Create users

The steps in the Create User Wizard accessed from the Security - Users screen depend on the authentication type configured for a user.

Create a Blue Prism native user

Blue Prism native authentication must be enabled on the Security - Sign-on Settings screen for an administrator to be able to create a Blue Prism native user.

Follow the steps below to create a user configured to use Blue Prism native authentication in a Blue Prism environment:

  1. On the Security - Users screen, click New in the hamburger menu.

    The Create User Wizard launches.

  2. On the Select a user type screen, select Create a single Blue Prism native user.

  3. Enter a username. A unique username is required for the new user. This must be no longer than 20 characters, but may contain spaces.
  4. Enter a password. An initial password must be entered for the new user. To maintain security, the user will be prompted to change their password when they first log into the system.
  5. If required, amend the expiry dates for the user account and password, and the password duration.

  6. Assign roles and permissions to the new user by selecting one or more roles from the list. The associated permissions with the selected roles will be selected by default.

    The Desktop Users role is recommended for end users of the Blue Prism Desktop client. More information on Blue Prism Desktop can be found here.

  7. Click Finish to create the user in the database with all the selected attributes.

Create one or more Active Directory users

Active Directory authentication must be enabled on the Security - Sign-on Settings screen for an administrator to be able to create an Active Directory user.

Follow the steps below to create one or more users configured to use Active Directory authentication in a Blue Prism environment:

  1. On the Security - Users screen, click New in the hamburger menu.

    The Create User Wizard launches.

  2. On the Select a user type screen, select Create one or more Active Directory users.

  3. Assign roles and permissions to the new user(s) by selecting one or more roles from the list. The associated permissions with the selected roles will be selected by default.

    The Desktop Users role is recommended for end users of the Blue Prism Desktop client. More information on Blue Prism Desktop can be found here.

  4. Search the Active Directory for user(s) to map to the Blue Prism roles assigned.

    The following options are available which make it easier and faster to find the users of interest:

    • Specify the search root by providing the distinguished name of the root location.
    • Use wildcard search.

    • Apply search filters based on CN (Common name), UPN (User Principal Name) or SID (Security Identifier).

      • The Common Name attribute contains names of an object. If the object corresponds to a person, it is typically the person's full name.
      • A User Principal Name (UPN) is the name of a system user in an email address format. A UPN consists of the user name (logon name), separator (the @ symbol), and domain name (UPN suffix), for example, [email protected]. Users that have no UPN or whose UPN exceeds 128 characters cannot be added.
      • A Security Identifier is a unique, immutable identifier of a user, user group, or other security principal. A security principal has a single SID for life (in a given domain) and all properties of the principal, including its name, are associated with the SID.

      When searching Active Directory for users or security groups on a device connected via an application server, the credentials stored against the domain and encrypted in the database are used to execute this query. If no stored credentials are found, queries that require authentication will be executed under the context of the Windows account running the Blue Prism application server.

      When searching Active Directory for users or security groups on a device that is connected directly to a database and no stored credentials are found, queries that require authentication will be executed under the context of the Windows account that was used to launch, and run, Blue Prism locally.

  5. Verify the user(s) and Blue Prism roles you have selected to add and click Create.

    A maximum of 100 Active Directory users can be added at a time.

Add Active Directory users to Blue Prism based on their Active Directory security group membership

You can also add Active Directory users to Blue Prism based on their Active Directory security group membership. For more details, see Blue Prism roles.

The Manage role membership in Active Directory option must be selected on the Security - Sign-on Settings screen to be able to add security groups to a Blue Prism role.

  1. Navigate to SystemSecurity > User Roles.
  2. Select a role from the list and edit the associated permissions if required.

  3. Click Manage role membership.

    The Role Membership dialog displays.

  4. Click Add under the security groups section.

    The Select Active Directory Security Groups dialog displays.

  5. Search the Active Directory for security group(s) to add to the selected role. The same search criteria can be applied as when searching for users.

  6. Once retrieved from Active Directory, select the Active Directory security group(s) which you want to add to the selected role and click OK.

    The added security groups display on the Role Membership dialog.

  7. Click OK to save your changes.

Create Authentication Server users

Authentication Server must be configured for your environment to be able to add Authentication Server users to Blue Prism. A Blue Prism server connection is required when adding Authentication Server users to Blue Prism. For more details, see Authentication Server.

If you are configuring a new Blue Prism environment to use Authentication Server, Authentication Server users must be created in Blue Prism Hub first (see the Hub administrator guide for more details) and then added to Blue Prism by assigning them to a Blue Prism role.

To add one or more Authentication Server users to a Blue Prism role:

  1. In the Blue Prism interactive client, navigate to System > Security - User Roles.

  2. Select a role from the list and edit the associated permissions if required.

  3. Click Manage role membership.

    The Role Membership screen displays.

  4. Click Add.

    The Add users dialog displays.

  5. Select the Authentication Server user(s) you want to add to the selected role, or search for them using the search box, and click OK.

    The added Authentication Server user(s) now display on the Role Membership dialog.

  6. Click OK to save your changes.

Authentication Server users configured to use Active Directory authentication in Hub can also be added to Blue Prism based on their Active Directory security group membership. For more details, see Add Active Directory users to Blue Prism based on their security group membership.

If you are updating a Blue Prism environment, existing Blue Prism native user accounts must be synchronized with the Authentication Server database so that they can continue to log in once Authentication Server is used to manage user authentication. For more details, see the mapping tool in Authentication Server.