Authentication Server

Click this icon on the toolbar to view and download the full PDF version of this guide.

Authentication Server provides centralized common authentication for users across three key components of the Blue Prism platform: Blue Prism Enterprise, Blue Prism API, and Blue Prism Hub.

Authentication Server is installed as part of the Blue Prism Hub installation (version 4.6 or later) if using the Blue Prism API and/or browser-based Control Room with version 7.1 and later. A Blue Prism environment must then be configured to use Authentication Server in order to allow users to log in via Authentication Server only.

Once Authentication Server has been configured and enabled, all user access for Blue Prism Enterprise will be directed via Authentication Server, where users will be able to log in via native, Active Directory, and LDAP authentication. These user accounts must exist both in Hub and Blue Prism.

Blue Prism native and Active Directory authentication can still be used to authenticate runtime resources, AutomateC commands, and when calling web services exposed on runtime resources. These requests cannot be authenticated via Authentication Server.

The external authentication capability via Authentication Gateway introduced in Blue Prism 6.10 is not supported in Blue Prism version 7.

For an overview of the configuration, also watch the Authentication Server configuration video.

Prerequisites

The following prerequisites must be met before configuring a Blue Prism environment to use Authentication Server:

  • A working Blue Prism Enterprise deployment running version 7.1 . See Blue Prism Enterprise installation guide for guidance.
  • A Blue Prism application server that can be configured to integrate with Authentication Server, see Configure the Blue Prism application server. This guide assumes one Blue Prism interactive client running on one application server on which the details of the service account created to make authenticated requests to the Authentication Server API are configured.

  • A Microsoft Edge WebView2 browser which delivers the embedded Authentication Server login dialog required to enable users to log into Authentication Server from the Blue Prism interactive client. The associated WebView2 runtime must be installed locally on any machine that runs the Blue Prism interactive client. For more details, see https://docs.microsoft.com/en-us/microsoft-edge/webview2/concepts/distribution.

    Watch the installation video.

  • A working Blue Prism Hub deployment running version 4.6 or later, including Authentication Server, a Message Broker server to host the RabbitMQ Message Broker, and a web server for the Hub installation. See the Hub installation guide for guidance.

Typical deployment

Blue Prism environments configured to use Authentication Server

The following diagrams show the authentication flow in a Blue Prism environment configured to use Authentication Server.

Interactive client authentication

The diagram below shows the authentication flow for a Blue Prism interactive client.

Interactive client authentication

Authentication for other components

The diagram below shows the authentication flow for other components, such as runtime resources, AutomateC commands, and web service requests.

Non-interactive component authentication

Blue Prism environments not configured to use Authentication Server

The following diagram shows the authentication flow in a Blue Prism environment not configured to use Authentication Server.

Authentication when Authentication Server is not enabled