Table of Contents

Pega Robot Manager authentication mechanisms

Pega Robot Manager supports Basic authentication, OAuth 2.0 with SAML bearer, and Kerberos to authenticate client requests from Pega Robotic Automation Studio and Pega Robotic Automation Runtime.

The following table describes the authentication mechanisms that are supported in each release of Pega Robot Manager and the corresponding releases of Pega Robotic Automation Studio and Pega Robotic Automation Runtime. It also links to an overview of the procedures that you perform to configure each authentication mechanism.

Product Authentication mechanism
  Basic authentication OAuth2 SAML 2.0 Kerberos
Pega Robotic Automation Studio

Supported in:

  • Pega Robot Manager version 3 and later
  • Pega Robotic Automation Studio version 8.0.1058 and later

For more information, see Configuring Pega Robotic Automation Studio to support Basic authentication.

Supported in:

  • Pega Robot Manager version 3 and later.
  • Pega Robotic Automation Studio version 8.0.1058 and later

For more information, see Configuring Pega Robotic Automation Studio to support OAuth SAML 2.0.

Supported in:

  • Pega Robot Manager version 4 and later.
  • Pega Robotic Automation Studio version 8.0.1067 and later

For more information, see Configuring Pega Robotic Automation Studio to support Kerberos.

Pega Robotic Automation Runtime running robotic desktop automation (RDA)

Supported in:

  • Pega Robot Manager version 3 and later
  • Supported in Pega Robotic Automation Runtime version 8.0.1058 and later

For more information, see Configuring Pega Robotic Automation Runtime for RDA mode to support Basic authentication.

Supported in:

  • Pega Robot Manager version 3 and later
  • Supported in Pega Robotic Automation Studio version 8.0.1058 and later

For more information, see Configuring Pega Robotic Automation Runtime for RDA mode to support OAuth SAML 2.0.

Supported in:

  • Pega Robot Manager version 4 and later
  • Supported in Pega Robotic Automation Runtime version 8.0.1067 and later
 

For more information, see Configuring Pega Robotic Automation Runtime for RDA mode to support Kerberos.

Pega Robotic Automation Runtime running robotic process automation (RPA)

Supported in:

  • Pega Robot Manager version 1 and later
  • Pega Robotic Automation Runtime version 8.0.1015 and later

For more information, see Configuring Pega Robotic Automation Runtime for RPA mode to support Basic authentication.

Not supported.

Supported in:

  • Pega Robot Manager version 4 and later
  • Supported in Pega Robotic Automation Runtime version 8.0.1067 and later

For more information, see Configuring Pega Robotic Automation Runtime for RPA mode to support Kerberos.

Configuring Pega Robotic Automation Studio to support Basic authentication

Complete the following steps so that you can publish automation packages to Pega Robot Manager using Basic authentication.

  1. In Pega Platform, configure the DefaultAuthenticationTypeForRuntimeOnlyUser Dynamic System Setting to have the value Basic. For detailed information, see the "Configuring default authentication for roles" section in the Configuring Pega Robot Manager article for your version of Pega Robot Manager.
  2. Configure the CommonConfig.xml file.
    1. In the Servers section, find the Server element with the name RobotManager, for example, <Server name="RobotManager" enabled="true" baseURL="https://MyPegaServer.com/prweb" RPA="false" workgroup="My Group" robotName="{MachineName}" authenticationType="Basic"/>.
    2. Set the enabled key to true.
    3. Set the authenticationType attribute to Basic or empty.
    4. Set the baseURL attribute to the Pega Platform URL and ensure that it ends in prweb, for example, http://www.MyPegaPlatformServer.com/prweb.

For more information about the CommonConfig.xml file, see Common Configuration Settings.

