The tenant Settings page enables you to change multiple configurations, such as the time zone, email alert information, account information, package feeds, interactive authentication.
General Tab
Enables you to change the time zone of the tenant, the language of the user interface for Orchestrator, the color of the website header, and toggle the Personal Workspaces and Classic Folders. .
Important!
It is recommended that the tenant and the Robots have the same time zone.
| Field | Description |
|---|---|
| Application Settings | Time Zone The time zone of the tenant. By default, this field is set to UTC. The timezone list depends on the machine. To ensure that all the instances under a multi-node Orchestrator installation have the same timezone list, they must use the same operating system version. Language The language of the user interface for Orchestrator. Connection String The connection string used to connect Robot machines to Orchestrator. Custom header color Select a color for the Orchestrator window header. This is useful for distinguishing between multiple Orchestrator tenants. The header color is selected by clicking the colored square to bring up your machine's color selector. Custom logo Enables you to upload your desired logo which appears in the Orchestrator window header. The accepted formats are .png and .svg, with a maximum file size of 1MB.Note: A logo can be added at the host and/or tenant level. The host setting will be overridden by any logo added at the tenant level.This feature is only available for paid subscriptions. |
| Personal Workspaces | Enable the Personal Workspaces feature. Note: This action cannot be reversed, once the Personal Workspaces feature is enabled it cannot be disabled. Enable Personal Workspace - Create personal workspaces for all users in a tenant that use a certain attended licensing profile, while also selecting the UI profile to be used for those users. |
| Standard Roles | Create standard roles for modern folders. These roles empower you to leverage the benefits of user groups. Click Create Role next to each of the roles you want to be automatically created. |
| Modern Folders | Enable the User-Machine Mappings feature. |
| Classic Folders | Enable classic folders. Classic folders are deprecated. Enabling them is only recommended if you migrate from an on-premises Orchestrator deployment to Orchestrator services residing in Automation Cloud. |
Deployment Tab
Enables you to configure and secure a feed that can host automation packages.
Packages
Enables you to set an internal or an external feed in which automation packages can be maintained. By default, an internal feed is used. The feeds can be secured either by defining basic authentication credentials or by using an API key.
| Field | Description |
|---|---|
| Internal | Must be selected in order to use an internal feed. The feed can be secured either with the Secure Deployment option or by using an API key. |
| External | Must be selected in order to use an external feed. The feed can be secured either by using an API key or basic authentication credentials. |
| Secure Deployment | Ensures that your automation packages are downloaded through a secure NuGet feed. |
| API Key | The key used to secure your feed against write operations such as delete or upload. |
| Deployment URL | The address where the NuGet feed is located. |
| Authentication | Enables you to specify the credentials for your basic authenticated feed. Please keep in mind that both the username and the password used with the API Key option should be used in this case as well. |
Libraries
Enables you to configure the feed to be used when working with libraries. Libraries either published from Studio or manually uploaded by the user are stored within the chosen feed. There are two options available:
- Host - the Libraries page is the same for the entire Orchestrator instance, meaning libraries are not isolated at tenant level: each tenant has access to the other tenants' activity;
- Tenant - libraries are isolated at the tenant level, meaning data is separated across tenants. This option behaves similarly to the packages feed, meaning you may set an internal or an external feed in which libraries are maintained. By default, an internal feed is used.
| Field | Description |
|---|---|
| Only host feed | Libraries are stored within the host feed and are available to all tenants which use it. The Libraries page is the same for one Orchestrator instance, meaning libraries are not isolated at tenant level: each tenant has access to the other tenants' activity. You cannot upload libraries if this option is selected. |
| Both host and tenant feeds | Additional to the host feed, libraries will also be stored within the tenant feed and are isolated at tenant level, meaning data is separated across tenants. This feed behaves similarly to the packages feed and, as such, the same options are displayed when selecting the option. When retrieving libraries, they are searched both in the tenant and host feeds. |
| Internal | Must be selected in order to use an internal feed. The feed can be secured either with the Secure Deployment option or by using an API key. |
| External | Must be selected in order to use an external feed. The feed can be secured using an API key. |
| Secure Deployment | Ensures that your automation packages are downloaded through a secure NuGet feed. |
| Deployment URL | The address where the NuGet feed is located. |
| API Key | The key used to secure your feed against write operations such as delete or upload. The user can use it to publish packages. This key is generated by the external provider and has the following format [username]:[password]. For example, admin:2652ACsQhy. |
Prerequisites for Using an External Feed Through a Proxy
If you want to use an external feed while you have a proxy server configured on Windows, the following are required beforehand:
- Set the Load User Profile option for the Orchestrator application pool (Internet Information Services > Application Pools) to
True.
- Add the proxy settings you used to the
NuGet.configfile associated with the application pool identity account (C:\Users\[YourAppPoolIdentityAccountName]\AppData\Roaming\NuGet\NuGet.Config):
<config>
<add key="http_proxy" value="http://ipaddress:port" />
</config>
Important
Note that the following settings are loaded only when the Robot Service connects to the server. Whenever they are modified you need to restart the UiRobotSvc service for the changes to take effect.
