Set up SAML authentication
Switch an authenticated environment Control Room database to a SAML identity provider (IDP).
This task is performed by the Control Room administrator. You must have the necessary rights and permissions to complete this task. Ensure you are logged in to the Control Room as the administrator.
Introducing credentials on a new system, prior to importing users, other setup tasks may be required before setting up Authentication for the Automation Anywhere Control Room. If users are imported, there must be matching userIDs, email addresses, first and last name, in both Automation Anywhere credentials and matching records in order to login after the SAML integration. For example, if using Okta as a SSO,users must have matching IDs, email addresses, first name and last names in both Automation Anywhere and Okta in order to login after the SAML integration.
Have the necessary user information and certificate ready. Typical user information consists of userID, first and last name, and an email address.
Much of this configuration is reliant upon third party applications to create the necessary metadata. Should you require more specific configuration information based on a specific provider, please refer to the associated Knowledge Base articles provided.
To switch the Control Room to a SAML-authenticated environment, follow the steps outlined below.
- Navigate to .
Select the Use SAML option.
Note: The Use Control Room database option is selected by default.
In the SAML metadata field, enter the metadata from your
SAML IDP setup.
<saml2:AuthnStatement AuthnInstant="authenticated_instance" SessionIndex="index_value_required">
- In the Unique Entity ID for Control Room (Service Provider) field, enter the entity ID.
In the Encrypt SAML Assertions field, select one of the
Option Description Do not encrypt SAML assertions are not encrypted. Encrypt SAML assertions are encrypted.
Enter the Public key and Private
Note: Enter keys only if you require encrypted SAML assertions.
Click Validate SAML Settings.
The Control Room will login through the SAML provider and redirect back to the Control Room User Authentication page.When you click this option, you will be redirected to a SAML 2.0 service provider web page where you will be prompted to enter credentials and other data.
- Login to your provider when prompted.
- Click Save changes.