Best practices for setting up and maintaining robot operator passwords
Learn how the various types of unattended robot operators manage passwords when communicating by using basic authentication with Pega Platform™.
Robot operator types
Several types of robot operators operate in Pega Platform. Each of the following operator types uses a password to establish secure communication with your application when using basic authentication.
Robots use the registration operator only at the beginning of a robotic session. Multiple robots can share a registration operator, which enables robots to reuse a single user name and password if needed. This is the only operator whose credentials you can change.
Robotic Process Automation (RPA) Service operator
The RPA Service runs on the robot virtual machine (VM) and manages the local unattended Robot Runtime sessions that are running as a Windows session on the robot system. Initially, the service connects to Pega Platform by using the registration operator. Then, as part of the registration sequence, the RPA Service generates a unique password for the RPA Service operator and communicates this new password to Robot Manager through API calls that use the registration operator credentials. As part of the registration sequence, Robot Manager generates the RPA Service operator in Pega Platform if that operator does not already exist and applies the new password. Do not change the password for this operator.
The RPA Service operator performs all subsequent communication with Pega Platform.
Robot Runtime operator
Robot Runtime is the robot that uses the Get Next Work function and is visible in the Robot Manager interface. Similarly to the RPA Service, Robot Runtime establishes the initial connection by using the registration operator and then switches to a separate robot operator, with a new password for each session. This means that the Robot Runtime operator uses a new password with each new Windows session and when Robot Runtime restarts. Do not change the password for this operator.
Guidelines for changing passwords for robot operators in Pega Platform
Comply with these guidelines to ensure that your robot operators can access and communicate with your application in a secure manner.
Never change a Robot Runtime operator password. The system automatically updates the password at the beginning of every session, rendering any manual change unnecessary. Additionally, changing a robot password during a session causes a loss of connectivity.
Never change an RPA Service operator password. As with the Robot Runtime operator, the system automatically updates the password at the beginning of every session. Additionally, changing a robot password during a session causes a loss of connectivity.
You can change only the registration operator password. You can change the password while a robot is running. After you change the registration operator password, you must immediately make the new password available to all robots. If your robots are using a central location for sourcing passwords (for example, CyberArk, BeyondTrust, or a custom vault) then immediately make the password change in your vault. If you are using the default password storage (the Data Protection API on the robot VM), then immediately update all robots with the new password.