Authentication in Blue Prism
As a Blue Prism user, you must enter authentication details before you are able to perform any tasks in the environment defined by your configured connection.
Blue Prism provides the following authentication methods which administrators can configure on the System > Security - Sign-on Settings screen for a specific environment:
- User login via Authentication Server
- Users log into the Blue Prism interactive client using Authentication Server. This applies to native and Active Directory users in Authentication Server.
- This authentication method is required if using the browser-based Control Room with the current Blue Prism environment.
- All other Blue Prism components (runtime resources, telnet commands, AutomateC commands, and web services requests) are not authenticated via Authentication Server, but via the Blue Prism application server using the configured built-in authentication methods.
- User login using built-in authentication
- Users log into the Blue Prism interactive client directly. This applies to native and Active Directory users in Blue Prism.
- This authentication method cannot be used to log into the browser-based Control Room.
- The built-in authentication methods also apply to all other Blue Prism components (runtime resources, telnet commands, AutomateC commands, and web services requests).
Based on the authentication method(s) configured for your environment on the System > Security - Sign-on Settings screen, you will see the following options on the Blue Prism login screen:
Sign in option
|User login via Authentication Server||Sign in using Authentication Server|
|User login using built-in authentication, with both Blue Prism native and Active Directory authentication enabled||
|User login using built-in authentication, with only Active Directory authentication enabled||Sign in using Active Directory|
|User login using built-in authentication, with only Blue Prism native authentication enabled||Sign in using Blue Prism credentials|
Blue Prism native authentication
By default, Blue Prism uses its own authentication mechanism. User accounts are individually created and maintained in Blue Prism and user login attempts are processed by verifying the supplied credentials configured in the Blue Prism database. The individual permissions and roles of users are controlled by assigning Blue Prism user roles. For more information on managing users in a Blue Prism environment, see Manage users.
Active Directory authentication
Blue Prism supports single sign-on using Microsoft Active Directory Domain Services, which allows users who have been authenticated by the operating system, and who are members of appropriate domains and forests, to log into Blue Prism without resubmitting their credentials. Integration with Active Directory is configured for specified instances of Blue Prism allowing full segregation of roles across multiple environments such as Development, Test, and Production.
When using Active Directory single sign-on in Blue Prism, it is possible to configure the system to support users from across multiple forests within a common Active Directory network infrastructure with options for role management either in Blue Prism or Active Directory, or both.
This applies to the following scenarios:
- Active Directory users logging into the interactive client via Authentication Server.
- Active Directory users logging into the interactive client using built-in authentication.
- Authentication of AutomateC commands, runtime resources, and process alerts via the /sso command line parameter.
- Authentication of telnet commands and web service requests.
For more information, see Active Directory integration.
Native and Active Directory authentication via Authentication Server is available in a Blue Prism environment by using the Authentication Server component, which is only required when using the Blue Prism API and/or browser-based Control Room from version 7.0 onwards.
If Authentication Server has been configured to use in a Blue Prism environment, users will only be able to log into the interactive client via Authentication Server. Native and Active Directory authentication via the Blue Prism application server can still be used to authenticate runtime resources, telnet commands, AutomateC commands, and web services requests.
For more information, see the Authentication Server configuration guide.
Further login settings
Further sign-in options are available in System > Security - Sign-on Settings the for the environment-specific presentation of the login screen.
For more information, see Sign-on settings.