Authentication in Blue Prism

Blue Prism requires users to provide authentication before they are able to perform any tasks in the environment defined by their configured connection.

Blue Prism provides two types of environments for managing authentication to the platform:

  • Multi-authentication environment – this environment supports both Blue Prism native authentication and Active Directory authentication where roles are mapped to individual users in Blue Prism. When creating new users in a multi-authentication environment, administrators can select to create either a single Blue Prism native user, or one or more Active Directory users. The authentication type is configured as part of the user creation and cannot be changed later.
  • Single-authentication environment – referred to as Active Directory Single Sign-On authentication in previous versions of Blue Prism, this environment supports Active Directory authentication where users log in via Active Directory only and roles are mapped to Active Directory security groups.

The environment type is selected when the database is created and cannot be changed later.

A given Blue Prism device can only connect to one environment at any one time but it can be configured to connect to many environments, which can each be configured with one of the available sign-in methods.

It is only possible to use Blue Prism native authentication when consuming Blue Prism objects or processes exposed as web services in a multi-authentication environment.

Blue Prism native authentication in a multi-authentication environment

By default, Blue Prism uses its own authentication mechanism. User accounts are individually created and maintained in Blue Prism and user login attempts are processed by verifying the supplied credentials configured in the Blue Prism database. The individual permissions and roles of users are controlled by assigning Blue Prism user roles.

For further details on maintaining users in a Blue Prism environment see Manage users.

Active Directory authentication in a multi-authentication environment

If Active Directory authentication has been configured in Blue Prism, both the Native Blue Prism authentication and the Active Directory authentication options display on the login screen in a multi-authentication environment, however users can only log in using the authentication method configured for them.

Blue Prism administrators who are members of an Active Directory domain can enable Active Directory authentication on the System > Security - Sign-on Settings screen in the Blue Prism client for a specific environment. They must then create Active Directory user accounts by retrieving users from the Active Directory and assigning them to Blue Prism user roles. When the environment contains at least one user who has been configured to use Active Directory authentication, the Sign in using Active Directory button will become visible on the login screen.

See Single sign-on for more details.

Active Directory authentication in a single-authentication environment

To configure Active Directory authentication in a single-authentication environment, it is necessary to specify the Active Directory domain where the security groups that will be associated with Blue Prism security roles reside. Additionally, the security group whose members will be granted System Administrator access must be selected.

Once the system administrators have been configured with access, the mapping between the other Blue Prism security roles and Active Directory security groups can take place.

See Single sign-on for more information.

Further login settings

Further sign-in options are available within System Manager for the environment-specific presentation of the login screen.

A list of the users registered within the current connection can be displayed (for Blue Prism authenticated connections only).

The user name can be pre-populated from the last time that the user logged into the selected connection.

See Sign-On Settings for more information.