Supported authentication methods

Active Directory using LDAP
Active Directory using Kerberos
SAML
Local authentication using a database

The benefits of integrating with Active Directory include the following:

Easier adoption: Integrates with an existing authentication solution, compliant with the standards.
Maintenance: All passwords and password policies are centrally administered.
Better user experience: Fewer passwords to remember.

Kerberos provides additional benefits over NTLM pass-through authentication.

Open standard versus closed proprietary standard
Mutual authentication of client and server
Integration with smart cards for 2FA

Local authentication manages user passwords through the Credential Vault. Passwords are hashed using the HMACSHA512 algorithm, which is keyed by the output of the Password-Based Key Derivation Function (PBKDF2). User passwords are encrypted in transit through TLS 1.2.

All authentication and session management is handled through the well-tested Spring Security framework. Kerberos integration is provided through the well-tested Waffle framework. SAML integration is provided through the well-tested OneLogin framework.

Active Directory integration for authentication

Automation Anywhere offers seamless integration with Microsoft Windows Active Directory for access to the Control Room, Bot Creators, and Bot Runners. When Control Room is integrated with the Active Directory, all the Active Directory users with basic details are directly available in the Control Room without any extra configuration. For Active Directory integration, user passwords stay in only Active Directory and are not saved in the platform.

In addition to Active Directory authentication, the Control Room has its own controls to prevent unauthorized access to anDynamic access token authentication of Bot Runnersy automation data.

Dynamic access token authentication of Bot Runners

Bot Runner users can also configure their Active Directory credentials for Bot Runners machine autologin. These credentials are saved in the centralized Credential Vault.

Multi-domain Active Directory support

Automation Anywhere platform architecture supports multi-forest multi-domain Active Directory integration. Multi-forest multi-domain integration requires trust relationships between the forests and the domains. Refer to Configure Control Room for Active Directory: auto mode for details. Automation 360 On-Premises can be configured with Active Directory global catalog server in a way that the Control Room, Bot Creators and Bot Runners can all be in the same or different Active Directory forests and domains. This gives the added flexibility and control for large-scale complex deployment where users are spread across geographies.

Multi-domain support is provided out of the box and no additional configuration is required. The Automation 360 On-Premises user provisioning from different Active Directory domains is also seamless. It enables the Automation 360 On-Premises admin to centrally orchestrate the digital workforce running across the globe.

Supported authentication methods for Automation 360 On-Premises