This topic guides you through setting up OAuth 2.0 authentication for Model Context Protocol (MCP) inbound tools within Automation Anywhere.

Implementing OAuth provides a more secure and robust method for third-party AI assistants to interact with your Automation Anywhere automations, maintaining user identity and enforcing role-based access control (RBAC) without requiring users to manually enter credentials. Follow these steps to configure OAuth 2.0 support for MCP inbound tools. The process involves configuration in both the Control Room and your third-party AI assistant (e.g., Microsoft Copilot Studio).

Prerequisites

Before configuring OAuth 2.0 support, ensure the following requirements are met:

  • User License: The user configuring and accessing the MCP tools must have an Attended Bot Runner license assigned.
  • Device Connection: The Attended Bot Runner user must be connected to a registered local device in the Control Room. Verify that the bot configuration is correct and can run successfully from the Control Room.

Required permissions:

  • AI permissions:
    • View Agent Connections: To see inbound and outbound tools and connections.
    • Manage Agent Connections: To configure and manage inbound and outbound tools and connections.
  • API permission: Generate API Key.
  • Bot permissions:
    • View my bots and Run my bots.
    • Ensure that the required bots are assigned to the user's role through RBAC. For more information, see RBAC in Control Room.

Procedure

  1. Register Control Room with OAuth2 services.
    1. In the Control Room, navigate to Settings.
    2. Register the OAuth2 configuration. This typically involves logging in with your credentials and generating a token to validate and register the OAuth services.
    3. Confirmation: A message confirming successful registration will display. For more information on OAuth connection, see Configure OAuth connections in Control Room.
  2. Create an OAuth Client.
    1. Go to Manage > OAuth client.
    2. Click Create client to create a new client.
    3. Provide a descriptive client name (e.g., "MCP Inbound Client").
    4. Select the appropriate Application type, such as Regular web or Single page application.
    5. Click Create client.
    Upon successful creation, the system will generate crucial details like Client ID, Secret ID, and other necessary information. Keep these details accessible as you will need them for the next steps.
  3. Add an MCP tool.
    1. Log in to your third-party AI assistant (e.g., Copilot, ChatGPT).
    2. For instance, in Microsoft Copilot Studio, navigate to the Tools section and select to add a Model Context Protocol (MCP) tool.
    3. Provide a server name (e.g., "Automation 360 MCP Server") and a description for the tool.
    4. Enter the server URL. This is typically your Automation Anywhere Control Room URL followed by /mcp(e.g., https://your-control-room-url/mcp). For more information on setting up Copilot, see Connect your agent to an existing Model Context Protocol (MCP) server.
      Note: Only the Manual authentication method is supported for OAuth with MCP. When you configure the MCP tool, for example, Copilot select Manual as the OAuth type while configuring.
      Configure MCP Inbound OAuth
  4. Configure OAuth 2.0 Authentication.
    1. From the OAuth client details you obtained in the Control Room, copy the Client ID, Secret ID, Authorization URL, Token URL, and Refresh URL.
    2. Paste these copied details into the corresponding fields within your third-party AI assistant's MCP tool authentication configuration.
  5. Update Redirect URL in Control Room.
    1. After you complete the MCP tool creation in your third-party AI assistant, it will generate a Redirect URL.
    2. Copy this Redirect URL from your third-party AI assistant.
    3. Return to the Control Room's OAuth clients section and edit the client you created.
    4. Paste the copied Redirect URL into the client's configuration.
    5. Save the changes to the OAuth client.
    This action completes the integration, establishing a secure connection between your Control Room and the third-party AI assistant.
  6. Establish User Connection in the Third-Party AI Assistant.: When you attempt to use the integrated MCP tool within the third-party AI assistant, you will be prompted to authenticate. This authentication follows an OAuth flow, where you will be asked to grant permission or accept the connection using their Automation Anywhere Control Room credentials.
    A successful connection is established.
  7. Access and Trigger Tools (automations/AI Agents/processes).
    1. Once the connection is established, the third-party AI assistant will list the available tools from the Automation Anywhere MCP server. These include standard static tools like DiscoverAutomation, RunAutomation, and GetAutomationResult, along with any custom inbound tools you have configured in the Control Room.
    2. Role-Based Access Control (RBAC): The visibility and execution capabilities of these tools are strictly governed by the user's RBAC permissions configured in the Control Room. For instance, a user will only discover or be able to run automations for which they possess View my bots and Run my bots privileges.
    You can now trigger automations conversationally via the third-party assistant, using natural language to initiate tasks.