Configure Active Directory (AD) security groups to connect the Recording Service with Recorder instances

Windows authentication is used to authorize the connection between the Recording Service and the Recorder instances installed on users' workstations.

Make sure the machines on which Recording Service and Recorder will be installed meet the following requirements:

All workstations on which the Recorder will be installed and the server on which the Recording Service will be installed must be members of the same Active Directory domain.
The user accounts that will be used for working with the applications have been added into the corresponding Active Directory security groups. You can use an existing security group or create the following security groups in Active Directory:
- Recording Service admin group, for example, Recorder-admin – Assign this group full control to the Recording Service web application. Then add user accounts to the group to grant them admin access to the Recording Service web application.
- Recorder writers, for example Recorder-writer – Assign this group write access to Recording Service. Then add user accounts to the group to grant their Recorder instances write access to the Recording Service web application. This will allow Recorder instances to send logs to Recording Service.

When installing the Recording Service, at the Active Directory Security step, specify the names of the configured groups.

Admin AD Security group – Members of this group have admin access to the Recording Service website.
Recorder AD Security group – Members of this group have write access to the Recording Service component. Both local and Active Directory groups and accounts can be used.

If you install the program in a production environment, it is recommended to specify existing Active Directory security groups or groups you created before the installation, for example, Recorder-admin and Recorder-writer.

For testing purposes or in case your organization does not use Windows authentication, you may specify the following additional details:

Admin AD Security group – Recording Service local admins' user account(s)
- Domain user – Format: Domain\UserName
- Local group or user – Format: ComputerName\GroupName or ComputerName\UserName
  To display the computer name, open the Command Prompt (Start > Run > cmd) and type hostname.
  You may create a local group, add domain users or groups to it, and specify this group in the Admin AD Security group field.
Recorder AD Security group - Everyone

In this case, access to the Recording Service website will be unrestricted. The format depends on your Windows locale, for example, in English: Everyone

To find out which Active Directory groups in different languages you are a member of:

Open the Command Prompt.
Type whoami /groups.

The distribution groups and nested groups display.

You can change the Active Directory security groups configuration after the Recording Service and Recorder installation. For more details, see Update Active Directory security groups accessing Recording Service resources.

	Click here to see the documentation for all Blue Prism products.
© 2024 Blue Prism Limited \| Last updated on 26 Jan 2024