Convert existing Blue Prism users to external authentication users

Existing Blue Prism users currently authenticating with native and/or Active Directory account credentials in a multi-authentication database can be converted to authenticate via an external identity provider if external authentication has been enabled in Blue Prism.

If you have only just enabled external authentication, you may need to browse away from the System tab and back before you will see the option to convert users as described below.

The user conversion is irreversible and converted users will only be able to authenticate via the new external identity provider IDs once the conversion has completed.

Before starting the conversion, please ensure:

  • You have installed and configured Authentication Gateway.
  • You have backed up your database.
  • Any users you intend to convert have logged out of Blue Prism. This prevents you from also converting the current logged-in user.

  1. Navigate to System > Security - Users and select Convert from the menu icon (ensure you select the Users root node and not an individual user).

  2. Select the required users for conversion from the available list of existing native and Active Directory users and click Next.

    You can sort the list by username and authentication type, and filter users by username or parts thereof, or click Select All to select all users in the list.

  3. Add the external user ID for each user you selected.

    The external user ID must be unique for each user and is case-sensitive so it must match exactly the value the users will enter in the external identity provider’s login page.

  4. Click Convert.

If required, update the roles and permissions of the newly converted users by clicking Edit in a user's context menu.

Once the users have been successfully converted, you will be returned to the Security - Users screen and can view the authentication type of each user in the list.

Resolve partial user conversion

Sometimes not all selected users for conversion can be converted. This is usually due to duplicate external identities that have been entered against more than one username. If this occurs, the wizard will list the names of the users who could not be converted, allowing you to take note and attempt the conversion again.

Users who have not been converted will still be able to log into Blue Prism with the originally configured mechanism and credentials.

For more information on managing users in Blue Prism, see Manage users.