  1. In the Servers section, find the Server element with the name IdP or ADFS.
    1. Set the enabled attribute to false.
    2. If there are entries for both servers, delete the Microsoft Active Directory Federation Services (AD FS) node, because it is deprecated.
  2. Configure the StudioConfig.xml file by setting the Robotics/PackageServer/baseUrl attribute to use the Pega Robotic Automation Server URL for package deployment. For more information about the StudioConfig.xml file, see Common Configuration Settings.
  3. Start Pega Robotic Automation Studio and enter your user name and password.

Configuring Pega Robotic Automation Runtime for RDA mode to support Basic authentication

Complete the following steps so that Basic authentication is supported in Pega Robotic Automation Runtime for RDA mode. This configuration enables RDAs to retrieve a package assignment from Pega Robot Manager.

  1. In Pega Platform, configure the DefaultAuthenticationTypeForRuntimeOnlyUser Dynamic System Setting to have the value Basic. For detailed information, see the "Configuring default authentication for roles" section in the Configuring Pega Robot Manager article for your version of Pega Robot Manager.
  2. Configure the CommonConfig.xml file.
    1. In the Servers section, find the Server element with the name RobotManager, for example, <Server name="RobotManager" enabled="true" baseURL="https://MyPegaServer.com/prweb" RPA="false" workgroup="My Group" robotName="{MachineName}" authenticationType="Basic"/>.
      1. Set the enabled attribute to true.
      2. Set the RPA attribute to false.
      3. Set the authenticationType attribute to Basic or empty.
      4. Set the baseURL attribute to the Pega Platform URL on which Pega Robot Manager is installed and ensure that it ends in prweb, for example, http://www.MyPegaPlatformServer.com/prweb.
    2. In the Servers section, find the Server element with the name IdP or ADFS.
      1. Set the enabled attribute to false.
      2. If there are elements for both servers, delete the ADFS element, because it is deprecated.

For more information about configuring the CommonConfig.xml file, see Common Configuration Settings.

  1. Configure the RuntimeConfig.xml file by setting the Robotics/PackageServer/baseUrl attribute to use the Pega Robotic Automation Package Server Url for package deployment. For more information about configuring the RuntimeConfig.xml file, see Common Configuration Settings.
  2. Start Pega Robotic Automation Runtime and enter your user name and password.

Configuring Pega Robotic Automation Runtime for RPA mode to support Basic authentication

Complete the following steps so that Basic authentication is supported in Pega Robotic Automation Runtime when running RPAs.

  1. In Pega Platform, configure the DefaultAuthenticationTypeForRuntimeOnlyUser Dynamic System Setting to have the value Basic. For detailed information, see the "Configuring default authentication for roles" section in the Configuring Pega Robot Manager article for your version of Pega Robot Manager.
  2. Configure the CommonConfig.xml file.
    1. In the Servers section, find the server element with the name RobotManager, for example, <Server name="RobotManager" enabled="true" baseURL="https://MyPegaServer.com/prweb" RPA="true" workgroup="My Group" robotName="{MachineName}" authenticationType="Basic"/>.
      1. Set the enabled attribute to true.
      2. Set the authenticationType attribute to Basic or empty.
      3. Set the baseURL attribute to the Pega Platform URL on which Pega Robot Manager is installed and ensure that it ends in prweb, for example, http://www.MyPegaPlatformServer.com/prweb.
      4. Set the RPA attribute to true.
      5. Set the robotName attribute to the pattern that you want to use for your RPA virtual machine (VM) names.
      6. Set the workgroup attribute to the name of the workgroup into which robotic virtual machines register.
    2. In the Servers section, find the Server element with the name IdP or ADFS.
      1. Set the enabled attribute to false.
      2. If there are entries for both servers, delete the ADFS element, because it is deprecated.

For more information about configuring the CommonConfig.xml file, see Common Configuration Settings.

  1. Configure the RuntimeConfig.xml file by setting the Robotics/PackageServer/baseUrl attribute to use the Pega Robotic Automation Package Server URL for package deployment. For more information about configuring the RuntimeConfig.xml file, see Common Configuration Settings.
  2. Start Pega Robotic Automation Runtime. You will be prompted to enter the credentials of the administrative operator (Dispatch Operator) who has the appropriate access role to register VMs such as PegaRULES:RoboticAdministrator.

