- Getting started
- Notifications
- Licensing
- Troubleshooting
- Connector Builder
- Act! 365
- ActiveCampaign
- Active Directory - Preview
- Adobe Acrobat Sign
- Adobe PDF Services
- Amazon Bedrock
- Amazon Connect
- Amazon Polly
- Amazon SES
- Amazon Transcribe
- Amazon Web Services
- Anthropic Claude
- Asana
- AWeber
- Azure AI Document Intelligence
- Azure Defender for Cloud
- Azure Maps
- BambooHR
- Box
- Brevo
- Calendly
- Campaign Monitor
- Cisco Webex Teams
- Citrix Hypervisor
- Citrix ShareFile
- Clearbit
- Confluence Cloud
- Constant Contact
- Coupa
- CrewAI – Preview
- Customer.io
- Database Hub - Preview
- Databricks Agent
- Datadog
- DeepSeek
- Deputy
- Discord - Preview
- DocuSign
- Drip
- Dropbox
- Dropbox Business
- Egnyte
- Eventbrite
- Exchangerates
- Exchange Server - Preview
- Expensify
- Facebook
- Freshbooks
- Freshdesk
- Freshsales
- Freshservice
- GetResponse
- GitHub
- Gmail
- Google Cloud Platform
- Google Docs
- Google Drive
- Google Forms - Preview
- Google Maps
- Google Sheets
- Google Speech-to-Text
- Google Text-to-Speech
- Google Tasks - Preview
- Google Vertex
- Google Vision
- Google Workspace
- GoToWebinar
- Greenhouse
- Hootsuite
- HTTP
- HTTP Webhook
- Hubspot CRM
- HubSpot Marketing
- HyperV - Preview
- Icertis
- iContact
- Insightly CRM
- Intercom
- Jina.ai
- Jira
- Keap
- Klaviyo
- LinkedIn
- Mail
- Mailchimp
- Mailgun
- Mailjet
- MailerLite
- Marketo
- Microsoft 365
- Microsoft Azure
- Microsoft Azure Active Directory
- Microsoft Azure AI Foundry
- Microsoft Azure OpenAI
- Microsoft Azure Sentinel
- Microsoft Dynamics 365 CRM
- Microsoft OneDrive & Sharepoint
- Microsoft Outlook 365
- Microsoft Power Automate – Preview
- Microsoft Sentiment
- Microsoft Sentinel Threat Intelligence
- Microsoft Teams
- Microsoft Translator
- Microsoft Vision
- Miro
- NetIQ eDirectory
- Nvidia NIM – Preview
- Okta
- OpenAI
- OpenAI V1 Compliant LLM
- Oracle Eloqua
- Oracle NetSuite
- PagerDuty
- PayPal
- PDFMonkey
- Perplexity
- Pinecone
- Pipedrive
- QuickBooksOnline
- Quip
- Salesforce
- Salesforce AgentForce & Flows – Preview
- Salesforce Marketing Cloud
- SAP BAPI
- SAP Cloud for Customer
- SAP Concur
- SAP OData
- SendGrid
- ServiceNow
- Shopify
- Slack
- SmartRecruiters
- Smartsheet
- Snowflake
- Snowflake Cortex
- Stripe
- Sugar Enterprise
- Sugar Professional
- Sugar Sell
- Sugar Serve
- System Center - Preview
- TangoCard
- Todoist
- Trello
- Twilio
- UiPath Apps - Preview
- UiPath Data Fabric – Preview
- UiPath GenAI Activities
- UiPath Orchestrator
- X (formerly Twitter)
- Xero
- watsonx.ai
- WhatsApp Business
- WooCommerce
- Workable
- Workday
- Workday REST
- VMware ESXi vSphere
- YouTube
- Zendesk
- Zoho Campaigns
- Zoho Desk
- Zoho Mail
- Zoom
- ZoomInfo
Integration Service user guide
Connections
About connections
Connections help in establishing tasks between single users and external applications. The connections are created once users authenticate with an API Provider.
Prerequisites
Before you can use connections, make sure the following conditions are met:
- Integration Service is enabled and provisioned for your tenant.
- Users who work with connections have the necessary permissions in Orchestrator. To create a connection, a user must have the Connections - Create permission in the target folder. For more information on permissions, see Configuring access for accounts in the Orchestrator user guide.
Connections in Orchestrator
Starting with March 2026, you can create new Integration Service connections in Orchestrator. Existing Integration Service connections will continue to be visible on the Integration Service Connections tab until July 2026 (this date is subject to possible extensions). After this date, existing Integration Service connections will be migrated to Orchestrator, and the Connections tab in Integration Service will be removed. This change is scheduled to become available to Community users first, then to Enterprise users progressively, depending on organization and tenant regions. Follow the Integration Service release notes to learn when the change is first announced.
Key benefits of managing connections in Orchestrator
This move brings several key advantages:
-
Less context-switching
You can now create assets, queues, triggers, and connections all in one place, without navigating to another left-hand menu. Fewer clicks, fewer page loads, and lower cognitive load lead to a smoother workflow.
