DocsActive Directory configuration
Where Blue Prism is deployed within a single Active Directory Forest, it can be configured to allow users to authenticate against the platform using Single Sign-on. It essentially requires an Active Directory Security Group to be mapped to each relevant Blue Prism security role after which users will be granted access to the platform based on their Active Directory Security Group membership.
The steps required to configure Blue Prism integration with Active Directory for single sign-on are illustrated in the diagram below:
When configuring Blue Prism to use Active Directory for authentication, the database must be configured at the time of creation to use Microsoft Active Directory Authentication of Single Sign-On.
For further information, see Create/Configure a Blue Prism SQL Server Database.
Configure Active Directory users and roles
After the database has been created with the appropriate settings to indicate that Active Directory authentication should be used for the Blue Prism platform, the users and roles must be configured within the Blue Prism product.
- Click System and select Security > User Roles from the navigation tree.
-
For each Role, configure the permissions that should be granted and select the Active Directory Security Group whose members should be assigned to this role.
Blue Prism Security Roles must be associated with Security Groups created in Active Directory. Single sign-on for Blue Prism does not support built-in Groups or those with derived membership such as Domain Users or Authenticated Users. It is also recommended that the Security Groups used do not contain Foreign Security Principals.
- Once complete, click OK.
Users who belong to the groups that have been configured should now be able to log in to Blue Prism and perform the actions permitted by the corresponding Blue Prism role (as indicated by the tree on the right).
Users may have to log out of windows and log back in again for Active Directory changes to take effect.
