Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Best practices for setting up and maintaining robot operator passwords

Updated on September 10, 2021

Learn how the various types of unattended robot operators manage passwords when communicating by using basic authentication with Pega Platform™.

Note: Each robot can use multiple operator accounts in Pega Platform.

Robot operator types

Several types of robot operators operate in Pega Platform. Each of the following operator types uses a password to establish secure communication with your application when using basic authentication.

Registration operator

Robots use the registration operator only at the beginning of a robotic session. Multiple robots can share a registration operator, which enables robots to reuse a single user name and password if needed. This is the only operator whose credentials you can change.

Robotic Process Automation (RPA) Service operator

The RPA Service runs on the robot virtual machine (VM) and manages the local unattended Robot Runtime sessions that are running as a Windows session on the robot system. Initially, the service connects to Pega Platform by using the registration operator. Then, as part of the registration sequence, the RPA Service generates a unique password for the RPA Service operator and communicates this new password to Robot Manager through API calls that use the registration operator credentials. As part of the registration sequence, Robot Manager generates the RPA Service operator in Pega Platform if that operator does not already exist and applies the new password. Do not change the password for this operator.

The RPA Service operator performs all subsequent communication with Pega Platform.

Note: The RPA service generates a unique password at startup, which means that each time the VM restarts, it uses a new password.

Robot Runtime operator

Robot Runtime is the robot that uses the Get Next Work function and is visible in the Robot Manager interface. Similarly to the RPA Service, Robot Runtime establishes the initial connection by using the registration operator and then switches to a separate robot operator, with a new password for each session. This means that the Robot Runtime operator uses a new password with each new Windows session and when Robot Runtime restarts. Do not change the password for this operator.

Guidelines for changing passwords for robot operators in Pega Platform

Comply with these guidelines to ensure that your robot operators can access and communicate with your application in a secure manner.

  • Never change a Robot Runtime operator password. The system automatically updates the password at the beginning of every session, rendering any manual change unnecessary. Additionally, changing a robot password during a session causes a loss of connectivity.

  • Never change an RPA Service operator password. As with the Robot Runtime operator, the system automatically updates the password at the beginning of every session. Additionally, changing a robot password during a session causes a loss of connectivity.

  • You can change only the registration operator password. You can change the password while a robot is running. After you change the registration operator password, you must immediately make the new password available to all robots. If your robots are using a central location for sourcing passwords (for example, CyberArk, BeyondTrust, or a custom vault) then immediately make the password change in your vault. If you are using the default password storage (the Data Protection API on the robot VM), then immediately update all robots with the new password.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us