Mail Tab
Enables you to configure email settings so that you can send email alerts to users with a provided email address.
| Field | Description |
|---|---|
| Enable Alerts Email | When selected, email alerts are sent to users that have a valid email address and View permissions on Alerts. |
| Use Default Credentials | When selected, the credentials of the identity under which Orchestrator runs are used to connect to the SMTP server. When using default credentials, the SMTP Password and SMTP Username fields are disregarded even if they are filled in. This check box should be cleared if the Enable SSL option is selected. |
| Enable SSL | When selected, it indicates that the connection is secured and an TLS certificate is required for the used SMTP domain. If this check box is selected, then the Use default credentials option should not be selected. When cleared, the connection is not secured. |
| SMTP Host | The IP or Domain of the SMTP server. |
| SMTP Domain | Domain for the username, if SMTP server requires authentication. |
| SMTP Port | The SMTP port. For example, if you are using a Gmail account to send mail messages and Enable SSL is not selected, the port should be 587. If Enable SSL is selected, the port should be 465. |
| SMTP Username | The username of the SMTP server, if it requires authentication. For example, if you are using Gmail, fill in this field with the email address to be used to send messages. |
| SMTP Password | The email account password. |
| Default From Address | The email address from which to send alert mail messages. |
| Default From Display Name | A custom display name for the email address from which you send alerts. |
| Test Mail Settings | Validate the email settings. |
For more information, see the Setting Up Email Alerts page.
Security Tab
Password Complexity
Note:
Editing the settings in the Password Complexity tab does not affect existing passwords.
| Field | Description |
|---|---|
| Must have special characters | When selected, it forces users to create login passwords containing special characters. By default, this check box is not selected. |
| Must have lowercase characters | When selected, it forces users to create login passwords containing lowercase characters. By default, this check box is selected. |
| Must have uppercase characters | When selected, it forces users to create login passwords containing uppercase characters. By default, this option is not selected. |
| Must have digits | When selected, it forces users to create login passwords containing at least one digit. By default, this check box is selected. |
| Minimum Length | Specify the minimum number of characters user login passwords should contain. By default, it is 8. The length cannot be smaller than 6 and longer than 14. |
| Expiration Days | Specify the number of days for which the password is available. After this period the password expires and needs to be changed. The minimum accepted value is 0 (the password never expires), while the maximum is 120 days. |
| The Number of Previously Used Passwords | Enables you to define how many of your latest passwords are prohibited from use when setting up a new password. The minimum accepted value is 0, while the maximum one is 10. |
| Should change password on first login | When selected, users that log in to Orchestrator for the first time are required to change their password. |
Account Lockout
| Field | Description |
|---|---|
| Enabled | If checked, locks the account for a specific amount of seconds after a specific amount of failed login attempts. This also applies to the password change feature. |
| Account Lockout Seconds | The number of seconds a user needs to wait before attempting to log in again after exceeding the Max Access Attempts. The default value is 5 minutes. The minimum accepted value is 0, while the maximum one is 2592000 (1 month). |
| Max Access Attempts | The amount of login attempts a user can make before the account is locked. The default value is 10 attempts. You can set a value between 2 and 10. |
Robot
| Field | Description |
|---|---|
| Run Disconnected Hours | Specify the number of hours a Robot can run offline, without checking for its Orchestrator license. By default, it is set to 0. The maximum accepted value is 168 hours. This setting does not apply to Studio. |
| Allow both user authentication and robot key authentication | When connecting the robot to Orchestrator allow both standard connections with tokens that don't expire and connections with tokens that expire. The Sign in option is displayed in the Assistant allowing users to connect Studio and the Assistant to Orchestrator using their credentials. |
| Enforce user authentication, disable robot key authentication | When connecting the robot to Orchestrator allow only connections with tokens that expire. User login is required to make Orchestrator HTTP requests, run Attended Robots, or view processes in the Assistant. Restrict attended robot authentication in the Assistant to interactive user sign-in. Warning!: Secure authentication requires recompiling the workflows that use Orchestrator activities or make direct HTTP calls to the Orchestrator API utilizing v2020.10 activity packages or higher. |
Scalability Tab
Specify if the Robot service should subscribe to Orchestrator's SignalR channels, and configure the transport protocols that work best for you. These settings are preserved upon upgrading.
SignalR (Robots)
| Field | Description |
|---|---|
| Enabled | This toggle specifies if the Robot service subscribes to Orchestrator's SignalR channels or not. By default, this setting is enabled, and all available channels are selected: WebSocket Server-Sent Events (SSE) Long Polling When all transport channels are enabled, the best available transport is automatically selected, in the following priority order: WebSocket > Server-Sent Events > Long Polling. If the first protocol is not available for any reason, the next in line (if enabled) is used to facilitate the communication between Orchestrator and Robot. |
| WebSocket | When selected, enables the WebSocket transport protocol to be used to connect the Robot to Orchestrator's SignalR channels. This is the highest protocol used in the order of priority due to its performance and support for simultaneous communication in both directions - from the Robot service to Orchestrator and vice versa. This option cannot be used if the SignalR (Robots) feature is not enabled. |
| Server-Sent Events (SSE) | When selected, enables the Server-Sent Events (SSE) push technology to be used to connect the Robot to Orchestrator's SignalR channels. This is the first backup in case WebSockets is not available for any reason. This option cannot be used if the SignalR (Robots) feature is not enabled. |
| Long Polling | When selected, enables the long polling transport protocol to be used to connect the Robot to Orchestrator's SignalR channels. This protocol is used in case the WebSockets and SSE ones are not available. This option cannot be used if the SignalR (Robots) feature is not enabled. |
Non-Working Days Tab
Define a list of non-business days, per tenant, on which you can restrict triggers from running. This means that, during public holidays, weekends, or any other day on which normal business activities are not being carried out, your long-run schedules can be configured such that they don't trigger. Once the defined non-business days are over, the triggers launch as usual.
In order to apply these restrictions to your triggers, you need to select the non-working day calendar when configuring triggers. All changes you make on the Non-Working Days tab affect all triggers that use that calendar.
Note:
Non-working day restrictions are disabled for triggers on a timezone different than the timezone set at tenant level (Settings > General). A tenant without an explicitly defined timezone inherits it from the host.
For more details on how to manage non-working days, click here.
Updated 4 months ago