Hub 4.7 – January 2023

Click this icon on the toolbar to view and download a PDF version of the release notes.

These release notes are for the 4.7 release of Blue Prism Hub.


The following new features and enhancements are introduced in this version of Hub.


Description of Change



Blue Prism Hub and its components have been updated to use:

  • .NET 6.0
  • .NET Framework 4.8

Both the installer and the upgrader have been updated to reflect these prerequisites.

For download information, see the Blue Prism Hub install guide.




A security enhancement has been made to ensure encrypted connection strings are used. SQL Server must be configured to use SSL encryption, using certificates issued by a trusted certificate authority. Self-signed certificates are not sufficient to meet the requirements of this enhancement. Both the installer and upgrader have been updated to reflect this security enhancement.

If you are upgrading a system where SQL Server was not configured to use SSL encryption, the connection strings for the Hub applications will need to be manually configured prior to running the upgrader. See Upgrade Hub and Interact 4.6 to version 4.7 for more information.

Certificates from trusted certificate authorities should be used for Production environments. However, a self-signed certificate could be used for Proof of Concept, or Development environments. It is important that the fully qualified domain name (FQDN) used by SQL Server matches the FQDN defined in the certificate. If these do not match, a connection to the database will not be established and your installation will not function correctly. For information on using and configuring self-signed certificates, see Self-signed certificates in the Blue Prism Hub installation guide.



Authentication settings


The Authentication settings page has been updated to include Security Assertion Markup Language 2.0 (SAML 2.0) authentication.

SAML 2.0 authentication allows cross-domain single sign-on (SSO) and is only visible on the Authentication settings page if the Authentication Server SAML 2.0 extension has been installed on the host web server where Authentication Server is installed. The Authentication Server SAML 2.0 extension installer and the associated installation guide can be downloaded from the Digital Exchange.

The following actions can be carried out from the Authentication settings page:

  • Enable or disable SAML 2.0 authentication.
  • Configure SAML 2.0 provider settings.
  • Remove an already configured SAML 2.0 provider.
  • Add multiple SAML 2.0 users from a CSV file.

Authentication Server users configured to log in using SAML 2.0 will see the Log in using <SAML 2.0 provider name> button on the login screen, for example, Log in using Azure AD.






If a Hub administrator attempts to disable any enabled authentication types on the Authentication settings page, a check is now carried out to identify whether there are any active administrator users configured to log in using any of the other enabled authentication types. If no administrator user with a different authentication type is found, the selected authentication type cannot be disabled.

For more information, see the Hub Administrator Guide.


Environment management

All fields in the Database configuration and Database authentication sections of the Edit connection page can now be edited, however, this should only be done to prevent the loss of a connection if a parameter is incorrect, or if the database password has been changed.

For more information, see the Hub Administrator Guide.



If SAML 2.0 authentication has been enabled on the Authentication settings page and a SAML 2.0 provider has been configured, Hub administrators can add individual SAML 2.0 users on the Add users page.

A new audit event called Added SAML 2.0 user has been added.

Alternatively, Hub administrators can add multiple SAML 2.0 users at the same time from the Authentication settings page, by uploading users from a CSV file.  Once uploaded, the users display on the Users page and can be edited or retired. Any users that have been created this way will have their own audit log entry that also includes details of all users who have been skipped or could not be added. It is recommended that the CSV file does not contain more than 1000 entries.

When a SAML 2.0 provider is removed from Authentication Server, any users configured to use that provider are retired.

For more information, see the Hub Administrator Guide.





HUB- 5023



Fixes and improvements

The following fixes and minor improvements are included in this version of Hub.


Description of Change


Active Directory authentication





Active Directory users can be synchronized and log into Authentication Server when their UPN contains an alias suffix that is different to the Domain Name System (DNS) name of the Active Directory domain. For example, (DNS name) and (alias suffix), where [email protected] is the UPN. Authentication Server will automatically determine available alias suffixes for the users, unless configured manually by an administrator. For more information, see Authentication Server troubleshooting.


When searching for Active Directory users or security groups to add to Authentication Server, the Search root field on the Add user and Create role pages now displays a default value, which corresponds to the Distinguished Name (DN) of the current forest root domain of the server hosting Authentication Server.



Disabled Active Directory users who previously had access to the Control Room plugin are now automatically logged out of Authentication Server and redirected to the login page if they attempt to access the Control Room plugin. Previously, they were incorrectly redirected to the Welcome page.


Several performance improvements have been made when determining Active Directory group membership for a user during authentication. For more information, see Authentication Server troubleshooting.


The default value for the maximum duration that the cache stores the discovered Active Directory domains has been increased to 1440 minutes. Previously, the default was 30 minutes. For more information, see Authentication Server troubleshooting.


Email service

Additional logging has been added to Email service to log occurrences where the SMTP settings fail due to incorrect configuration in the web.config file.



The newtonsoft.json package used by the Hub repositories has been updated to the latest version to remove a vulnerability to insecure defaults. Authentication Server has also been updated to use the Duende IdentityServer 6.0.



License Manager

License Manager now correctly listens and responds to HTTP requests even when RabbitMQ is not available. Previously, License Manager did not listen for HTTP requests when RabbitMQ was not available.




A previous known issue where the Hub tile became inactive after logging in following an application pool recycle has been fixed.


When signing in using Authentication Server from the Blue Prism interactive client, the language selected on the Blue Prism login page is now reflected on the Authentication Server login page.


Roles and permissions

An issue has been fixed where the pagination arrows still displayed on the Roles and permissions page after adding Active Directory groups to a role if the filters used on the page resulted in an empty table.


Service accounts


Service account client IDs are now set to be case sensitive. Previously, naming one client ID 'Test' and another client ID 'test' would trigger an error, whereas both can now be used at the same time without errors.


An issue has been fixed where, when filtering and selecting items on the Service accounts page, the selection was not retained once the filter had been removed.



An issue has been fixed on the Users page where a theme could not be selected if a user clicked the Add user button before the page had finished loading.


Plugin updates

Automated Lifecycle Management (ALM)

No changes have been made to the ALM plugin in this release.

Control Room


Description of Change


Schedule Manager

When editing schedules in Schedule Manager, the Repeat every interval properties are now reset to the default value when the interval type is updated. Previously, some properties retained their values when the interval type was changed.



No changes have been made to the Decision plugin in this release.


For the Interact plugin improvements and fixes, see the Interact 4.7 release notes.

Known issues

A list of any prominent issues with this release is maintained in the knowledge base:

  • For Hub known issues, click here.
  • For Decision known issues, click here.

Secure development policy

Blue Prism’s secure development process is a market-leading, embedded security culture, focused on delivering security excellence through four key principles:

  • Education – Providing up-to-date knowledge, information, and training to the development team.
  • Evaluation – Regular reviews of our products using industry standard frameworks and security tools.
  • Elimination – Remove potential threats through the evaluation of standards, compliance, and performance.
  • Evolution – Continued improvement of our security program, ensuring alignment with our product technologies and by reacting effectively to new and emerging threats.

Blue Prism secure development is based on OWASP ASVS, ISO 27034 and GDPR Article 25 standards and practices. For more information, see Blue Prism's comprehensive secure development process.