Configuring Pega Robotic Automation Studio to support OAuth SAML 2.0

Complete the following steps so that OAuth SAML 2.0 is supported in Pega Robotic Automation Studio.

  1. In Pega Robotic Automation Security Token Service, export the public certificate in .pfx format. For more information, see the Pega Robotic Automation Security Token Service User Guide.
  2. Configure Pega Platform.
    1. Configure the DefaultAuthenticationTypeForRuntimeOnlyUser Dynamic System Setting to have a value of SSO. This setting ensures that new Pega Robotic Automation Runtime user accounts that you create in Pega Robot Manager are preconfigured for SSO authentication.
    2. Configure the RoboticsSSO service package to use single sign-on (should use OAuth 2.0). For detailed information, see the "Configuring default authentication for roles" section of Configuring Pega Robot Manager for your version of Pega Robot Manager.
    3. Create OAuth 2.0 Client Registration, Identity Mapping, and Keystore rules. For more information, see the "Configuring OAuth 2.0 with SAML bearer for single sign-on" section of Configuring Pega Robot Manager for your version of Pega Robot Manager.
    4. Ensure that the user that you want to provision has a Pega Platform operator ID. The UPN can be obtained from Active Directory. The operator ID should only include the first part of the fully qualified domain name. For example, if user the UPN is username@sub.domain.com, the operator ID should be username@sub.
  3. Configure the CommonConfig.xml file.
    1. In the Servers section, find the Server element with the name RobotManager, for example, <Server name="RobotManager" enabled="true" baseURL="https://MyPegaServer.com/prweb" RPA="false" workgroup="My Group" robotName="{MachineName}" authenticationType="Basic"/>.
      1. Set the enabled attribute to true.
      2. Set the baseURL attribute to the Pega Platform URL on which Pega Robot Manager is installed and ensure that it ends in prweb, for example, http://www.MyPegaPlatformServer.com/prweb.
    2. In the Servers section, find the Server element with the name IdP or ADFS.
      1. Set the enabled attribute to true.
      2. Set baseURL attribute to the STS authentication endpoint.
      3. If there are elements for both servers, delete the ADFS element, because it is deprecated.

For more information about configuring the CommonConfig.xml file, see Common Configuration Settings.

  1. Configure the StudioConfig,xml file by setting the Robotics/PackageServer/baseUrl attribute to use the Pega Robotic Automation Package Server URL for package deployment. For more information about configuring the StudioConfig.xml file, see Common Configuration Settings.
  2. Start Pega Robotic Automation Studio to automatically log in to it.

Configuring Pega Robotic Automation Runtime for RDA mode to support OAuth SAML 2.0

Complete the following steps so that OAuth SAML 2.0 is supported in Pega Robotic Automation Runtime and RDAs can retrieve their package assignments using SSO authentication.