-
Easier troubleshooting
When runs fail, you are already in Orchestrator reviewing jobs, queues, or logs. You can now view and manage the related connection in the same interface, reducing time to resolution.
-
A consistent mental model
Orchestrator already centralizes your resources. Managing connections alongside assets and triggers ensures a more intuitive and cohesive experience.
Shared connections
When a connection is created in a shared folder, all users with access to that folder can use the connection in their automation workflows. The connection can be edited by all users with access to it.
We recommend creating connections for which authentication is done through personal accounts in Personal Workspaces, and only using shared folders for connections where authentication is done through service accounts. Administrators can prevent regular users from creating shared Integration Service connections in team folders. For more information, refer to Enforcing user-level Integration Service connection governance in the Orchestrator user guide.
All the Integration Service connectors support connection sharing and configuration at run time. For more information on configuring connections at run time, refer to the Orchestrator User Guide.
Creating a connection
The Connections tab in Orchestrator provides a central location for creating and managing connections. You can also create connections directly from automations in UiPath Studio, UiPath Studio Web, or UiPath Assistant.
To create a connection in Orchestrator, follow these steps:
- Select Orchestrator from the product launcher.
- Select a folder, and then navigate to the Connections tab.
- Select Add connection.
- To open the connection creation page, select the connector from the list. You can use the search bar to find the connector.
- Select the authentication type (if applicable), enter the required credentials, and then select Connect.
For more details, refer to Managing connections in the Orchestrator user guide.
To successfully create a connection, you must configure an IP addresses allow list for Integration Service. For more information, refer to Configuring the firewall in the Automation Cloud Admin Guide.
Selecting the authentication type
Some Integration Service connectors support multiple authentication types. You select the type when creating the connection. Available options can include:
- OAuth 2.0 Authorization code
- OAuth 2.0 Password
- Bring your own OAuth 2.0 app
- Personal Access Token (PAT)
Available options vary depending on the connector.
Managing connections
You can manage all connections in one place from the Connections tab in Orchestrator. This is where you can check the health of connections, reconnect, manage triggers, edit connection details such as the name and polling interval, and delete connections.
For more details, refer to Managing connections in the Orchestrator user guide.
Managing connections from UiPath Assistant
You can manage Integration Service connections directly from UiPath Assistant. To learn more, refer to Connections in UiPath Assistant.
Select Configure in browser to open the Connections page in Studio Web. To learn more, refer to Managing Connections in the Studio Web user guide.
Automation Cloud Public Sector users can view connections in UiPath Assistant, but not manage them. Instead, they can configure and manage Integration Service connections using the Package Requirements tab in Orchestrator.
Bring your own OAuth 2.0 app
UiPath Integration Service offers a Bring your own Oauth2.0 app (BYOA) model that allows enterprises to connect using their own OAuth 2.0 applications instead of the default UiPath-registered public OAuth app.
UiPath registers and maintains OAuth 2.0 apps on vendor developer portals for the majority of connectors (for example, Microsoft, Google, Salesforce, Atlassian Jira, etc.). In most cases, these apps come with predefined scopes and are managed entirely by UiPath.
However, some organizations may have strict IT, security, or compliance policies that prevent them from using external app registrations. In such cases, BYOA enables customers to use their own Client ID and Client Secret to authenticate and authorize Integration Service connections.
Common scenarios for when to use BYOA
Use BYOA when:
- The application supports the OAuth2.0 Authorization code grant authentication type. Other OAuth2.0 types cannot be used under BYOA.
- Your enterprise requires that all third-party integrations use internally managed OAuth apps.
- You need to add or modify scopes that are not part of UiPath's default registered app.
- Your organization's security or compliance policies prohibit shared app usage.
- You want to control the OAuth app lifecycle, including rotation of secrets.
UiPath's public OAuth apps use fixed scopes and cannot be modified per customer request. If you require additional scopes, BYOA is the correct option.
How BYOA works
When creating a connection in Integration Service, you can select Bring your own Oauth2 app as the authentication type.
This allows you to enter:
- Client ID and Client Secret - Credentials obtained from your app registration in the vendor's developer portal.
- Scopes - Permissions required by the connector.
- Redirect URI - Non-editable callback URL (
https://cloud.uipath.com/provisioning_/callbackfor Automation Cloud). This is the callback URL that Integration Service uses to complete the OAuth flow.
Integration Service uses your credentials to perform the OAuth flow and securely stores the resulting access and refresh tokens.
Configuring a BYOA connection
Step 1: Register an OAuth App on the vendor portal
Create an OAuth 2.0 app in the vendor's developer portal (for example, Salesforce, Microsoft, Jira or Google). During registration:
- Set the redirect/callback URI to
https://cloud.uipath.com/provisioning_/callback. - Add the required scopes (see connector-specific documentation for mandatory scopes).
- Ensure the vendor supports the grant type required by the connector (Authorization Code Grant).
Step 2: Create a connection in Integration Service
-
Navigate to Integration Service > Connectors, select the desired connector, and then click Connect.
