Question

Questions on OneLogin and SAML integration with AA control room as a service provider

  • 9 May 2022
  • 1 reply
  • 19 views

We have a current SSO Integration with OneLogin/AD Directory which leverage email address and the userid is not populated. We understand that we have to map existing UserID, FIrstName, LastName and EmailAddress to our Active Directory. Also it mentions that when we switch to SAML the process is irreversible and user not found will be unable to access the control room. Our questions are:

  1. Can a SAML integration with AA use email address as the userID?
  2. Is JIT Provisionning supported with SAML once it has been enable or will we have to provision user in AA by manually creating a userid each time we are adding a user?
  3. Is there any mechanisms to support both ID/Pwd AND SAML integration? If not, is there a process we should follow to enable SAML integration and not lose the ability to administer AA if something does not work?
  4. What happen if we enable SAML and none of our user are able to login anymore?

1 reply

Userlevel 6
Badge +9

Hello @Rock Morin​ ,

 

This is Dhwanit Parekh from Automation Anywhere Technical Support Team.

 

Please find the answers as below.

 

1. Can a SAML integration with AA use email address as the userID?

Ans:

Yes, you can definitely map "UserID" attribute (which is required by Control Room) to "email address"

of the user, provided that "email address" field contains actual email address of the user as a value in

Active Directory -> Users & Computers -> for any user.

 

2. Is JIT Provisionning supported with SAML once it has been enable or will we have to provision user in AA

by manually creating a userid each time we are adding a user?

Ans:

JIT provisioning is not supported by Control Room. You may have to raise a feature enhancement

request for our support team by raising a support request here on Apeople portal.

 

3. Is there any mechanisms to support both ID/Pwd AND SAML integration? If not, is there a process we

should follow to enable SAML integration and not lose the ability to administer AA if something does not

work?

Ans:

Only one mechanism is supported at a time. Mix of both is not supported.

Please refer to below article which contains this information already (Prerequisites section) along with

all the other prerequisites and step by step instructions to switch to the SAML based authentication

mechanism.

Automation 360 - Change control room authentication to SAML based SSO

 

 

4. What happen if we enable SAML and none of our user are able to login anymore?

Ans:

As long as you will follow the steps mentioned under above article, you will not run into this situation.

For the licensed control room, you can actually raise a support request for any practical assistance

that you may need from our support team and they will be happy to assist you.

 

 

Hope this helps.

 

 

Regards,

Dhwanit Parekh

Reply