Authentication for Bot Creators

Bot Creator must authenticate against Control Room for any operations on the Bots.

The system obscures feedback of authentication information during the authentication process to protect the information from possible exploitation and use by unauthorized individuals as required by NIST IA-6. User might choose to authenticate using Kerberos, SAML 2.0 protocols or by entering the user credentials for non-Active Directory Control Room.

Figure 1. Bot Creator and Bot Runner authentication
Enterprise client login screen.

In addition to TLS, users' passwords to connect to Control Room are encrypted at the message level during transit, implemented using RSA (2048) + AES (256) + HMAC (SHA256).