Maximizing efficiency and security in large-scale automation rollouts with Automation Cloud.pptx
- 1. Welcome to the UiPath Automation Cloudβ’ Best Practices Series
- 2. Maximizing efficiency and security in large-scale automation rollouts with Automation Cloud Session 4
- 3. 3 Daniel Buca Sr. Product Manager β Identity, UiPath Todayβs Speaker
- 4. 4 What we will talk about today 01 02 03 04 User strategies when onboarding users to Automation Cloud Getting your users in Automation Cloud Securing Automation Cloud for your organization Q&A / Open conversation
- 5. 5 The need for user onboarding strategy Defined user access control to ensure organizational security When organizations are small, all the aspects can be handled manually in a relatively short time Need access to multiple products and features, it is hard to manually handle all the aspects ......making it hard to manually handle all aspects of user control As organizations grow, number of users increase and leads to working from multiple locations New challenges arise as the organization growsβ¦.
- 6. 6 A few things to consider before onboarding new users What happens if a strategy is not defined prior to onboarding the users? β’ Manual handling of permissions and license allocation leading to wastage of time β’ Admins become bottlenecks for various IT processes β’ Ad hoc and urgent security needs that could have been avoided β’ End up with a lot of repetitive and time- consuming tasks How to prepare before onboarding users to Automation Cloud? β’ Think about how the users are structured, in the context of Automation Cloud β’ Think about the products they need to use β’ Understand how users should be grouped based on what they need to do β’ Identify what kind of restrictions you want to impose on those that will use Automation Cloud
- 7. 7 01. User strategies for Onboarding to Automation Cloud Need Solution 1. Everyone needs access 2. Specific users get access to products All users in the organization should have basic access to Automation Cloud and elevated permissions are given individually at product level The system should allow access to everyone in the directory and allow admins to assign roles and permissions at product level Need Solution The system should allow access to everyone in the directory and dynamically assign roles and permissions when users sign in All users should be allowed to sign in but only some dynamic subsets of users should be given permissions at product level
- 8. 8 01. User strategies when onboarding users to Automation Cloud Need Solution 3. You need to control the context 4. Specific users can access the organization Who should sign in is already solved; I need to restrict access to Automation Cloud to a set of predefined places The system should allow admins to define what the locations that are considered and allow users to sign in only if they access Automation Cloud from the trusted locations Need Solution The system should allow admins to restrict access to everyone, except for a list of predefined users. By default, everyone should be denied access, and one should be able to control specifically who has access to Automation Cloud
- 9. 9 02. Getting your users in Automation Cloud
- 10. 10 Directory Integration - Azure AD If your organization is using Azure Active Directory (Azure AD) or Office 365, you can connect your Automation Cloud organization directly to the Azure AD tenant. This allows, the users and groups from your Azure AD tenant to be addressable in Automation Cloud for permission assignment. Full documentation on setting up Azure AD directory integration for SSO can be found here.
- 11. 11 Directory Integration - Azure AD Scalable access management All existing users with UiPath user accounts have their permissions automatically migrated to their connected Azure AD account Users do not have to accept an invitation or create a UiPath user account to access the Automation Cloud. They sign in with their Azure AD account by selecting the Enterprise SSO option or using their organization-specific URL If the user is already signed-in to Azure AD or Office 365, they are automatically signed in Directory groups (Azure AD security groups or Office 365 groups), allow you to leverage your existing organizational structure to manage permissions at scale. You no longer need to configure permissions in Automation Cloud services for each user If the user is already signed-in to Azure AD or Office 365, they are automatically signed in Auditing Automation Cloud access is simple. After you've configured permissions in all Automation Cloud services using Azure AD groups, utilize your existing validation processes associated with Azure AD group membership All users and groups from Azure AD are readily available for any Automation Cloud service to assign permissions You can provide Single Sign-On for users whose corporate username differs from their email address Automatic user onboarding Simplified sign-in experience
- 12. 12 Directory Integration - SAML Connect Automation Cloud to any identity provider (IdP) that uses the SAML 2.0 standard. Compared to Azure AD integration, with SAML users are not discoverable in Automation Cloud before they are provisioned. Implement provisioning rules based on SAML claims that allow assigning of users directly to local groups and inherit any permissions or license allocations from that group. Full documentation on setting up SAML can be found here. .
- 13. 13 Auto Provisioning for SAML Integration Mapping users to groups After setting up the SAML integration, define a set of rules for assigning users to local groups when they sign in. For one or more rules, specify to which group the users will be automatically assigned to when users sign in, if the rules match. Rules can be defined based on: β’ Claims (name of the claim) β’ Relationship (various verbs such as: is, is not, contains) β’ Value: a value that you can define
- 14. 14 03. Securing Automation Cloud for your organization
- 15. 15 Session Policies Idle timeout Automation Cloud has a Session Policy that allows an organization admin to define how long a user can be inactive prior to being forced to re-authenticate. Concurrent sessions Automation Cloud has a Session Policy that allows organization admin to define if a user could have multiple sessions at the same time or not.
- 16. 16 IP Range Restrictions User Location Specific Location IP Range List Define a list of IP Ranges that are considered trusted and then enable the policy that restricts any access from outside the trusted ranges Trusted Environment Users in contact with sensitive data, should be in trusted environments so only access from offices should be allowed Important to control from where users access Automation Cloud Further, some organizations might want to restrict user access to only some of the offices
- 17. 17 Restricting access to only selected users The Concept Defining the rules and activating the restriction Two ways users could get access to Automation Cloud: Restrict everyone by default and define who should be allowed Allow everyone to sign in and manage their level of access Local or Directory Users Local or Directory Groups Admin can define who is part of the allowed list by selecting:
- 18. 18 Key Benefits Simpler and Faster Provisioning SAML integration - . auto provisioning rules (dynamic group mapping) allows faster user sign ins Secure User Account Secure user account when using Single Sign On (SSO) Easily manage permissions and license allocation Azure AD integration - reference users and groups from the organization directory and all future users will benefit Organization Level Security Keep organization secure by using session policies and access restriction policies, either IP based or explicit
- 19. 19 Join us next week⦠Session 5 Learn more about onboarding users to UiPath Automation Cloud and securing the environment at: Setting up Azure AD directory integration for SSO Setting up SAML Integration An overview and comparison of all authentication methods
- 20. 20 Thank you!