Configure Settings

Use Settings to configure the following options:

Bots

Resiliency settings enable you to customize options to capture and compare automation executions. The pop-up handling is disabled by default to ensure unexpected pop-ups that occur during the bot run are handled. However, administrators can allow users to customize the pop-handler by enabling this option. See Configure pop-up handling.
Secure recording mode ensures that sensitive data is not stored in the bots. When secure recording mode is enabled, the bots do not capture values of certain properties or store application images. You can enable this setting for some or all users of the Control Room.
Note: Secure recording mode only applies to bots that are created or edited after the mode is enabled.

Click Edit in the Bots tab to enable or disable secure recording mode. See Secure recording.
Bot validation performs an additional compile time validation on migrated bots at the preprocessing stage to save your time and effort. By default, the Bot validation feature is set to Off.
Note: You must be a Control Room administrator to view and edit the validation option.

Navigate to Administration > Settings > Bots and set the bot validation option to On to detect compilation errors with bots.

Validation happens at the time of running the bot, for new bots. For migrated bots, this check is performed immediately after bot migration, per configuration.

For example, if a parent bot calls a child bot and the child bot has compilation errors, these errors are displayed when you try to run the parent bot. This ensures that an error does not occur in the middle of an automation or make it an incomplete automation.

In the Bot migration results page, select a bot that needs review. Click the three dots under Reason tab to see the details. With the Bot validation feature set to On, the bots that have compile time errors are displayed as a separate line entry in the migration report.

Migrated bots with compilation errors are shown in Successful with Review section of the migration report and ensures that you can get a list of bots that require your attention.
Loop package enables you to run a sequence of actions repeatedly for a specific number of times or until a specific condition is met.
For bots that were created using the Loop action in Automation 360 v.26 or earlier releases, you can enable the Legacy Loop behavior option from the Administration > Settings to iterate the loop based on the specified value.
In the Legacy Loop behavior tab, click Edit to select one of the following options:
1. Enabled: Loop is iterated based on the specified value. When you select this option and either increment or decrement the variable value in the end condition, loop iterations will not vary dynamically based on the new value generated.
2. Disabled: Loop iterations will continue to vary dynamically based on the variable value generated in the end condition.

Policies

Code Analysis: Enable the code analysis feature to run code analysis on your automations. This feature analyzes the code and displays a list of violations based on a set rules. You can review and fix any coding or stylistic errors for your automation.

Code analysis| Code analysis policy management

Packages

Packages provide the building blocks for automations, actions, triggers, variables and so on for developers

Packages

Devices

When there is a new version of the Bot Agent, it is automatically updated.

Manage device settings

AI governance

This setting enables audit log summary for AI governance that captures model interactions of prompt inputs and responses exchanged with the supported hyperscaler model vendors such as Amazon Bedrock, Google Vertex AI, Azure OpenAI, OpenAI and others, integrating the power of generative AI in automations.

Enable or disable data logging for AI governance in the Control Room by navigating to Administration > Settings > AI Data Management.

The generated logs are captured in AI governance > AI prompt log and AI governance > Event log tabs.

For details, see Assign roles and permissions to enable AI governance.

Note: This feature is available for AI governance Cloud instances only.

IQ Bot

View the website address where IQ Bot is currently installed, if applicable. Click Edit to update the IQ Bot URL.

Document Automation Settings

Enable external service connection for using generative AI capability in Document Automation Cloud.

Document Automation settings

Bot Agent bulk install

Install Bot Agent on multiple devices such as On-Premises laptops or desktops, virtual machines (VM), or temporary (non-persistent) virtual desktop infrastructure (VDI) using software configuration manager tools or through a centralized image.

Bulk installing Bot Agent

Email

All users must confirm email accounts by clicking the confirmation link that they receive, set the password, and security questions before user can log in to the Automation Anywhere Control Room. By default, email notifications are disabled. Hover over the Edit icon to make changes.

Edit email notifications

Templates

Create and build automations using templates (out-of-the-box) that contain prebuilt automation code structure that you can select based on your business processes.

Automation Anywhere templates

Remote Git repository integration

Remote Git repository must support Git LFS (Large File Support). Bots are synced using standard Git push over HTTPS.

CoE Manager

Enable access to CoE Manager from the Control Room so that you can access CoE Manager from the quick links section on the Control Room home page.

Enable CoE Manager

Login settings

For security, privacy, or any other pertinent announcement, you can provide an additional statement, such as consent text, in the Login settings section. The statement is visible to users every time they log in to the Control Room.

This statement on the login page is disabled by default. If you enable it, you can also provide an option (using a check box) for users to read and accept the statement before logging in to the Control Room.

Security settings

Password Configuration

Administrators can configure password requirements for users to log in to the Control Room. This configuration prevents users from setting weak or most commonly used passwords that might prevent unauthorized access to the Control Room.

Password length (characters): Password length determines the strength of a password.

