Authentication in Blue Prism

As a Blue Prism user, you must enter authentication details before you are able to perform any tasks in the environment defined by your configured connection.

Blue Prism provides the following authentication methods which administrators can configure on the System > Security - Sign-on Settings screen for a specific environment:

• User login via Authentication Server
  • Users log into the Blue Prism interactive client using Authentication Server. This applies to native and Active Directory users in Authentication Server.
  • This authentication method is required if using the browser-based Control Room with the current Blue Prism environment.
  • All other Blue Prism components (runtime resources, telnet commands, AutomateC commands, and web services requests) are not authenticated via Authentication Server, but via the Blue Prism application server using the configured built-in authentication methods.
• User login using built-in authentication
  • Users log into the Blue Prism interactive client directly. This applies to native and Active Directory users in Blue Prism.
  • This authentication method cannot be used to log into the browser-based Control Room.
  • The built-in authentication methods also apply to all other Blue Prism components (runtime resources, telnet commands, AutomateC commands, and web services requests).

Based on the authentication method(s) configured for your environment on the System > Security - Sign-on Settings screen, you will see the following options on the Blue Prism login screen:

Authentication method	Sign in option
User login via Authentication Server	Sign in using Authentication Server
User login using built-in authentication, with both Blue Prism native and Active Directory authentication enabled	Sign in using Blue Prism credentials Sign in using Active Directory
User login using built-in authentication, with only Active Directory authentication enabled	Sign in using Active Directory
User login using built-in authentication, with only Blue Prism native authentication enabled	Sign in using Blue Prism credentials

Blue Prism native authentication

By default, Blue Prism uses its own authentication mechanism. User accounts are individually created and maintained in Blue Prism and user login attempts are processed by verifying the supplied credentials configured in the Blue Prism database. The individual permissions and roles of users are controlled by assigning Blue Prism user roles. For more information on managing users in a Blue Prism environment, see Manage users.

Active Directory authentication

Blue Prism supports single sign-on using Microsoft Active Directory Domain Services, which allows users who have been authenticated by the operating system, and who are members of appropriate domains and forests, to log into Blue Prism without resubmitting their credentials. Integration with Active Directory is configured for specified instances of Blue Prism allowing full segregation of roles across multiple environments such as Development, Test, and Production.

For more information, see Active Directory integration.

Authentication Server

Native and Active Directory authentication via Authentication Server is available in a Blue Prism environment by using the Authentication Server component, which is only required when using the Blue Prism API and/or browser-based Control Room from version 7.0 onwards.

If Authentication Server has been configured to use in a Blue Prism environment, users will only be able to log into the interactive client via Authentication Server. Native and Active Directory authentication via the Blue Prism application server can still be used to authenticate runtime resources, telnet commands, AutomateC commands, and web services requests.

For more information, see the Authentication Server configuration guide.

Further login settings

Further sign-in options are available in System > Security - Sign-on Settings the for the environment-specific presentation of the login screen.

For more information, see Sign-on settings.