- Release notes
- Getting started
- Installation
- Configuration
- Integrations
- Authentication
- Set up single sign-on through Azure Active Directory
- Set up single sign-on through Integrated Windows Authentication
- Adding Superadmin AD Groups
- Adding End-user AD Groups
- Two-Factor Authentication
- Working with Apps and Discovery Accelerators
- AppOne menus and dashboards
- AppOne setup
- TemplateOne 1.0.0 menus and dashboards
- TemplateOne 1.0.0 setup
- TemplateOne menus and fashboards
- TemplateOne 2021.4.0 setup
- Purchase to Pay Discovery Accelerator menus and dashboards
- Purchase to Pay Discovery Accelerator Setup
- Order to Cash Discovery Accelerator menus and dashboards
- Order to Cash Discovery Accelerator Setup
- Basic Connector for AppOne
- SAP Connectors
- Introduction to SAP Connector
- SAP input
- Checking the data in the SAP Connector
- Adding process specific tags to the SAP Connector for AppOne
- Adding process specific Due dates to the SAP Connector for AppOne
- Adding automation estimates to the SAP Connector for AppOne
- Adding attributes to the SAP Connector for AppOne
- Adding activities to the SAP Connector for AppOne
- Adding entities to the SAP Connector for AppOne
- SAP Order to Cash Connector for AppOne
- SAP Purchase to Pay Connector for AppOne
- SAP Connector for Purchase to Pay Discovery Accelerator
- SAP Connector for Order-to-Cash Discovery Accelerator
- Superadmin
- Dashboards and charts
- Tables and table items
- Application integrity
- How to ....
- Working with SQL connectors
- Introduction to SQL connectors
- Setting up a SQL connector
- CData Sync extractions
- Running a SQL connector
- Editing transformations
- Releasing a SQL Connector
- Scheduling data extraction
- Structure of transformations
- Using SQL connectors for released apps
- Generating a cache with scripts
- Setting up a local test environment
- Separate development and production environments
- Useful resources
Set up single sign-on through Integrated Windows Authentication
This page describes how to set up Single Sign-on through Microsoft Integrated Windows Authentication.
If Microsoft Integrated Windows Authentication is enabled and correctly configured, a button is displayed at the bottom of the Login page. See the illustration below.
-
Go to the Settings tab of the Superadmin page of your UiPath Process Mining installation. See illustration below.
-
Add the required Integrated Windows Authentication settings in the
ExternalAuthenticationProviders
setting of the Server Settings. Below is a description of the JSON keys of theintegratedWindowsAuthentication
object.Key
Description
url
The LDAP url domain controller in the domain you want to use. This url needs to be accessible from the UiPath Process Mining server. Use the format: ldap://dc.company.domain.com.
base
The base distinguished name to authenticate users under. Use the format:DC=Company,DC=com
. The exact name depends on the setup of the AD.bindDN
The username of the AD user that is used to retrieve user groups. This user should have the rights to query user groups for users that are allowed to login.
Note: This user might need to be prefixed with the domain name, for instance:DOMAINNAME\)\)\)\)username
. The double backslashes are needed to act as an escape character. Alternatively, you can use your DC as a postfix, for instance:[email protected]
.bindCredentials
The password of the user specified in bindDN.
See also Use a Credential Store.
search_query
Enables you to specify whether users can login with a different attribute thanuserPrincipalName
.tlsOptions
Enables you to specify additional options for use with LDAPS.
ca
: used to specify the certificate which should be used.rejectUnauthorized
: set this totrue
.See also Set up Secure LDAP.
See illustration below for an example of the Server Settings with theExternalAuthenticationProviders
setting with theintegratedWindowsAuthentication
object., "ExternalAuthenticationProviders": { "integratedWindowsAuthentication": { "url": "ldap://server1:389", "base": "DC=Company,DC=com", "bindDN": "username", "bindCredentials": "password" } }
, "ExternalAuthenticationProviders": { "integratedWindowsAuthentication": { "url": "ldap://server1:389", "base": "DC=Company,DC=com", "bindDN": "username", "bindCredentials": "password" } } - Click on SAVE to save the Server settings.
- Press F5 to refresh the Superadmin page. This loads the new settings and enables user groups to be created based on these settings.
Auto-login
AutoLogin
Server Setting, the user will be automatically logged in using the current active SSO method.
AutoLogin
is set to none
. If you want to enable auto-login for end-users and/or Superadmin users, you can specify this in the AutoLogin
in the Superadmin Settings tab. See The Settings Tab.
In order to use Integrated Windows Authentication authentication, you must create one or more AD group to allow members to login. For Superadmin users, or app developers you can create AD groups on the Superadmin users tab. See Adding Superadmin AD Groups.
For end-user authentication, AD groups can be created on the End user administration page. See Adding End-user AD Groups.
- Install the graphical LDP client as per the official Microsoft Documentation.
- Verify that a successful connection is possible from LDP with the same settings as configured in the
integratedWindowsAuthentication
object in the Server Settings.
[PLATFORMDIR]/logs/iisnode
folder for files containing LDAP connection error
lines. The example below displays a log file with an error message. The data
field contains the relevant error code. Refer to the LDAP wiki for an explanation of the error. In the example below the error is 52e
, ERROR_LOGON_FAILURE
.
[2000-01-01T00:00:00.000Z] LDAP connection error:
[2000-01-01T00:00:00.000Z] json: {"lde_message":"80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839\)\)u0000","lde_dn":null}
[2000-01-01T00:00:00.000Z] LDAP connection error:
[2000-01-01T00:00:00.000Z] json: {"lde_message":"80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839\)\)u0000","lde_dn":null}