orchestrator Application

  1. In CyberArk®’s PVWA, log in with a user that has permissions to manage applications (it requires Manage Users authorization).
  2. In the Applications tab, click Add Application. The Add Application window is displayed.


  3. On the Add Application window, specify the following information:
    • Name field - a custom name for the application, such as Orchestrator.
    • Description - a short description to help you specify the purpose of the new application.

    • Location - the path of the application within the Vault hierarchy. If a location is not specified, the application is added in the same location as the user who is creating this application.



  4. Click Add. The application is added, and its details are displayed on the Application Details page.
  5. Select the Allow extended authentication restrictions checkbox.

    Supported authentication methods:

    • Allowed machines
    • OS User
    • Client Certificates
  6. Configure the authentication method. For example, in the Authentication tab, click Add > Certificate Serial Number, and add the unique identifier of the client certificate, used to authenticate the requesting application against CCP.


Creating an Orchestrator Safe

Safes are required to help you better manage your accounts. Also, you can add safe members to ensure proper authorization. CyberArk® recommends adding a credential provider (a user with full rights over the credentials can add and manage them) and the previously created application as safe members. The latter enables Orchestrator to find and retrieve the passwords stored in the safe.

  1. In the Policies tab, under the Access Control (Safes) section, click Add Safe. The Add Safe page is displayed.


  2. Fill in the Safe Name field and Description fields.
  3. Click Save. The Safe Details window is displayed.


  4. In the Members section, click Add Member. The Add Safe Member window is displayed.


  5. Search for the previously created application (steps 2-6), and select the following permissions for it:
    • View Safe Members
    • Retrieve accounts
    • List accounts

    • Access Safe without Confirmation - Only if you are using a dual control environment and a v7.2 or lower PIM-PSM.

      If you install multiple credential providers for this integration, it is recommended to create a group for them, and add the group to the Safe once with the above authorization.



  6. Click Add. Your integration is complete and you can begin provisioning CyberArk® credential stores in Orchestrator. For details on storing Robot credentials, see here.
  • Prerequisites
  • Configuring the Integration
  • Creating an Orchestrator Application
  • Creating an Orchestrator Safe

Was this page helpful?

Connect

Need help? Support

Want to learn? UiPath Academy

Have questions? UiPath Forum

Stay updated