Sign-on settings

Blue Prism provides the following authentication methods which administrators can configure on the System > Security - Sign-on Settings screen for a specific environment:

User login via Authentication Server
- Users log into the Blue Prism interactive client using Authentication Server. This applies to native and Active Directory users in Authentication Server.
- This authentication method is required if using the browser-based Control Room with the current Blue Prism environment.
- All other Blue Prism components (runtime resources, telnet commands, AutomateC commands, and web services requests) are not authenticated via Authentication Server, but via the Blue Prism application server using the configured built-in authentication methods.
User login using built-in authentication
- Users log into the Blue Prism interactive client directly. This applies to native and Active Directory users in Blue Prism.
- This authentication method cannot be used to log into the browser-based Control Room.
- The built-in authentication methods also apply to all other Blue Prism components (runtime resources, telnet commands, AutomateC commands, and web services requests).

Authentication Server

If the User login via Authentication Server option has been selected, you will be prompted to provide an Authentication Server URL. For more details on how to configure authentication via Authentication Server, see the Authentication Server configuration guide.

Built-in authentication

The available built-in authentication methods are Active Directory authentication and Blue Prism native authentication. If the User login using built-in authentication option has been selected, at least one of the two authentication methods must be selected to continue.

The available built-in authentication methods are also used to authenticate runtime resources, telnet commands, AutomateC commands, and when calling web services exposed on runtime resources.

For more details, see Authentication in Blue Prism and Active Directory integration.

Password rules for native users

This section of the screen allows you to manage restrictions on users' passwords.

Passwords can be set to have a minimum length.
Passwords can be restricted so that they must contain at least one uppercase character, lowercase character, digits, special characters and brackets. The full character set for each option is detailed below. In addition to these sets, a custom set can be built by adding characters to the additional characters text box.

Uppercase ABCDEFGHIJKLMNOPQRSTUVWXYZ

Lowercase abcdefghijklmnopqrstuvwxyz

Digits 0123456789

Special !"$%^&*_+=-:;@'~#,.?/\|`¬

Brackets ()<>{}[]

User accounts can be set to lock out after a number of failed login attempts. Once users are locked out, they will not be able to log back in again until the account is unlocked by an administrator.

Passwords can be restricted so when the user changes his password it may not match a password used within the configured number of previous passwords and/or may not match a previous password used within the configured number of previous days.

Once the password rules have been set, click Apply to apply the changes. The changes will only take effect the next time a user logs in.

It is possible to prevent users from pasting into password boxes in Blue Prism via the system-wide setting Password controls allow pasted passwords. See System settings for more details.

Native login options

This section of the screen allows you to select options for the login screen presented to Blue Prism users before they log in.

When a native user starts Blue Prism, they are presented with their last logged in username. This is particularly useful if the computer often has only one user using it. Alternatively, you can select to use the Windows username on the login screen. This is useful if your Blue Prism username matches your Windows username. The default option is to present Blue Prism native users with a blank username.

The option to warn Blue Prism native users when their password is about to expire can be set and configured to the next day and up to 14 days in advance. When users log in, a message displays if their password is due to expire within the selected time period.

Role Management for Active Directory users

This section allows administrators to determine how Active Directory user roles are managed. At least one of the following options must be selected if Active Directory authentication has been enabled under Built-in authentication settings:

Manage role membership in Blue Prism – Active Directory users are directly assigned to Blue Prism roles. Users can be assigned to multiple roles.
Manage role membership in Active Directory – Active Directory security groups are mapped to Blue Prism roles. Users are assigned the relevant Blue Prism roles based on their Active Directory security group membership when they log in.

These options apply in all situations when Active Directory authentication is used:

Logging into the interactive client via Authentication Server.
Logging into the interactive client using built-in authentication.
Authentication of runtime resources and AutomateC commands using the sso command line parameter.
Authentication of web service requests and telnet commands using Active Directory credentials.

If only Blue Prism native authentication has been enabled under Built-in authentication settings, the Role management for Active Directory users options can be left unselected on the screen.

Uppercase	ABCDEFGHIJKLMNOPQRSTUVWXYZ
Lowercase	abcdefghijklmnopqrstuvwxyz
Digits	0123456789
Special	!"$%^&*_+=-:;@'~#,.?/\\|`¬
Brackets	()<>{}[]

	Click here to see the documentation for all Blue Prism products.
© 2024 Blue Prism Limited \| Last updated on 05 Mar 2024