Authentication Server

Click this icon on the toolbar to view and download a PDF version of this guide.

Authentication Server provides a centralized common authentication for users across three key components of the Blue Prism platform: Blue Prism Enterprise, RESTful API, and Hub.

Authentication Server must be installed as part of the Blue Prism Hub 4.3 installation if using the Blue Prism API and/or browser-based Control Room with version 7.0 and later. A Blue Prism environment must then be configured to use Authentication Server in order to allow users to log in via Authentication Server only.

Once Authentication Server has been configured and enabled, all user access for Blue Prism will be directed via Authentication Server where users will only be able to use basic authentication (username and password) and LDAP authentication to log in via Authentication Server.

Blue Prism native and Active Directory authentication can still be used to authenticate runtime resources, AutomateC commands, and when calling web services exposed on runtime resources. The external authentication capability via Authentication Gateway introduced in Blue Prism 6.10 is not supported in the first release of Authentication Server.

Prerequisites

The following prerequisites must be met before configuring a Blue Prism environment to use Authentication Server:

  • A working Blue Prism Enterprise deployment running version 7.0 and configured as a multi-authentication environment, as well as a Blue Prism application server that can be configured to handle user events that are published to a message queue by Authentication Server so that new users created in Blue Prism Hub can log into the Blue Prism environment via Authentication Server. See Blue Prism enterprise installation guide for guidance.
  • A working Blue Prism Hub deployment running version 4.3, including Authentication Server, a Message Broker server to host the RabbitMQ Message Broker, and a web server for the Hub installation. See Hub 4.3 installation guide for guidance.

Typical deployment

Blue Prism environments configured to use Authentication Server

The following diagrams show the authentication flow in a Blue Prism multi-authentication environment configured to use Authentication Server. The first diagram shows the interactive client authentication, and the second diagram shows the authentication for other components, such as runtime resources, AutomateC commands, and so on.

Interactive client authentication

Interactive client authentication

Authentication for other components

Non-interactive component authentication

Blue Prism environments not configured to use Authentication Server

The following diagram shows the authentication flow in a Blue Prism multi-authentication environment not configured to use Authentication Server.

Authentication when Authentication Server is not enabled