UiPath - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk.
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for UiPath using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization
To set up Multi-Pass with UiPath, ensure you meet the following requirements:
- Administrator access to the UiPath Orchestrator Admin Console (Automation Suite or Automation Cloud).
- UiPath requirement: Studio/Assistant version ≥ 2020.10.3.
- MPAS Admin rights
- Make sure that all users intended to use SSO in UiPath are registered in your IdP and have the necessary permissions to access UiPath.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
UiPath - SSO configuration
Step 1 – Access SSO Settings in UiPath
- Log in to the UiPath Orchestrator Admin Console.
- Go to Admin, Security
- Select Single Sign-On (SSO), Select SAML 2.0 as the authentication method.
- Click Configure to open the SAML configuration form.
- Copy the metadata form UiPath and paste in another browser, it will automatically download the metadata file that you will provide to Multi-Pass.
- Paste MPAS metadata in the field called Metadata URL and click on Fetch
- It will automatically complete the fields :
- Sign-On URL
- Identity Provider Entity ID
- Signing certificate
- Click Next
- Add the domain that need to be accepted by UiPath and then click on "Test and Save"
- Click on Done
Step 2 – Retrieve Multi-Pass Metadata
- Select the appropriate tenant.
- Navigate to Integrations, select Applications
- Look at custom integrations SAML
- Look at the top righ corner and click on "Upload file" and select the metadata from UiPath, It will automatically complete the fields :
- Client ID
- Assertion Consumer Service URL
- Complete the next fields :
| Field | Value |
|---|---|
| Name | UiPath |
| Description | SSO integration |
| NameID Policy Format | email |
- Click on Add integration
- Now we need to make sure all the fields are well completed into the advanced console
- On the left side click on "Advanced console"
- Click on client, and use the search bar to find UiPath.
General settings
| Field | Value |
|---|---|
| Client ID | https://cloud.uipath.com/2df4d681-5a8b-41db-aa75-421e8a1461f2/identity_ |
| Name | UiPath |
| Description | SSO integration |
| Always Display in UI | ON |
Access settings
| Field | Value |
|---|---|
| Home URL | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml/clients/<APP_NAME> |
| Valid Redirect URIs (ACS) | https://cloud.uipath.com/2df4d681-5a8b-41db-aa75-421e8a1461f2/identity_/Saml2/Acs |
| IDP‑Initiated SSO URL Name | <APP_NAME> |
SAML capabilities
| Setting | Value |
|---|---|
| Name ID Format | |
| Force Name ID Format | ON |
| Force POST Binding | ON |
| Include AuthnStatement | ON |
Signature and Encryption
| Setting | Value |
|---|---|
| Sign Documents | ON |
| Sign Assertions | ON |
- Move to the tab "keys" and make sure both parameters are switched to OFF
- Move to the tab "Advanced"
- Assertion Consumer Service POST Binding URL = Valid Redirect URIs (ACS) = https://cloud.uipath.com/2df4d681-5a8b-41db-aa75-421e8a1461f2/identity_/Saml2/Acs
- Finally go to client scope, and make sure that you add the following attribute :
- given_name → First Name
- family_name → Last Name
- Select the assigned client scope
- And click on Add mapper, select user attributes and complete the different field the first time for First name and a second time for Last Name.
Related Articles
SAML SSO Integration Guide
This guide provides an overview of how to configure SAML Single Sign-On (SSO) between Multi-Pass and a third-party Service Provider (SP). Multi-Pass acts as the Identity Provider (IdP) in this federation model. Multi-Pass is working on SCIM support ...Notion - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a ...Addigy - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Addigy using MPAS. SSO simplifies user authentication by allowing access to multiple ...Kaseya One - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a ...Wrike - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Wrike using MPAS. SSO simplifies user authentication by allowing access to multiple ...