Configuring Control Room for Single Sign-On

Configure the Control Room to authenticate users at login using the Single Sign-On option through either identity provider (IdP) Okta or SSOCircle, using Security Assertion Markup Language (SAML) 2.0 protocol.

Prerequisites

Before starting with the Control Room configuration, set up your SAML application:
Okta
For more information, see Setting up a SAML application in Okta.
During setup ensure that you:
  • Type the Single Sign-On URL as http://<your-server>/v1/authentication/saml/assertion. Replace <your-server> with the location where your Control Room instance runs.

    For example, http://localhost:8080/v1/authentication/saml/assertion, where http://localhost:8080 is the Control Room access URL.

  • Provide these four Attribute Statements: UserID, FirstName, LastName, and EmailAddress.
  • Save the Identity Provider metadata XML file. You need this to complete step 8.
  • Note the Audience URI (SP Entity ID). You need this to complete step 9.
SSOCircle
For more information, see Setting up a SAML application in SSOCircle.
During setup ensure that you:
  • Register and log in as an admin or a user with permission to add a service provider.
  • Save the Identity Provider metadata XML file. You need this to complete step 8.
Note: Consider the scenario where LDAP has multiple domains and sub-domains (contains one primary and others as secondary LDAP servers). When the connections are established with the primary server, and if the primary server goes down, a subsequent connection is created with the second configured server, and so on. This continues until the connection rolls back to the primary server. In Automation Anywhere Enterprise, switching the LDAP server from primary to secondary or vice versa might not work with the Control Room.

To configure the Control Room when you start it for the first time:

Procedure

  1. Double-click the Automation Anywhere Control Room icon on your desktop.

    The Configure Control Room settings page appears.

  2. Type the repository path.
    This is the location where the uploaded automation files, for example, MetaBots, IQ Bots, and Task Bots are stored. For example, C:\ProgramData\AutomationAnywhere\Server Files.
  3. Type the access URL.
    This is the URL for accessing your installation of Control Room.
  4. Click Save and continue.
    Important: The back button of your web browser automatically disables after you click Save and continue. This ensures that the Credential Vault Master Key that generates matches the repository path and Control Room access URL.

    To return to the Configure Control Room settings page, press Ctrl plus F5 and restart.

    The Credential Vault settings page appears.
  5. Select from the following options:
    • Express mode: The system stores your master key to connect to the Credential Vault. This option is not recommended for a production environment.
    • Manual mode: You store the Master Key on your own, and then provide the Master Key when the Credential Vault is locked. Users use the Master Key to connect to the Credential Vault to secure their credentials and access them when creating and running Task Bots.
      Warning: If you lose the key, you will not be able to access the Control Room.
  6. Click Save and continue.
    Important: The back button of the web browser automatically disables after you click Save and continue. No further changes to the Control Room configuration or Credential Vault settings are allowed.

    To make changes, reinstall the Control Room.

    The Authentication type for Control Room users page appears.
  7. Select Single Sign-On (SAML 2.0).
  8. Copy and paste the SAML Metadata from the Identity Provider metadata XML file you created when configuring your SAML application.
  9. Provide the Unique Entity ID for Control Room.
    The ID is the same as Audience URI that you provided when configuring your SAML application.
  10. Optional: Select Encrypt SAML Assertions for enhanced security
    Ensure you are using the X509 Certificate format and PKCS #8 format for public and private key respectively.
    Note: You must provide the certificate of the service provider, in this case the Control Room, and not the Identity Provider's certificate.
  11. Click Next.
    The Registering Control Room panel appears.
    Follow the steps to register the Control Room as a service provider.
  12. Click Authenticate with IdP.
    On successful authentication, the user is added to the Control Room and the Control Room first administrator page appears with the Username, First name, Last name, and Email fields prepopulated.
  13. Click Save and log in.

    You are logged in to the Control Room as an administrator. You can now configure and manage the overall RPA environment with Control Room and clients.

Next steps

After configuring the Control Room, install product licenses. Proceed to Enterprise 11: Installing a license.