Minimum: Set the minimum number of characters allowed for the password. By default, the minimum number of characters is set to eight and the number cannot be reduced further.
Maximum: Set the maximum number of characters allowed for the password. By default, the maximum number of characters is set to 50 and cannot be set to more than 64 characters.

You can also enforce the users to include one of the following characters in the password:

A number
An alphanumeric letter
A symbol
A capital letter

Note:

On-Premises users: The check-boxes for Alphabetical character, Number, Capital letter, and Special character are enabled, and the user can select or deselect the options.
Cloud users: The check-boxes for Alphabetical character, Number, Capital letter, and Special character are disabled, and the user cannot select or deselect the options.

Repetitive Characters: Repetitive characters such as aaaa, bbbb, cccc, and so on in passwords make it easier for attackers to guess the password and are considered to be weak passwords.

Allow unlimited repetitive characters: This option is set as default and allows users to use unlimited repetitive characters in their passwords. Selecting this option might allow users to set weak passwords and vulnerable to attacks.
Limit repetitive characters: Select this option to restrict the users from using repetitive characters in their passwords. Set the repetitive characters limit in the Maximum characters can be repeated option. If you set this limit as one, then no characters in the password can be repeated. If you set this limit as two, users can use two repetitive characters in their passwords. For example, users can use aa, bb, and so on in their passwords.

Sequence Characters: Sequential characters such as qwerty, 123456, abc123, and so on in passwords make it easier for attackers to guess the password and are considered to be weak passwords.

Allow unlimited sequence characters: This option is set as default and allows users to use unlimited sequential characters in their passwords. Selecting this option might allow users to set weak passwords and vulnerable to attacks.
Limit sequence characters: Select this option to restrict the users from using sequential characters in their passwords. Set the sequential characters limit in the Maximum characters can be used in sequence option. If you set this limit as one, then no characters in the password can be used in a sequence. If you set this limit as two, users can use two sequential characters in their passwords. For example, users can use 12, ab, and so on in their passwords.

Restrict common passwords from the system: Allowing users to use common passwords such as 123456, qwerty123, 1q2w3e, and so on makes it easier for attackers to guess the passwords and are considered to be weak passwords.

Do not restrict common passwords: This option is set as default and allows users to use commonly used passwords. Selecting this option might allow users to set weak passwords and vulnerable to attacks.
Restrict common passwords: Select this option to restrict the commonly used passwords. Add the commonly used passwords on separate lines in the text box to avoid users using such passwords.

Set minimum number of days before a user can change their password: If you allow users to change their passwords anytime, they can continue to use the same password even if there is a restriction about not using the last few instances of their passwords. Fox example, if a user is prompted to change their password and restricted to not use any of their last three passwords, the user can change the password three time continuously and set their existing password the fourth time. Setting a minimum number of days before a user can change their password restricts the user from using the same password when they are prompted to change their password.

Disabled: This option is set as default and allows users to change their passwords anytime. Selecting this option might allow users to use the same password and vulnerable to attacks.
Enabled: Select this option to set the number of days users are restricted from changing their passwords. The maximum number of days that you can set is 10. For example, if you set the days to five, a user can change their password again only after five days of changing their password.

Captcha and user lockout: This option prevents attackers from using scripts or bots to guess user credentials and locks the user account after certain unsuccessful login attempts.

Captcha on: This option is enabled by default. When logging in to the Control Room, if the user enters incorrect credentials, they are prompted to solve a Captcha before logging in.
Note: This option mitigates the use of scripts for login as the Captcha requires the user to enter the correct value.
Set the Lock the user out after unsuccessful login attempts option to lock the user after the set number of unsuccessful login attempts.
Lockout on: Set the Lock the user out after unsuccessful login attempts option to lock the user after the set number of unsuccessful login attempts.

Inactive User Account Auto-Disable Configuration

Note: This feature requires the Enterprise Platform license. See,Enterprise Platform.

This configuration automatically disables user accounts that have been inactive in the Control Room for a specified number of days. As an authorized user you can enable or disable the following actions. The disabled users will not be able to log in to the Control Room.

Note: This feature applies to user accounts created in Automation 360, as well as those generated through AD integration or IdP integration (SAML).

Disabled: This option is set by default and allows you to auto-disable all the inactive users without allowing you to select the users you can exclude from this action.
Enabled: This option allows you to configure which inactive roles you want to auto-disable. You can also set the number of days of inactivity before automatically disconnecting the inactive users from the Control Room.
Select the Exclude the following roles check box to ensure that some roles are not automatically disabled because they are inactive for some time. You can do this by selecting the role from Available roles column and clicking the right arrow to move the role to the Selected column.

API-Key duration

The generated API-Key is used to authenticate users. You can customize how long the generated API-Key is valid to authenticate users until either:

A selected duration is reached (in minutes or days), or
A new API-Key is generated

Note: You determine the validity duration based on your organization's requirements. Maximum supported API-Key duration is 1 to 14,398,560 minutes, or 1 to 9,999 days.

