Create an Active Directory user

Add the Active Directory user by selecting the AD domain, providing AD environment details, and assigning a role and device license.


Ensure that you are logged in to the Control Room as the administrator.

Note: Before removing a user, administrators should make certain all unfinished development of bots are checked-in.


  1. Navigate to Administration > Users.
  2. In the General Details section, enter the following information:
    1. Enable User: Select this option so that the user can log in immediately.
    2. Active Directory domain: Select the active directory name for the user.
      The list displays all the domains that are available in the Active Directory domain controller.
      Note: Control Room Active Directory supports single forest multi-domain environment.
      • If the user name is present in the Active Directory database, the First name, Last name, Email, and Confirm email fields are automatically populated.

        If the data is not automatically populated, enter the details in the fields.

        Note: You can use reserved characters, such as the comma (,), in the username.
      • If the username is not present in the Active Directory database, an error message is displayed. Contact the network administrator to resolve the issue.
      If SMTP is enabled, the user is sent an email to this address to confirm the account. All important Control Room notifications will be sent to this email address. You can use the "@" character to accommodate email user names.
      Note: To support SSO over SAML, the User Principal Name (such as in Azure Active Directory) must match the corresponding username in the control room.
  3. Select the required role from the list of Available roles.
  4. Assign a device license to the user.
    Note: When you logged in as administrator, you cannot allocate any device license to the user and None option is selected by default.
    None The user can access the Control Room only.
    Bot Creator- Development license Enables user to create and run bots. Auto login is enabled by default.
    Unattended Bot Runner - Run-time license Users with this license can perform all automation tasks that attended users can perform. Additionally, this license can also be used for Control Room deployment, centralized scheduling, and API-based deployment.
    Attended Bot Runner - Run-time license Users with this license can run bots on their devices and use any event trigger associated with their user account or role. However, these users cannot schedule bots.
    Citizen Developer - Development license Users with this license can create and run bots (including bots with triggers) on their devices.

    The Bypass legal disclaimer option is automatically enabled to allow the user to run bots on a device without having to manually acknowledge a disclaimer.

    After you select a device license, the Device login credentials are enabled. If you have the Attest device credentials permission, you can choose to attest the device credentials for this user to bypass credential validation when you deploy bots. The Bot Runner user should have an unlocked and active user session.
    Note: This works only if the auto login setting Reuse an existing session is selected in the Control Room by the administrator.
  5. Click Create user.