Authentication Server

Click this icon on the toolbar to view and download a PDF version of this guide.

Authentication Server provides centralized common authentication for users across three key components of the Blue Prism platform: Blue Prism Enterprise, Blue Prism API, and Blue Prism Hub.

Authentication Server is installed as part of the Blue Prism Hub installation (version 4.3 or later) if using the Blue Prism API and/or browser-based Control Room with version 7.0 and later. A Blue Prism environment must then be configured to use Authentication Server in order to allow users to log in via Authentication Server only.

Once Authentication Server has been configured and enabled, all user access for Blue Prism Enterprise will be directed via Authentication Server, where users will only be able to use basic authentication (username and password) and LDAP authentication to log in via Authentication Server.

Blue Prism native and Active Directory authentication can still be used to authenticate runtime resources, AutomateC commands, and when calling web services exposed on runtime resources. These requests cannot be authenticated via Authentication Server.

The external authentication capability via Authentication Gateway introduced in Blue Prism 6.10 is not supported in the first release of Authentication Server.

For an overview of the configuration, also watch the Authentication Server configuration video.

Prerequisites

The following prerequisites must be met before configuring a Blue Prism environment to use Authentication Server:

  • A working Blue Prism Enterprise deployment running version 7.0 and configured as a multi-authentication environment. See Blue Prism Enterprise installation guide for guidance.
  • A Blue Prism application server that can be configured to integrate with Authentication Server, see Configure RabbitMQ messaging via Blue Prism server.
  • A working Blue Prism Hub deployment running version 4.3 or later, including Authentication Server, a Message Broker server to host the RabbitMQ Message Broker, and a web server for the Hub installation. See the Hub installation guide for guidance.

Typical deployment

Blue Prism environments configured to use Authentication Server

The following diagrams show the authentication flow in a Blue Prism multi-authentication environment configured to use Authentication Server.

Interactive client authentication

The diagram below shows the authentication flow for a Blue Prism interactive client.

Interactive client authentication

Authentication for other components

The diagram below shows the authentication flow for other components, such as runtime resources, AutomateC commands, and web service requests.

Non-interactive component authentication

Blue Prism environments not configured to use Authentication Server

The following diagram shows the authentication flow in a Blue Prism multi-authentication environment not configured to use Authentication Server.

Authentication when Authentication Server is not enabled