Time-out session settings

You can enable time-out settings to automatically sign out users from the Control Room browser session after the specified minutes of inactivity. You can set the Time-out session setting field to one of the following values: 10 minutes, 20 minutes, 30 minutes, 40 minutes, 50 minutes, 1 hour, 2 hours, 4 hours, 8 hours, 12 hours, 24 hours, or 7 days. You can configure the session using increments of 10 minutes or 1 hour. The default value is 20 minutes, which means you will be logged out of the session after 20 minutes of inactivity.

File upload settings

In order to ensure that there is no security breach, administrators can restrict users from uploading the following media type application/x-msdownload files:

.exe (Executable files)
.dll (Dynamic Link Library files)
.cab (Cabinet files)
.msi (Microsoft Installer files)

This setting is also applicable to the files that are uploaded as part of Automation Co-Pilot process in Process Composer. In order to manage this feature, click Administration > Settings > Security settings.

In the File upload settings tab, click Edit.
Use the File size upload limit field to select one of the following options:
- No limit - Is the default option and enables the users to upload files without any size restrictions to Control Room.
- Set limit - Select this option and enter the size limit for the file upload in the Specify the file size limit field. You can also use the + to increase or - to decrease the file size number.
  Note: This option to set or specify the file size limit requires the Enterprise Platform license. For more information about supported version for this feature, see Enterprise Platform.
  Review the following considerations before setting a limit on the file upload:
  - If you selected the Set limit, ensure that you specify the size. Empty field or 0 is not allowed.
  - The size limit is for individual files.
    For example, if the value in Specify the file size limit is set to 10 MB, users can upload 20 files that are of 9.9 MB each.

Two factor authentication (2FA): Enable 2FA to provide an additional layer of defense against unauthorized users from accessing the Control Room. As an administrator, you can set up 2FA so that the users can validate their identity when logging in to the Control Room using both their user credentials and a second authentication factor.
Two-factor authentication

Multiple active user sessions

You can now open a maximum of 5 (five) concurrent active sessions from a Control Room. The option to use 5 (five) concurrent active sessions is enabled by default. If the option is disabled, you can use only 1 (one) active session.

Enable: Allows you to use up to five concurrent active session. This option is enabled by default.
Disable: Allows you to use only one active session.

Note: If you already have five concurrent active sessions open and want to log into a sixth session, the first inactive session is automatically disconnected.

Historical activity retention

If you want to retain historical activities for only a limited period to save storage space or if you do not want to retain historical activities, configure your settings to automatically purge (delete) such activities.

Cloud: By default, the historical activities are set to be deleted after 90 days. You can set a minimum value of 1 day to a maximum value of 90 days. This option is always enabled.
On-Premises: You can choose the following options:
- Do not purge: Historical activities are retained and never deleted.
- Purge: Historical activities that are older than 365 days are automatically deleted. You can set a minimum value of 1 day to a maximum value of 365 days. When the setting is enabled, the default value is set to 30 days.
  Note: This feature is set to Do not purge when you update from a previous release to v.31 or later releases or when you directly set up v.31 or later releases.

Audit log retention

If you want to retain audit log entries for only a limited period to save storage space or if you do not want to retain historical audit log entries, configure your settings to automatically purge (delete) such entries.

Do not purge: Audit log entries are retained and never deleted.
Purge older than 15 months: Audit log entries that are older than 15 months are automatically deleted.

If you are updating to v.30 release from a previous release, then you must manually enable the Purge older than 15 months option.
If you are directly setting up v.30 or later releases, the Purge older than 15 months option is enabled by default.
The audit log entries are deleted every week from the time the Purge older than 15 months option is enabled.

See: Audit log settings FAQ.

Bot promotion settings: Add the approved list of target URLs so that you can move bots and files between Control Room instances in a single flow, thus avoiding the multi-step export and import process.
Move bots across environments

Notification settings

Manage the notification settings for notification categories and channels. The notification settings defined by the Control Room administrator are applicable for all the Control Room users. Based on these defined settings, Control Room users will be notified about the events.

Administer notifications for Control Room.

Custom announcement settings

Administrators can configure custom announcement settings to broadcast important information or critical updates to all the other Control Room users.

Configure custom announcements

User authentication

Configure the Control Room to authenticate users through the database option or switch to a SAML Identity Provider (IdP).

Set up SAML authentication

Network settings

Forward Proxy Configuration

Configure a forward proxy so that Control Room features can connect to Cloud-hosted Control Room services outside of customer's internal network.

Configure forward proxy settings

Allowed IP Addresses

You can add a maximum of 200 Allowed IP addresses.

Allowed IP addresses

External key vault

External key vaults provide a way to securely store and retrieve credentials using a third-party key manager such as CyberArk, Azure, and AWS Secrets Manager.

SIEM Integration Configuration

Control Room supports security information and event management (SIEM) integration. This enables the audit logs to be sent to analytic tools, such as Splunk, Qradar, Sumologic, and ArcSight.

Configure integration with SIEM

Workload Management

You can use the Auto-purge settings to remove the completed work items based on the preset number of days. This option is disabled by default. When enabled, the work items are deleted automatically from the database.

Purge work items