  1. In Pega Robotic Automation Security Token Service, export the public certificate in .pfx format. For more information, see the Pega Robotic Automation Security Token Service User Guide.
  2. Configure Pega Platform.
    1. Configure the DefaultAuthenticationTypeForRuntimeOnlyUser Dynamic System Setting to have a value of SSO. This setting ensures that new Pega Robotic Automation Runtime user accounts that you create in Pega Robot Manager are preconfigured for SSO authentication.
    2. Configure the RoboticsSSO service package to use single sign-on. For detailed information, see the "Configuring default authentication for roles" section of Configuring Pega Robot Manager for your version of Pega Robot Manager.
    3. Create OAuth 2.0 Client Registration, Identity Mapping, and Keystore rules. For more information, see the "Configuring OAuth 2.0 with SAML bearer for single sign-on" section of Configuring Pega Robot Manager for your version of Pega Robot Manager.
    4. Ensure that the user that you want to provision has a Pega Platform operator ID. The UPN can be obtained from Active Directory. The operator ID should only include the first part of the fully qualified domain name. For example, if the user UPN is username@sub.domain.com, the operator ID should be username@sub.
  3. Configure the CommonConfig.xml file.
    1. In the Servers section, find the Server element with the name RobotManager, for example, <Server name="RobotManager" enabled="true" baseURL="https://MyPegaServer.com/prweb" RPA="false" workgroup="My Group" robotName="{MachineName}" authenticationType="Basic"/>.
      1. Set the enabled attribute to true.
      2. Set the baseURL attribute to the Pega Platform URL on which Pega Robot Manager and ensure that it ends in prweb, for example, http://www.MyPegaPlatformServer.com/prweb.
      3. Set the RPA attribute to false.
    2. In the Servers section, find the Server element with the name IdP or ADFS.
      1. Set the enabled attribute to true.
      2. Set baseURL attribute to the STS authentication endpoint
      3. If there are elements for both servers, delete the ADFS element, because it is deprecated.

For more information about configuring the CommonConfig.xml file, see Common Configuration Settings.

  1. Configure the RuntimeConfig,xml file by setting the Robotics/PackageServer/baseUrl attribute to use the Pega Robotic Automation Package Server URL for package deployment. For more information about configuring the RuntimeConfig.xml file, see Common Configuration Settings.
  2. Start Pega Robotic Automation Runtime to automatically log in to it.

Configuring Pega Robotic Automation Studio to support Kerberos

Complete the following steps so that Kerberos is supported by Pega Robotic Automation Studio and you can publish automation packages to Pega Robot Manager using Kerberos.

  1. Configure Pega Platform.
    1. In Pega Platform, configure the RoboticSSO service package to authenticate incoming VM requests to use Kerberos authentication. For detailed information, see the "Configuring Kerberos authentication" in Configuring Pega Robot Manager for your version of Pega Robot Manager.
    2. Configure the DefaultAuthenticationTypeForRuntimeOnlyUser Dynamic System Setting to have a value of SSO. This setting ensures that new Pega Robotic Automation Runtime user accounts that you create in Pega Robot Manager are preconfigured for SSO authentication.
    3. Ensure that the user that you want to provision has a Pega Platform operator ID and that the operator ID is the fully qualified UPN of the user. The UPN can be obtained from Active Directory, for example, username@sub.domain.com.
  2. Configure the CommonConfig.xml file,
    1. In the Servers section, find the Server element with the name RobotManager, for example, <Server name="RobotManager" enabled="true" baseURL="https://MyPegaServer.com/prweb" RPA="false" workgroup="My Group" robotName="{MachineName}" authenticationType="Kerberos"/>.
    2. Set the enabled attribute to true.
    3. Set the authenticationType attribute to Kerberos. This setting takes priority over OAuth 2.0 with SAML bearer.
    4. Set the baseURL attribute to the Pega Platform URL on which Pega Robot Manager is installed and ensure that it ends in prweb, for example, http://www.MyPegaPlatformServer.com/prweb.

For more information about configuring the CommonConfig.xml file, see Common Configuration Settings.

  1. Configure the StudioConfig,xml file by setting the Robotics/PackageServer/baseUrl attribute to use the Pega Robotic Automation Package Server URL for package deployment. For more information about configuring the StudioConfig.xml file, see Common Configuration Settings.
  2. Start Pega Robotic Automation Studio to automatically log in to it.

Configuring Pega Robotic Automation Runtime for RDA mode to support Kerberos

Complete the following steps so that Kerberos is supported by Pega Robotic Automation Runtime when you use RDA.

