Set up SAML authentication
Switch an authenticated environment Control Room database to a SAML identity provider (IDP).
Ensure that you are logged in to the Control Room as the administrator.
Introducing credentials on a new system, before importing users, and other setup tasks might be required before setting up authentication for the Control Room. If users are imported, there must be matching user IDs, email addresses, first and last names, in both the Automation Anywhere credentials and matching records in order to log in after the SAML integration. For example, if using Okta as an SSO,users must have matching IDs, email addresses, first name and last names in both Automation Anywhere and Okta in order to log in after the SAML integration.
Have the necessary user information and certificate ready. Typical user information consists of userID, first and last name, and an email address.
After switching to SAML authentication environments, any users with non-SAML IDP formatted IDs will not be able to login. You will need ensure that any bots in their private folders are exported so they can be imported back against their new user accounts.
Much of this configuration is reliant upon third-party applications to create the necessary metadata. If you require more specific configuration information based on a specific provider, see the associated knowledge base articles provided. For more details, see Automation 360 steps to configure SSO authentication With Okta as ID provider (A-People login required).
To switch the Control Room to a SAML-authenticated environment, follow the steps outlined in this procedure.
- Navigate to .
Select the Use SAML option.
Note: The Use Control Room database option is selected by default.
In the SAML metadata field, enter the metadata from your
SAML IDP setup.
<saml2:AuthnStatement AuthnInstant="authenticated_instance" SessionIndex="index_value_required">Note: The SessionIndex must be present in the AuthnStatement. This optional field in SAML is mandatory to integrate an IDP with Cloud Control Room.
- In the Unique Entity ID for Control Room (Service Provider) field, enter the entity ID.
In the Encrypt SAML Assertions field, select one of the
Option Description Do not encrypt SAML assertions are not encrypted. Encrypt SAML assertions are encrypted.
Enter the Public key and Private
Note: Enter keys only if you require encrypted SAML assertions.
Click Validate SAML Settings.
The Control Room will log in through the SAML provider and redirect back to the Control Room User Authentication page.When you click this option, you will be redirected to a SAML 2.0 service provider web page where you will be prompted to enter credentials and other data.
- Log in to your provider when prompted.
- Click Save changes.