- Getting started
- Best practices
- Tenant
- About the Tenant Context
- Searching for Resources in a Tenant
- Managing Robots
- Connecting Robots to Orchestrator
- Storing Robot Credentials in CyberArk
- Storing Unattended Robot Passwords in Azure Key Vault (read only)
- Storing Unattended Robot Credentials in HashiCorp Vault (read only)
- Storing Unattended Robot Credentials in AWS Secrets Manager (read only)
- Deleting Disconnected and Unresponsive Unattended Sessions
- Robot Authentication
- Robot Authentication With Client Credentials
- Configuring automation capabilities
- Solutions
- Audit
- Settings
- Registry
- Cloud robots
- Automation Suite Robots
- Folders Context
- Processes
- Jobs
- Apps
- Triggers
- Logs
- Monitoring
- Indexes
- Queues
- Assets
- Connections
- Business Rules
- Storage Buckets
- MCP Servers
- Orchestrator testing
- Resource Catalog Service
- Integrations
- Troubleshooting
Orchestrator user guide
UiPath MCP Servers require authentication on every HTTP request. There is no session-based authentication carry-forward. Even after an MCP session is established, every subsequent request must include a valid Authorization: Bearer <token> header.
The mcp-session-id header is for MCP protocol state management only. It is not an authentication mechanism.
Authentication methods
There are four ways to obtain a token for accessing a UiPath MCP Server:
| Method | Token source | Scopes and permissions required |
|---|---|---|
| MCP OAuth flow | Automatic, handled by the IDE | Handled by the discovery flow |
| Personal access token (PAT) | UiPath Cloud UI | Select OR.Jobs and OR.Execution from the Orchestrator API Access resource. |
| External application | Admin > External Apps | Configure OR.Execution and OR.Jobs in the app. At token request time, include OR.Default to control routing behavior. |
| Interactive login (CLI) | uipath auth CLI command | Granted automatically during login |
When to use each method
The right method depends on whether a human is present at sign-in time and whether the MCP Server exposes Integration Service connectors.
| Scenario | Recommended method | Notes |
|---|---|---|
| Using an IDE (VS Code, GitHub Copilot) | MCP OAuth flow | The IDE handles discovery, login, and token refresh automatically. Nothing to configure beyond the MCP Server URL. |
| Automated or unattended workloads (CI/CD pipelines, service accounts, microservices, long-running processes) | External application - application scopes | The only method that works without user interaction. Request OR.Default for the simplest setup. |
| Connecting from a third-party app (Copilot Studio, ChatGPT) | External application - user scopes | Create a confidential app with user scopes, configure the third-party app's OAuth settings manually, and have the user log in through the app. |
| Building a desktop or mobile MCP client | External application - non-confidential app with PKCE | No client secret can leak, and PKCE protects the authorization code flow. The user logs in through a browser and the app receives a token on their behalf. |
| Developing or testing locally (human present) | Interactive login (CLI) or Personal access token | Interactive login requires one command and inherits your folder permissions; tokens last one hour. PATs have a configurable expiration up to one year and work with any HTTP client. |
| MCP Server uses Integration Service activities | MCP OAuth flow, Interactive login, or External application - user scopes | Integration Service activities require user context. PATs and client credentials connect to the MCP Server, but Integration Service-backed tool calls time out. |
Common requirements
The following requirements apply regardless of the chosen authentication method.
Every request must be authenticated
There is no session carry-forward. Every HTTP request must include a valid Authorization: Bearer <token> header. The mcp-session-id header is for MCP protocol state only.
URL format
The MCP Server endpoint URL always has the following format:
https://cloud.uipath.com/{org}/{tenant}/agenthub_/mcp/{folderKey}/{slug}
https://cloud.uipath.com/{org}/{tenant}/agenthub_/mcp/{folderKey}/{slug}
Where:
{org}: your UiPath organization name{tenant}: your tenant name{folderKey}: the folder's GUID (not the folder name or path){slug}: the MCP Server's URL slug
Minimum folder permission
The authenticated identity (user or external app) must have the MCPServers.View permission in the folder containing the MCP Server. This permission is included in the Automation User, Automation Developer, and Folder Administrator roles.
Additional permission for Coded and Command servers
Coded and Command MCP Servers execute Orchestrator jobs. The identity must also have the Jobs.Create permission. This permission is included in the Automation User and Automation Developer roles.
Integration Service limitation
If the MCP Server exposes tools backed by Integration Service activities, only user-context authentication works (interactive login or MCP OAuth flow). PATs and external app client credentials connect to the MCP Server, but Integration Service-backed tool calls time out.
Token validation
UiPath MCP Servers validate tokens using the following schemes, in sequence. The first match wins:
| Scheme | Audience | Used by |
|---|---|---|
| Robot access token | Orchestrator | Robot execution tokens |
| Identity OAuth access token | OrchestratorApiUserAccess | Interactive login |
| Identity personal access token | UiPath.Orchestrator | Personal access tokens, external application tokens, MCP OAuth flow tokens |
All schemes enforce signature validation, issuer validation, audience validation, expiration validation, and partition ID (prt_id claim) matching against the organization from the request URL.