Benefits of Single Sign-on for the Blue Prism platform

Blue Prism integration with Active Directory Domain Services for single sign-on is enabled as part of the installation procedure. It leverages the open standard Lightweight Directory Access Protocol (LDAP) to negotiate access to directory services and provide user authentication to the platform.

Single sign-on enables Active Directory to automatically validate the logged-in user with their account within the domain with which Blue Prism is associated and establish if they have been granted the appropriate rights to access the Blue Prism platform.

Configuring Blue Prism to use Active Directory for single sign-on simplifies the administration and maintenance associated with managing large numbers of users across multiple environments whilst also ensuring that existing security policies are applied.

Using centralized authentication allows access rights to be managed, maintained and audited within a central function and adds an additional layer of security that is independent of the platform. This places Blue Prism access control in the hands of the network administrators and provides a familiar and trusted mechanism for restricting access to important software.

Single sign-on for Blue Prism requires users’ Active Directory accounts, Blue Prism server(s), and all Blue Prism devices that will be accessed by users (i.e. the interactive clients, and possibly the runtime resources) to be in domains that directly reside within a single or multiple Active Directory forests.

Benefits of Runtime Resources authenticating via domain accounts

The Blue Prism runtime resources (often referred to as robots) are responsible for executing the processes designed and configured within the platform. Typically processes will require interaction with various applications and systems, some of which may be integrated with Active Directory for single sign-on (SSO). Using a domain account to authenticate the runtime resources against the network allows a process to authenticate with relevant target systems using single sign-on. This simplifies the security model and accelerates development.

Additional benefits of using a domain account to authenticate a runtime resource include:

• Enforces existing security policies for the runtime resources such as password reset and complexity requirements.
• Allows Active Directory Group Policy Objects (GPO) to be used to enforce user specific settings.
• Provides auditability and control of the accounts via Active Directory.
• Simplifies access to network resources such as shared drives, mailboxes, printers etc.