Authentication in Blue Prism
As a Blue Prism user, you must enter authentication details before you are able to perform any tasks in the environment defined by your configured connection.
Blue Prism provides two types of environments for managing authentication to the platform:
- Multi-authentication environment – This environment supports three types of authentication: Blue Prism native authentication, Active Directory authentication, and external identity provider authentication. For all three authentication types, roles and permissions are mapped to individual users in Blue Prism. For external authentication, it is not possible to assign roles based on user group membership within linked identity providers such as Active Directory. The authentication type is configured as part of the user creation and cannot be changed later.
- Single-authentication environment – referred to as Active Directory Single Sign-On prior to Blue Prism 6.8, this environment supports Active Directory authentication where users log in via Active Directory only and roles are mapped to Active Directory security groups. To set up a single-authentication environment, enter the name of the domain that contains the Active Directory security groups that are to be associated with security roles in Blue Prism, and select the security group within that domain whose members will be granted system administrator access to Blue Prism.
The environment type is selected when the database is created and can only be changed when converting a single-authentication Active Directory environment to a multi-authentication Active Directory environment (see Single sign-on for more details).
Blue Prism native authentication
By default, Blue Prism uses its own authentication mechanism. User accounts are individually created and maintained in Blue Prism and user login attempts are processed by verifying the supplied credentials configured in the Blue Prism database. The individual permissions and roles of users are controlled by assigning Blue Prism user roles.
For more information on managing users in a Blue Prism environment, see Manage users.
Active Directory authentication
If Active Directory authentication has been configured in Blue Prism, both the Blue Prism native authentication and the Active Directory authentication options display on the login screen in a multi-authentication environment, however, users can only log in using the authentication method configured for them.
Blue Prism administrators who are members of an Active Directory domain can enable Active Directory authentication on the System > Security - Sign-on Settings screen in the Blue Prism client for a specific environment. They must then
For more information, see
External identity provider authentication
External identity provider authentication is available in a Blue Prism multi-authentication environment by using the optional Authentication Gateway component, which allows the use of external identity providers such as Azure Active Directory, Okta, OneLogin, and others.
If external authentication has been configured on the System > Security - Sign-on Settings screen in Blue Prism, both the Blue Prism native authentication and the external identity provider authentication options display on the login screen in a multi-authentication environment, however users can only log in using the authentication method configured for them.
For more information, see the Authentication Gateway installation guide.
You can only use Active Directory single sign-on in Blue Prism single-authentication environments. To configure Active Directory authentication in a single-authentication environment, you must specify the Active Directory domain where the security groups that will be associated with Blue Prism security roles reside, and then select the security group whose members will be granted system administrator access.
Once the system administrators have been configured with access, the mapping between the other Blue Prism security roles and Active Directory security groups can take place.
For more information, see Single sign-on.
Further login settings
Further sign-in options are available within System Manager for the environment-specific presentation of the login screen.
A list of the users registered within the current connection can be displayed (for Blue Prism authenticated connections only).
The user name can be pre-populated from the last time that the user logged into the selected connection.
For more information, see Sign-on settings.