Supported authentication methods for Automation 360 On-Premises
Review the authentication methods supported by Automation 360 On-Premises.
Supported authentication methods
- Active Directory using LDAP
- Active Directory using Kerberos
- Local authentication using a database
The benefits of integrating with Active Directory include the following:
- Easier adoption
- Integrates with an existing authentication solution, compliant with the standards.
- All passwords and password policies are centrally administered.
- Better user experience
- Fewer passwords to remember.
Kerberos provides additional benefits over NTLM pass-through authentication.
- Open standard versus closed proprietary standard
- Mutual authentication of client and server
- Integration with smart cards for 2FA
Local authentication manages user passwords through the Credential Vault. Passwords are hashed using the HMACSHA512 algorithm, which is keyed by the output of the Password-Based Key Derivation Function (PBKDF2). User passwords are encrypted in transit through TLS 1.2.
All authentication and session management is handled through the well-tested Spring Security framework. Kerberos integration is provided through the well-tested Waffle framework. SAML integration is provided through the well-tested OneLogin framework.
Active Directory integration for authentication
Automation Anywhere offers seamless integration with Microsoft Windows Active Directory for access to the Control Room, Bot Creators, and Bot Runners. When Control Room is integrated with the Active Directory, all the Active Directory users with basic details are directly available in the Control Room without any extra configuration. For Active Directory integration, user passwords stay in only Active Directory and are not saved in the platform.
In addition to Active Directory authentication, the Control Room has its own controls to prevent unauthorized access to anDynamic access token authentication of Bot Runnersy automation data.
Bot Runner users can also configure their Active Directory credentials for Bot Runners machine autologin. These credentials are saved in the centralized Credential Vault.
Multi-domain Active Directory support
Automation Anywhere platform architecture supports single-forest multi-domain Active Directory integration. Automation 360 On-Premises can be configured with Active Directory global catalog server in a way that the Control Room, Bot Creators and Bot Runners can all be in the same or different Active Directory domains of a single forest. This gives added flexibility and control for large-scale complex deployment where users are spread across geographies.
Multi-domain support is provided out of the box and no additional configuration is required. The Automation 360 On-Premises user provisioning from different Active Directory domains is also seamless. It enables the Automation 360 On-Premises admin to centrally orchestrate the digital workforce running across the globe.