Credential details

The Credential Details dialog allows you to create and edit credentials for use with target applications, encrypting them and storing them in a secure location.

Credential types are provided to support various authentication methods and access rights can be defined to determine which accounts have access to that credential.

For more information about credentials in Blue Prism, see Credential manager.

Create a credential

  1. Click System > Credentials and then New.
  2. Enter a unique name and optional description for the credential.

  3. Select a credential type for the required authentication method and add the required properties, as detailed below:

    Credential Name

    Usage and Required Properties

    General

    Use this credential type for non-Web API authentication. Properties:

    • Username – Usually used to store a login user name.
    • Password – The password to be securely stored within the credential.

    Basic Authentication

    Use this credential type for basic web authentication to create the authentication header. Properties:

    • Username – The authorization user name.
    • Password – The authorization password to be securely stored within the credential.

    OAuth 2.0 (Client Credentials)

    Use this credential type for OAuth 2.0 web authentication using client credentials. Properties:

    • Client ID – The client making the request.
    • Client Secret – Used to authenticate the request.

    OAuth 2.0 (JWT Bearer Token)

    Use this credential for OAuth 2.0 web authentication using JSON Web Tokens (JWT). Properties:

    • Issuer – Used to form the authentication token request.
    • Private Key – The client secret, used to sign the token request.

    Bearer Token

    Use this credential type for Bearer token authentication. Properties:

    • Token – The bearer token to send in the authentication header.

    Data Gateways Credential

    Use this credential only for Data Gateways configurations that require authenticated access to a database or HTTP endpoint. Properties:

    • Username – Usually used to store a login user name.
    • Password – The password to be securely stored within the credential.

    4. If the selected authentication type requires a username and password, HTTP password authentication protocol dictates that passwords can only contain any of the first 128 ASCII characters. If any other characters are used, Blue Prism replaces the character with ? resulting in a failed login attempt.

  4. If you know the expiry date of the credential, enable the Expires field and select the appropriate date. This data can then be used in processes, such as to perform a check on credentials that have expired, or are due to expire. Once this date has passed, the credential will not be accessible to the process and only the status (expired) will be returned.
  5. If you do not want the credential to be available for use in processes just yet, select Marked as invalid.
  6. If required, add Additional Properties for the credential. This could be additional security questions such as Mother's maiden name, City of birth, etc. Any number of named properties can be created for a credential, the values for which are held securely within the database. These property values can be requested by processes.
  7. Select the Access Rights tab and select where and to whom the credential will be available:
    • Security Roles – The security roles that are required for a Blue Prism account to have to be able to access a credential. This is only valid for runtime resources which are not public (i.e. /public) and which have been configured to run under the context of a user (i.e. /SSO or /user [username] [ password]). Restricting access to a credential by security role will prevent the credential from being accessed in the following scenarios:
      • When process sessions are created by the scheduler.
      • When process sessions are created on resources which are configured as public.
    • Processes – The processes that are allowed to access the credential. The session identifier provided when requesting the credential must relate to an active session and the process in the session record must be in the list of allowed processes.
    • Resources – The resources that are allowed to access the credential when online. The session identifier provided when requesting the credential must relate to an active session and the resource in the session record must be online and be in the list of allowed resources.
  8. Click OK to save the credential and add to the list of credentials in the Security - Credentials screen. If not marked as invalid, the credential will be available to use in processes.

This video demonstrates how to setup and use Credential Manager.

Example credential