Configuring Active Directory integration for Single Sign-on

Integration with Active Directory is configured for specified instances of Blue Prism allowing full segregation of roles across multiple environments such as Development, Test, and Production.

Blue Prism provides two environments for managing Active Directory authentication to the platform:

Single-authentication environment – Supports Active Directory accounts where roles are mapped to Active Directory security groups. In single-authentication environments, Active Directory users can be contained within multiple domains but only a single forest.
Multi-authentication environment – Supports Active Directory accounts where roles are mapped to individual users in Blue Prism. In multi-authentication environments, Active Directory users can be contained in multiple domains and multiple forests. This environment type also supports Blue Prism native authentication (see the Authentication in Blue Prism topic in the online help for more details). This is the latest and recommended environment for enterprise deployments.

Active Directory configuration in a single-authentication Blue Prism environment

The following steps are required for managing user access to Blue Prism with single-authentication Active Directory:

Configure Active Directory security groups – Security groups should be set up in Active Directory to reflect each user role in a Blue Prism environment. The users within the domain should then be added to the relevant security group.
Specify the domain that hosts the Active Directory security groups – Blue Prism will be configured with the domain where the Active Directory security groups will reside. Only security groups in the specified domain can be associated with a Blue Prism user role, however users from any domain within the common Active Directory forest can be assigned to these security groups. They can either be direct members of this group, or be granted membership via a nested group. As part of the configuration it is necessary to select which Active Directory security group users should be members of in order to grant them System Administrator rights.
Configure and map the Blue Prism roles to Active Directory security groups – The pre-configured Blue Prism user roles can then be edited or amended, and new roles can also be added. Each active role in a given Blue Prism environment will then be mapped to an existing Active Directory security group within the configured domain.

Active Directory configuration in a multi-authentication Blue Prism environment

The following steps are required for managing user access to Blue Prism with multi-authentication Active Directory:

Enable Active Directory authentication in Blue Prism – Blue Prism administrators who are members of an Active Directory domain must enable Active Directory authentication in Blue Prism before mapping Active Directory users to Blue Prism roles.
Map Active Directory users to Blue Prism roles – Active Directory users are retrieved from the Active Directory domains and forests and mapped individually to Blue Prism roles via the Create new user wizard in Blue Prism.

For further details, see Single Sign-on.

	Click here to see the documentation for all Blue Prism products.
© 2024 Blue Prism Limited \| Last updated on 07 May 2024