- Getting started
- Data security and compliance
- Organizations
- Authentication and security
- Licensing
- About licensing
- Unified Pricing: Licensing plan framework
- Activating your Enterprise license
- Migrate from Test Suite to Test Cloud
- License migration
- Assigning licenses to tenants
- Assigning user licenses
- Deallocating user licenses
- Monitoring license allocation
- License overallocation
- Licensing notifications
- User license management
- Tenants and services
- Accounts and roles
- AI Trust Layer
- External applications
- Managing external OAuth applications
- Configuring fine-grained access for confidential apps
- Managing federated identity credentials
- App registrations
- Personal Access Tokens
- Notifications
- Logging
- Testing in your organization
- Troubleshooting
- Migrating to Test Cloud
Test Cloud admin guide
Managing federated identity credentials
As an organization administrator, you can register, view, update, and delete federated credentials for an OAuth external application.
Prerequisites
- You are an organization administrator.
- The OAuth external application is already registered. To register one, see Managing external OAuth applications.
Register a federated credential
To add a federated credential to an existing OAuth external application, use the Create a federated credential API.
Each application supports a maximum of 20 federated credentials.
View existing credentials
To retrieve the federated credentials registered for an application, use the List federated credentials API.
Update a federated credential
To update a federated credential, use the Update a federated credential API.
Delete a federated credential
Deletion is permanent. After deletion, the credential can no longer be used to acquire new access tokens. Access tokens already issued before deletion remain valid until they expire.
To delete a federated credential, use the Delete a federated credential API.
Obtain an access token using a federated credential
After registering a federated credential, an application obtains a UiPath access token by presenting a JWT from the configured identity provider as a client_assertion.
Replace {accessURL} with the base URL for your cloud platform:
| Cloud platform | Access URL |
|---|---|
| Automation Cloud | https://cloud.uipath.com |
| Test Cloud Public Sector | https://govcloud.uipath.us |
| Automation Cloud Dedicated | https://{customURL}.dedicated.uipath.com |
curl --location '{accessURL}/identity_/connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id={CLIENT_ID}' \
--data-urlencode 'client_assertion={JWT_TOKEN}' \
--data-urlencode 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer'
curl --location '{accessURL}/identity_/connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id={CLIENT_ID}' \
--data-urlencode 'client_assertion={JWT_TOKEN}' \
--data-urlencode 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer'
| Parameter | Description |
|---|---|
grant_type | Must be client_credentials. |
client_id | The client ID of the registered OAuth external application. |
client_assertion | The JWT issued by your external identity provider. |
client_assertion_type | Must be urn:ietf:params:oauth:client-assertion-type:jwt-bearer. |
On success, the endpoint returns a UiPath access token you can use to call UiPath APIs.
For the full API reference for managing federated credentials programmatically, see External client — Federated credentials API.