  1. Configure Pega Platform.
    1. In Pega Platform, configure the RoboticSSO service package to authenticate incoming VM requests to use Kerberos authentication. For detailed information, see the "Configuring Kerberos authentication" in Configuring Pega Robot Manager for your version of Pega Robot Manager.
    2. Configure the DefaultAuthenticationTypeForRuntimeOnlyUser Dynamic System Setting to have a value of SSO. This setting ensures that new Pega Robotic Automation Runtime user accounts that you create in Pega Robot Manager are preconfigured for SSO authentication.
    3. Ensure that the user that you want to provision has a Pega Platform operator ID and that the operator ID is the fully qualified UPN of the user. The UPN can be obtained from Active Directory, for example, username@sub.domain.com.
  2. Configure the CommonConfig.xml file.
    1. In the Servers section, find the Server element with the name RobotManager, for example, <Server name="RobotManager" enabled="true" baseURL="https://MyPegaServer.com/prweb" RPA="false" workgroup="My Group" robotName="{MachineName}" authenticationType="Kerberos"/>.
    2. Set the enabled attribute to true.
    3. Set the RPA attribute to false.
    4. Set the baseURL attribute to the Pega Platform URL on which Pega Robot Manager is installed and ensure that it ends in prweb, for example, http://www.MyPegaPlatformServer.com/prweb.
    5. Set the authenticationType attribute to Kerberos. This setting takes priority over OAuth 2.0 with SAML bearer.

For more information about configuring the CommonConfig.xml file, see Common Configuration Settings.

  1. Configure the RuntimeConfig,xml file by setting the Robotics/PackageServer/baseUrl attribute to use the Pega Robotic Automation Package Server URL for package deployment. For more information about configuring the RuntimeConfig.xml file, see Common Configuration Settings.
  2. Start Pega Robotic Automation Runtime to automatically log in to it.

Configuring Pega Robotic Automation Runtime for RPA mode to support Kerberos

Complete the following steps so that Kerberos is supported by Pega Robotic Automation Runtime when you run RPAs.

  1. Configure Pega Platform.
    1. In Pega Platform, configure the RoboticSSO service package to authenticate incoming VM requests to use Kerberos authentication. For detailed information, see the "Configuring Kerberos authentication" in Configuring Pega Robot Manager for your version of Pega Robot Manager.
    2. Configure the DefaultAuthenticationTypeForRuntimeOnlyUser Dynamic System Setting to have a value of SSO. This setting ensures that new Pega Robotic Automation Runtime user accounts that you create in Pega Robot Manager are preconfigured for SSO authentication.
    3. Ensure that the user that you want to provision has a Pega Platform operator ID and that the operator ID is the fully qualified UPN of the user. The UPN can be obtained from Active Directory, for example, username@sub.domain.com.
  2. Configure the CommonConfig.xml file.
    1. In the Servers section, find the Server element with the name RobotManager, for example, <Server name="RobotManager" enabled="true" baseURL="https://MyPegaServer.com/prweb" RPA="true" workgroup="My Group" robotName="{MachineName}" authenticationType="Kerberos"/>.
    2. Set the enabled attribute to true.
    3. ​Set the authenticationType attribute to Kerberos. This setting takes priority over OAuth 2.0 with SAML bearer.
    4. Set the baseURL attribute to the Pega Platform URL on which Pega Robot Manager is installed and ensure that it ends in prweb, for example, http://www.MyPegaPlatformServer.com/prweb.
    5. Set the RPA attribute to true.
    6. Set the RobotName attribute to the pattern that you want to use for your RPA VMs.

For more information about configuring the CommonConfig.xml file, see Common Configuration Settings.

  1. Configure the RuntimeConfig,xml file by setting the Robotics/PackageServer/baseUrl attribute to use the Pega Robotic Automation Package Server URL for package deployment. For more information about configuring the RuntimeConfig.xml file, see Common Configuration Settings.
  2. Start Pega Robotic Automation Runtime to automatically log in to it.
Suggest Edit

Have a question? Get answers now.

Visit the Pega Support Community to ask questions, engage in discussions, and help others.