Agent Interoperability with MCP (Model Context Protocol) lets third-party AI assistants safely start unattended Automation Anywhere automations on remote devices.

Unattended automation execution from AI assistants

This feature allows you to build fully autonomous AI agents that can carry out business processes from start to finish without needing human help. By clearly separating invocation and execution identities, the platform supports autonomous AI agents while preserving enterprise security, governance, and operational consistency.

You can use this feature to:
  • Update purchase orders (POs) in SAP
  • Execute procurement and ERP workflows
  • Run unattended automations on remote devices from AI-driven requests
Every automation started through MCP contains both of these user roles (Note to me: Need to know that the final roles/users will be called for consistency):
Role Description
Task Invoker Someone who requested it. The user who triggers the automation from a third-party system (for example, Joule or another AI assistant).
Task Executor Someone whose credentials executed it. The user identity whose credentials are used to run the automation on devices and business applications.

Automation execution modes

When configuring MCP remote deployment, you select how to run the automation.

Automation (Task) Invoker user: The automation runs as the same user who triggered it.

Behavior Use Cases
  • The Task Invoker and Task Executor are the same user.
  • Automation permissions, device permissions, and auto-login credentials are validated for the invoker.
  • If the invoker is an attended bot runner user, the automation runs on the user’s default device.
  • Device override selections are ignored in this scenario.
    Note: If device overrides are selected while running as an attended invoker user, the system displays an error message and uses the default device.
  • Regulated environments requiring strict user-level accountability.
  • Scenarios where automations must run strictly under the requesting user’s credentials.

Specific user (Task Executor, run-as user):The automation is triggered by one user but executed by another user.

Behavior Use Cases
  • Task Invoker: Business user who triggers the automation
  • Task Executor: Selected run-as user
  • The automation:
    • Unlocks devices using the executor’s credentials
    • Accesses business applications (for example, SAP) using the executor’s identity
  • Device selection:
    • Uses the executor’s default device
    • If unavailable or overridden, uses selected device pool in the order configured
  • Fully autonomous AI agents.
  • Shared or service accounts
  • Large-scale unattended automation
  • Scenarios where end users do not require direct execution credentials

Permissions and access control

Automation Anywhere enforces existing security and RBAC policies without modification.

User Permissions
  • The Task Invoker must have permission to run the automation.
  • The Task Executor must have:
    • Bot permissions
    • Access to the assigned device pool
    • Valid auto-login credentials for unattended execution
Note: Available run-as users and device pools are filtered based on the logged-in user’s permissions. Users only see options they are authorized to use.

[Note to me: Need finalized GUI to complete and get screen shots] To configure and run an unattended automation on a remote device:

Procedure

  1. Sign in to the Control Room.
  2. Go to AI > Agent connections. From the Agent connections page, you can view the list of agent connections, automations, and tools.
  3. Select automation.
  4. Configure variables
  5. Select run-as user
  6. Select device pool.
  7. Configure resiliency settings
  8. Configure general settings

    Each completed step is indicated with a green check mark, ensuring all required configuration is complete before execution.