Authentication Server provides a centralized common authentication for users across three key components of the Blue Prism platform: Blue Prism Enterprise, RESTful API, and Hub.
Authentication Server must be installed as part of the Blue Prism Hub 4.3 installation if using the Blue Prism API and/or browser-based Control Room with version 7.0 and later. A Blue Prism environment must then be configured to use Authentication Server in order to allow users to log in via Authentication Server only.
Once Authentication Server has been configured and enabled, all user access for Blue Prism will be directed via Authentication Server where users will only be able to use basic authentication (username and password) and LDAP authentication to log in via Authentication Server.
Blue Prism native and Active Directory authentication can still be used to authenticate runtime resources, AutomateC commands, and when calling web services exposed on runtime resources. The external authentication capability via Authentication Gateway introduced in Blue Prism 6.10 is not supported in the first release of Authentication Server.
The following prerequisites must be met before configuring a Blue Prism environment to use Authentication Server:
- A working Blue Prism Enterprise deployment running version 7.0 and configured as a multi-authentication environment, as well as a Blue Prism application server that can be configured to handle user events that are published to a message queue by Authentication Server so that new users created in Blue Prism Hub can log into the Blue Prism environment via Authentication Server. See Blue Prism enterprise installation guide for guidance.
- A working Blue Prism Hub deployment running version 4.3, including Authentication Server, a Message Broker server to host the RabbitMQ Message Broker, and a web server for the Hub installation. See Hub 4.3 installation guide for guidance.
Blue Prism environments configured to use Authentication Server
The following diagrams show the authentication flow in a Blue Prism multi-authentication environment configured to use Authentication Server. The first diagram shows the interactive client authentication, and the second diagram shows the authentication for other components, such as runtime resources, AutomateC commands, and so on.
Interactive client authentication
Authentication for other components
Blue Prism environments not configured to use Authentication Server
The following diagram shows the authentication flow in a Blue Prism multi-authentication environment not configured to use Authentication Server.