Configure Google to Recognize a New Orchestrator Instance
Note
The below steps are valid for Google SSO setup. Please note that the below procedure is a broad description of a sample configuration. For a fully detailed how-to, visit the official Google Documentation.
If you do not have the necessary permissions, address to your system administrator in this regard. Make sure that the following service details are set into place:
- The service must be set as ON for everyone.
- The following mappings must be provided for Orchestrator attributes on the Attribute Mapping window:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn
- The following details must be provided on the Service Provider window:
https://platform.uipath.com/Saml2/Acs
as the ACS URLhttps://platform.uipath.com
as the Entity ID
Set Orchestrator to Use Google Authentication
- Define a user in Orchestrator and have a valid email address set on the Users page.
- Import the signing certificate provided by the Identity Provider to the Windows certificate store using Microsoft Management Console. See here how to do that.
- Make sure that the following configuration is present in
web.config
:
<configuration>
<appSettings>
<add key="ExternalAuth.Saml2.Enabled" value="true" />
</appSettings>
<sustainsys.saml2 entityId="https://platform.uipath.com" returnUrl="https://platform.uipath.com">
<identityProviders>
<add entityId="https://accounts.google.com/o/saml2?idpid=C040i2o3f" signOnUrl="https://accounts.google.com/o/saml2/idp?idpid=C040i2o3f" logoutUrl="https://accounts.google.com/logout" allowUnsolicitedAuthnResponse="true" binding="HttpRedirect">
<signingCertificate storeName="My" storeLocation="LocalMachine" x509FindType="FindByThumbprint" findValue="30c4de7f241904544ca663689146769c914c5dd2"/>
</add>
</identityProviders>
</sustainsys.saml2>
</configuration>
- Replace all occurrences of
https://platform.uipath.com
with the URL of your Orchestrator instance. - Set the
entityId
parameter to the value obtained by configuring Google authentication. - Set the
signOnUrl
parameter to the value obtained by configuring Google authentication. - Set the
findValue
attribute of thesigningCertificate
parameter to the thumbprint of the certificate, as provided in the Windows certificate store. Details here.
Note
Whenever filling in the URL of the Orchestrator instance, make sure it does not contain a trailing slash. Always fill it in as
https://platform.uipath.com
, nothttps://platform.uipath.com/
.
Updated 2 years ago