Supported authentication methods

Control Room supports the listed authentication methods.

Supported authentication methods

Note: Integration of LDAP with a load balancer for Active Directory using Kerberos authentication is not supported.

The benefits of integrating with Active Directory include the following:

Easier adoption
Integrates with an existing authentication solution, compliant with the standards.
Maintainability
All passwords and password policies are centrally administered.
Better user experience
Fewer passwords to remember.

Kerberos provides additional benefits over NTLM pass-through authentication.

  • Open standard versus closed proprietary standard
  • Mutual authentication of client and server

Integration with smart cards for 2FA

Local authentication manages user passwords via the Credential Vault. Passwords are hashed using the HMAC SHA512 algorithm, which is keyed by the output of the Password-Based Key Derivation Function (PBKDF2). User passwords are encrypted in transit via TLS 1.2.

All authentication and session management is handled via the well-tested Spring Security framework. Kerberos integration is provided via the well-tested Waffle framework. SAML integration is provided via the well-tested OneLogin framework.

Multi-domain Active Directory support

Automation Anywhere platform architecture supports single-forest multi-domain Active Directory integration. Control Room can be configured with Active Directory Global Catalogue Server in a way that Control Room, Bot Creators and Bot Runners can all be in same or different Active Directory domains of a single forest. This gives added flexibility and control for large-scale complex deployment where users are spread across geographies.

Multi-domain support is provided out of the box and no additional configuration is required. The Control Room user provisioning from different Active Directory domains is also seamless. It enables the Control Room admin to centrally orchestrate the digital workforce running across the globe.