4. 4
What we will talk about today
01
02
03
04
User strategies when onboarding users to Automation Cloud
Getting your users in Automation Cloud
Securing Automation Cloud for your organization
Q&A / Open conversation
5. 5
The need for user onboarding strategy
Defined user access control to ensure organizational security
When organizations are small, all the aspects can be handled
manually in a relatively short time
Need access to multiple products and features, it is hard to
manually handle all the aspects
......making it hard to manually handle all aspects of user control
As organizations grow, number of users increase and leads to
working from multiple locations
New challenges arise as the organization grows….
6. 6
A few things to consider before
onboarding new users
What happens if a strategy is not
defined prior to onboarding the
users?
• Manual handling of permissions and license
allocation leading to wastage of time
• Admins become bottlenecks for various IT
processes
• Ad hoc and urgent security needs that could
have been avoided
• End up with a lot of repetitive and time-
consuming tasks
How to prepare before onboarding
users to Automation Cloud?
• Think about how the users are structured, in the
context of Automation Cloud
• Think about the products they need to use
• Understand how users should be grouped based on
what they need to do
• Identify what kind of restrictions you want to impose
on those that will use Automation Cloud
7. 7
01. User strategies for Onboarding to
Automation Cloud
Need
Solution
1. Everyone needs access 2. Specific users get access to products
All users in the organization should have
basic access to Automation Cloud and
elevated permissions are given
individually at product level
The system should allow access to
everyone in the directory and allow
admins to assign roles and permissions
at product level
Need
Solution
The system should allow access to
everyone in the directory and
dynamically assign roles and
permissions when users sign in
All users should be allowed to sign in but
only some dynamic subsets of users
should be given permissions at product
level
8. 8
01. User strategies when onboarding users
to Automation Cloud
Need
Solution
3. You need to control the context 4. Specific users can access the organization
Who should sign in is already solved; I
need to restrict access to Automation
Cloud to a set of predefined places
The system should allow admins to
define what the locations that are
considered and allow users to sign in
only if they access Automation Cloud
from the trusted locations
Need
Solution
The system should allow admins to
restrict access to everyone, except for a
list of predefined users.
By default, everyone should be denied
access, and one should be able to
control specifically who has access to
Automation Cloud
10. 10
Directory Integration - Azure AD
If your organization is using Azure
Active Directory (Azure AD) or
Office 365, you can connect your
Automation Cloud organization
directly to the Azure AD tenant.
This allows, the users and groups
from your Azure AD tenant
to be addressable in Automation
Cloud for permission assignment.
Full documentation on setting up Azure AD directory integration for
SSO can be found here.
11. 11
Directory Integration - Azure AD
Scalable access management
All existing users with UiPath user
accounts have their permissions
automatically migrated to their
connected Azure AD account
Users do not have to accept an
invitation or create a UiPath user
account to access the Automation
Cloud. They sign in with their
Azure AD account by selecting
the Enterprise SSO option or
using their organization-specific
URL
If the user is already signed-in to
Azure AD or Office 365, they are
automatically signed in
Directory groups (Azure AD
security groups or Office
365 groups), allow you to leverage
your existing organizational
structure to manage permissions
at scale. You no longer need to
configure permissions in
Automation Cloud services for
each user
If the user is already signed-in to
Azure AD or Office 365, they are
automatically signed in
Auditing Automation Cloud
access is simple. After you've
configured permissions in all
Automation Cloud services using
Azure AD groups, utilize your
existing validation processes
associated with Azure AD group
membership
All users and groups from Azure
AD are readily available for any
Automation Cloud service to
assign permissions
You can provide Single Sign-On
for users whose corporate
username differs from their email
address
Automatic user onboarding Simplified sign-in experience
12. 12
Directory Integration - SAML
Connect Automation Cloud to any identity
provider (IdP) that uses the SAML 2.0
standard.
Compared to Azure AD integration, with
SAML users are not discoverable in
Automation Cloud before they are
provisioned.
Implement provisioning rules based on
SAML claims that allow assigning of users
directly to local groups and inherit any
permissions or license allocations from
that group.
Full documentation on setting up SAML can be found here.
.
13. 13
Auto Provisioning for SAML Integration
Mapping users to groups
After setting up the SAML integration, define a set of rules
for assigning users to local groups when they sign in.
For one or more rules, specify to which group the users
will be automatically assigned to when users sign in, if the
rules match.
Rules can be defined based on:
• Claims (name of the claim)
• Relationship (various verbs such as:
is, is not, contains)
• Value: a value that you can define
15. 15
Session Policies
Idle timeout
Automation Cloud has a
Session Policy that allows an
organization admin to define
how long a user can be
inactive prior to being forced
to re-authenticate.
Concurrent sessions
Automation Cloud has a
Session Policy that allows
organization admin to define
if a user could have multiple
sessions at the same time or
not.
16. 16
IP Range Restrictions
User Location
Specific Location
IP Range List
Define a list of IP Ranges that are considered trusted and then enable the policy that
restricts any access from outside the trusted ranges
Trusted Environment
Users in contact with sensitive data, should be in trusted environments so only access
from offices should be allowed
Important to control from where users access Automation Cloud
Further, some organizations might want to restrict user access to only some of the offices
17. 17
Restricting access to only selected users
The Concept
Defining the rules and activating the
restriction
Two ways users could get access to Automation Cloud:
Restrict everyone by default and define who
should be allowed
Allow everyone to sign in and manage their
level of access
Local or Directory Users
Local or Directory Groups
Admin can define who is part of the allowed list by
selecting:
18. 18
Key Benefits
Simpler and Faster Provisioning
SAML integration - . auto provisioning rules (dynamic group mapping)
allows faster user sign ins
Secure User Account
Secure user account when using Single Sign On (SSO)
Easily manage permissions and license
allocation
Azure AD integration - reference users and groups from the
organization directory and all future users will benefit
Organization Level Security
Keep organization secure by using session policies and access
restriction policies, either IP based or explicit
19. 19
Join us next week…
Session 5
Learn more about onboarding users to UiPath
Automation Cloud and securing the environment at:
Setting up Azure AD directory integration for
SSO
Setting up SAML Integration
An overview and comparison of all
authentication methods