Set up SAML authentication

Switch an authenticated environment Control Room database to a SAML identity provider (IdP).

先决条件

注： SAML integration is irreversible. After it has been established, you cannot modify the configuration.

Ensure that you are logged in to the Control Room as the administrator.

Before you set up authentication for the Control Room, setup tasks (such as introducing credentials on a new system and importing users) might be required. If you import users, then you must also include matching user IDs, email addresses, first and last names, in both the Automation Anywhere credentials and matching records to log in after the SAML integration. For example, if using Okta as a SSO, then users must have matching IDs, email addresses, first name and last names in both Automation Anywhere and Okta to log in after the SAML integration.

You should have the required user information and certificate ready. Typical user information consists of user ID, first and last name, and an email address.

注： You must validate the SAML IdP setup before you configure the Control Room. See Configure the Control Room as a service provider.

After switching to SAML authentication environments, any users with non-SAML IdP formatted IDs will not be able to log in. You need to verify that any bots located in their private folders are exported so they can be imported back against their new user accounts.

Much of this configuration relies on third-party applications to create the necessary metadata. If you require more specific configuration information based on a specific provider, see Configure SSO authentication with Okta.

To switch the Control Room to a SAML-authenticated environment, follow these steps.

过程

Navigate to Administration > Settings > User authentication.
Select the Use SAML option.

注： The Use Control Room database option is selected by default.
In the Unique Entity ID for Control Room (Service Provider) field, enter the entity ID.

In the Encrypt SAML Assertions field, select one of the following options:

选项	描述
Do not encrypt	SAML assertions are not encrypted.
Encrypt	SAML assertions are encrypted.

可选： Enter the Public key and Private key values.

注： Enter keys only if you require encrypted SAML assertions.
Click Validate SAML Settings.
The Control Room will log in through the SAML provider and redirect back to the Control Room User Authentication page.

When you click this option, you will be redirected to a SAML 2.0 service provider web page where you will be prompted to enter credentials and other data.
Log in to your provider when prompted.
Click Save changes.

Automation 360