Authentication in Blue Prism

As a Blue Prism user, you must enter authentication details before you are able to perform any tasks in the environment defined by your configured connection.

Blue Prism provides two types of environments for managing authentication to the platform:

The environment type is selected when the database is created and can only be changed when converting a single-authentication Active Directory environment to a multi-authentication Active Directory environment (see Single sign-on for more details).

Multi-authentication environments

Blue Prism native authentication

By default, Blue Prism uses its own authentication mechanism. User accounts are individually created and maintained in Blue Prism and user login attempts are processed by verifying the supplied credentials configured in the Blue Prism database. The individual permissions and roles of users are controlled by assigning Blue Prism user roles.

For more information on managing users in a Blue Prism environment, see Manage users.

Active Directory authentication

If Active Directory authentication has been configured in Blue Prism, configured users can sign in via the Sign in using Active Directory button on the Blue Prism login screen.

Blue Prism administrators who are members of an Active Directory domain can enable Active Directory authentication on the System > Security - Sign-on Settings screen in the Blue Prism client for a specific environment. They must then create Active Directory user accounts by retrieving users from the Active Directory and assigning them to Blue Prism user roles. When the environment contains at least one user who has been configured to use Active Directory authentication, the Sign in using Active Directory button will become visible on the login screen.

For more information, see Single sign-on.

Native authentication via Authentication Server

Native authentication via Authentication Server is available in a Blue Prism multi-authentication environment by using the Authentication Server component, which is only required when using the Blue Prism API and/or browser-based Control Room from version 7.0 onwards.

If Authentication Server has been configured and enabled in System > Security - Sign-on Settings in Blue Prism, users will only be able to log in via the Sign in using Authentication Server button using basic authentication (username and password) and LDAP authentication. Blue Prism native and Active Directory authentication can still be used to authenticate runtime resources, AutomateC commands, and when calling web services exposed on runtime resources.

Authentication Server user accounts can be created directly in Blue Prism Hub (version 4.3 and later), or by mapping users between the Authentication Server and Blue Prism databases, and assigning them to Blue Prism user roles.

For more information, see Authentication Server.

Single-authentication environments

You can only use Active Directory single sign-on in Blue Prism single-authentication environments. To configure Active Directory authentication in a single-authentication environment, you must specify the Active Directory domain where the security groups that will be associated with Blue Prism security roles reside, and then select the security group whose members will be granted system administrator access.

Once the system administrators have been configured with access, the mapping between the other Blue Prism security roles and Active Directory security groups can take place.

For more information, see Single sign-on.

Further login settings

Further sign-in options are available within System Manager for the environment-specific presentation of the login screen.

A list of the users registered within the current connection can be displayed (for Blue Prism authenticated connections only).

The user name can be pre-populated from the last time that the user logged into the selected connection.

For more information, see Sign-on settings.