- Getting started
- Best practices
- Tenant
- About the Tenant Context
- Searching for Resources in a Tenant
- Managing Robots
- Connecting Robots to Orchestrator
- Storing Robot Credentials in CyberArk
- Storing Unattended Robot Passwords in Azure Key Vault (read-only)
- Storing Unattended Robot Credentials in HashiCorp Vault (read-only)
- Deleting Disconnected and Unresponsive Unattended Sessions
- Robot Authentication
- Robot Authentication With Client Credentials
- SmartCard Authentication
- Audit
- Resource Catalog Service
- Folders Context
- Automations
- Processes
- Jobs
- Triggers
- Logs
- Monitoring
- Queues
- Assets
- Storage Buckets
- Orchestrator testing
- Other Configurations
- Integrations
- Classic Robots
- Host administration
- Organization administration
- Troubleshooting

Orchestrator user guide
Private Key Certificates
linkWhen configuring SAML 2.0 authentication, it is necessary to specify certain claims for the certificate provided by the identity provider. This is a step-by-step procedure on how to configure your Orchestrator instance to use a private key SAML certificate. The procedure begins with importing the certificate into the Windows Local Machine certificate store using Microsoft Management Console, and continues with the actual configuration steps required in Orchestrator/Identity Server.
Importing a Certificate in Windows
link- Go to Control Panel > Manage Computer Certificates. The console is displayed.
- In the Console Root window's left pane, expand the Trusted Root Certification Authorities folder and then select Certificates.
- Select Certificates and then select All Tasks > Import. The Certificate Import Wizard is displayed.
- Make sure that Local Machine is selected in the Store Location section. Select Next.
- Select Browse and select the certificate to upload.
- Repeat this process for the Console Root / Personal folder.
Setting Orchestrator/Identity Server to Use the Certificate
link- Once the upload is complete, the certificate should be displayed in the console.
- Select it. The Certificate dialog box is displayed.
- On the Details tab, scroll through the list of fields and select Thumbprint.
- Copy the hexadecimal characters from the box.
- Remove the spaces between the characters. For example, the thumbprint "a9 09 50 2d d8 2a e4 14 33 e6 f8 38 86 b0 0d 42 77
a3 2a 7b" should be specified as "a909502dd82ae41433e6f83886b00d4277a32a7b" in Identity Server's Saml2 settings within External Providers page.Note: When copied from the box on the Certificate window, the thumbprint contains several special characters that are only visible in ANSI encoding. Make sure to delete those using a suitable application such as Notepad++.
The following serves as an example of getting a thumbprint ready for Identity Server's Saml2 settings within External Providers page.
- Log in to the host Management portal as a system administrator.
- Select Security.Note: If you are still using the old Admin experience, go to Users instead of Security.
- Select Configure under SAML SSO:
The SAML SSO configuration page opens.
- Under the Signing Certificate section, set the following:
- Store name - select
My
- Store location - select
LocalMachine
- Thumbprint - enter the thumbprint value you've previously prepared.
- Store name - select
- Select Save at the bottom to save you changes and close the panel.
- Restart the IIS server.