- Getting started
- Best practices
- Tenant
- Actions
- Folders Context
- Automations
- Processes
- Jobs
- Triggers
- Logs
- Monitoring
- Queues
- Assets
- Storage Buckets
- Test Suite - Orchestrator
- Action Catalogs
- Profile
- System Administrator
- Identity Server
- Authentication
- Other Configurations
- Integrations
- Classic Robots
- Troubleshooting

Orchestrator User Guide
web.config
and UiPath.Orchestrator.dll.config
files don't need to be changed to perform external identity provider configurations. Note that users are created within Identity
Server's database.
If you are updating Orchestrator to v2020 and you've previously enabled any external identity provider authentication, there are a series of manual configurations to be performed at the external identity provider level. Previously created users are propagated to the Identity Server database.
Google OpenID Connect
This section empowers you to set the parameters that allow Orchestrator/Identity Server to use Google OpenID Connect authentication.
Here's an example of such a setup:
Before performing any settings in this page, make sure that you've configured Google to recognize your Orchestrator instance.
Follow the steps here to instruct Identity Server to use Google OpenID Connect authentication.
Windows
This section empowers you to set the parameters that allow Orchestrator/Identity Server to use Windows authentication.
Here's an example of such a setup:
Follow the instructions on this page to enable Windows authentication.
Azure AD
This section empowers you to set the parameters that allow Orchestrator/Identity Server to use Azure AD authentication.
Here's an example of such a setup:
Before performing any settings in this page, make sure that you've configured Azure AD to recognize your Orchestrator instance.
Follow the steps here to instruct Identity Server to use Azure AD authentication.
SAML
This section empowers you to set the parameters that allow Orchestrator/Identity Server to use single sign-on authentication using SAML 2.0.
You can find examples of such setups for the following external identity providers:
ADFS Authentication Using SAML 2.0
Before performing any settings in this page, make sure that you've configured ADFS to recognize your Orchestrator instance.
Follow the steps here to instruct Identity Server to use ADFS authentication.
Google Authentication Using SAML 2.0
Before performing any settings on this page, make sure that you've configured Google to recognize your Orchestrator instance.
Follow the steps here to instruct Identity Server to use Google SAML 2.0 authentication.
OKTA Authentication Using SAML 2.0
Before performing any settings on this page, make sure that you've configured OKTA to recognize your Orchestrator instance.
Follow the steps here to instruct Identity Server to use OKTA authentication.
web.config
into Identity Server, along with all the existing users. However, some manual changes are required on your part; otherwise,
the authentication will not work.
Here are the general actions you need to perform:
- Go to the actual external provider's location.
- Modify the Return URL by adding
/identity
after your Orchestrator URL. - Save the changes.
Read on for guidance on the actions needed for specific external identity providers.
https://cloud.uipath.com
with the URL of your Orchestrator instance.
Google OpenID Connect Authentication
If you've previously configured Google to recognize a new Orchestrator instance, then you need to perform these steps:
Windows Authentication
If you've previously enabled Windows authentication, then no further manual actions are required on your part.
Azure AD Authentication
If you've previously configured Azure AD to recognize a new Orchestrator instance, then you need to perform these steps:
SAML2 Authentication
ADFS
If you've previously configured ADFS to recognize a new Orchestrator instance, then you need to perform these steps:
If you've previously configured Google to recognize a new Orchestrator instance, then you need to perform these steps:
OKTA
If you've previously configured OKTA to recognize a new Orchestrator instance, then you need to perform these steps:
- External Identity Providers
- Managing External Identity Providers Settings
- Google OpenID Connect
- Windows
- Azure AD
- SAML
- ADFS Authentication Using SAML 2.0
- Google Authentication Using SAML 2.0
- OKTA Authentication Using SAML 2.0
- Manual Configurations on Orchestrator Update
- Google OpenID Connect Authentication
- Windows Authentication
- Azure AD Authentication
- SAML2 Authentication
- ADFS
- OKTA