-
Select the authentication type Bring Your Own OAuth2 2.0 app.
-
Enter the following details from your registered app:
- Client ID
- Client Secret
- Scopes (select from existing or type them manually)
Note:Many vendors (Atlassian Jira, Coupa, etc.) expect the same scopes are present in your app as well.
-
Follow the on-screen prompts to complete the OAuth consent flow by providing your username and password on the vendor's login page.
-
Once authorized, the connection is securely stored and available to be used.
-
Integration service takes care of periodically refreshing the access token.
Step 3: Verify mandatory scopes
Each connector has mandatory scopes required for its activities and triggers.
If your BYOA app does not include these scopes, connection creation will fail, or certain actions may not work as expected.
Refer to the connector's documentation to confirm the list of mandatory scopes.
Best practices
- Use a dedicated enterprise app registration for UiPath Integration Service; avoid reusing app IDs from unrelated integrations.
- Include only the necessary scopes for least-privilege access.
- Keep client secrets rotated periodically and update them in Integration Service by editing connections.
- Document app ownership and ensure continuity if admins change.
- Verify redirect URIs exactly match the value displayed in Integration Service; mismatched URIs cause OAuth errors.
Security and maintenance
- BYOA credentials are encrypted and stored securely in UiPath Integration Service and never exposed in plain text.
- UiPath does not manage or monitor your custom app credentials or scopes.
- Secret rotation, app de-registration, or scope maintenance are the customer's responsibility.
Common issues
The following table lists common issues encountered when using BYOA connections, along with their possible causes and resolutions.
| Issue | Possible Cause | Resolution |
|---|---|---|
| Invalid client or secret | Wrong client ID or secret. | Verify credentials from the vendor app registration. |
| Redirect URI mismatch | The redirect URI in the vendor app does not match UiPath's value. | Update the redirect URI in the vendor app registration. |
| Insufficient scopes or Access denied | Missing mandatory scopes in vendor app. | Add required scopes and reauthorize. |
| Token expiring frequently | Vendor app configured with short-lived tokens. | Enable refresh tokens in the app or extend token validity. |
Connections in Solutions
You can manage connections and event triggers as part of your solution package. Refer to Solutions Management overview to learn what solution packages are, how they work, and how to create, manage, and deploy them.
When you create a solution package, connections and their associated event triggers are available in the Components panel. You can edit the following properties: Connection name, Connection description, and Authentication type. For event triggers, you can perform the same configuration steps as in Orchestrator.
You can also edit these fields at the time of deployment unless they are locked for editing.
Once the solution is built and published, the connections are available in the solution's Components panel. All the connections selected when creating the solution package can now be deployed.
Solutions Management does not display connections for processes unless an event trigger is connected as well. The issue may impact the solution deployment, requiring manual connection configuration for proper operation.
You can choose to deploy the solution package to a specific folder which doesn't yet exist in Integration Service. In this case, the folder is created automatically.
Connection Authentication type
As an admin, you decide during deployment whether to use an existing connection, create a new one, or allow the end user to select the connection.
Solutions moves the connections and their associated entity relations (such as workflows and processes the connection belongs to), but does not transfer authentication credentials.
During deployment, the administrator can set the Authentication type as:
-
Configurable by users: No connections are created or used from existing ones. Users are expected to configure the connection after the solution is deployed at runtime. Refer to Configuring connections in the Orchestrator documentation.
-
Authenticate after deployment is done: A new connection is created and it requires authentication after the deployment. The connection remains inactive until the authentication step is completed.
- Before the authentication is completed, the username is displayed as
System. Once authentication is successful, the username is updated to display the authenticator's credentials.
- Before the authentication is completed, the username is displayed as
You also have the option of linking components. When you select Link to existing, a pop-up window displays all the connections accessible to the user deploying the solution package. You can choose any existing connection to be part of the solution package.
If you select existing connections for the connectors included in the solution package, and you also select a new folder during deployment, the folder is created in Integration Service, with no connections in it. Use this folder if preferences are modified or new connections are added.
The Link to existing option is not available when you edit a configuration using the following methods: Deployment configuration or Edit deployment configuration. To link components or edit the Authentication type after deployment, you must upgrade the solution package. This requires editing the solution and deploying the new version again.
Connections created in any folder through Solutions are not deleted, even when upgrading the workflow to use different connections. This guarantees that processes and automations relying on these connections are not impacted by the upgrade.
Troubleshooting connection issues
For information on how to fix common issues you might encounter when using connection, see Connections troubleshooting.
- About connections
- Prerequisites
- Connections in Orchestrator
- Key benefits of managing connections in Orchestrator
- Shared connections
- Creating a connection
- Selecting the authentication type
- Managing connections
- Managing connections from UiPath Assistant
- Bring your own OAuth 2.0 app
- Common scenarios for when to use BYOA
- How BYOA works
- Configuring a BYOA connection
- Best practices
- Security and maintenance
- Common issues
- Connections in Solutions
- Troubleshooting connection issues