Manage Credentials

Credentials store login data for external applications or web services. By using a credential, a bot can log in to an application during process runs. Passwords are encrypted. Only affiliated users can view, edit, and use the credentials.

You can create the following types of credentials:

AWS Credentials

To access Amazon Web Services to use them with RPA Builder Document Processing with AWS action steps.
Connected App Credentials

To access MuleSoft Intelligent Document Processing (IDP) via RPA Builder MuleSoft IDP action steps.
OAuth Credentials

To access the Microsoft Outlook email application via Microsoft Azure with RPA Builder Mail Session (Outlook with OAuth) action steps.
User Account Credentials

To access all other kinds of applications.

Use descriptive names for credentials and only use them in an appropriate context. For example, if the employee Nina has an account for two applications, Letters and Numbers, create either two credentials (nina_account_letters and nina_account_numbers) or a single credential that includes both applications in its name (nina_accounts_letters_numbers).

Affiliated process team members can link global credentials to activity parameters in automations:

Editing or deleting a credential affects all configurations that use the credential.

Check the usage of a credential before changing or deleting it.

Before You Begin

Ask an organization administrator in Access Management to assign you the required permissions:

Action	RPA Permission	Deprecated RPA Permission
Open the Process Automation module.	RPA Automations Designer, RPA Automations Contributor, RPA Automations Manager, RPA Administrator	Process Automation Open
Create and change global variables and credentials to use in the test phase.	RPA Automations Contributor, RPA Automations Manager, RPA Administrator	Global Variables Create for Test phase, Global Variables Edit for Test phase
Create and change global variables and credentials to use in the production phase.	PA Automations Contributor, RPA Automations Manager, RPA Administrator	Global Variables Create for Production phase, Global Variables Edit for Production phase
Delete global variables and credentials.	RPA Automations Manager, RPA Administrator	Global Variables Delete

Action

RPA Permission

Deprecated RPA Permission

Open the Process Automation module.

RPA Automations Designer, RPA Automations Contributor, RPA Automations Manager, RPA Administrator

Process Automation Open

Create and change global variables and credentials to use in the test phase.

RPA Automations Contributor, RPA Automations Manager, RPA Administrator

Global Variables Create for Test phase, Global Variables Edit for Test phase

Create and change global variables and credentials to use in the production phase.

PA Automations Contributor, RPA Automations Manager, RPA Administrator

Global Variables Create for Production phase, Global Variables Edit for Production phase

Delete global variables and credentials.

RPA Automations Manager, RPA Administrator

Global Variables Delete

If you have access to an Amazon Web Services (AWS) account and want to create AWS credentials for RPA Builder Document Processing with AWS action steps, configure the basic settings for the AWS CLI.
If you have access to a Microsoft Azure account and want to create OAuth credentials for RPA Builder Mail Session (Outlook with OAuth) action steps, follow these instructions:
If you want to use RPA Builder to generate a refresh token for your OAuth credentials, ask an administrator to assign you the Builder Usage privilege.

Create a Credential

Create credentials that a bot can use to log in to an external application during process runs.

To create a credential:

Open the Credential Pool view of the Process Automation module.
Click Create.
Complete the Create a New Credential form:
- User affiliation
  
  Select users that may view, edit, and use the credential. Add yourself so that you can also view, edit, and use the credential.
- User group affiliation
  
  Select user groups whose members may view, edit, and use the credential.
  
  If you use an Anypoint account to login to RPA Manager, user groups are replaced by teams.
- Phase affiliation
  
  Phases in which the credential can be deployed. When you create or change the credential, your privileges determine which phases the user can select:
  - Test
    
    The credential can be deployed in the test phase.
  - Production
    
    The credential can be deployed in the production phase.
- Type
  
  Type of the global credential, which determines where you can use it. The original value defined in RPA Builder is typed. Select one of the following types:
  - AWS Credentials
    
    Use this credential to access Amazon Web Services. Fill in the client ID, client secret, and region. The session token is optional.
  - Connected App Credentials
    
    Use this credential to access MuleSoft Intelligent Document Processing (IDP) via RPA Builder action steps.
    
    Client ID
    
    Client ID of the connected app configured to call IDP.
    
    Client Secret
    
    Client Secret of the connected app configured to call IDP.
  - OAuth Credentials
    
    Use this credential to access the Microsoft Outlook email application via Microsoft Azure.
    
    OAuth Host
    
    The host address used to get the credentials. The default address for Outlook services is https://login.microsoftonline.com/common/oauth2/v2.0/. This address might change if the customer uses a self hosted service.
    
    Client ID
    
    To authenticate with the OAuth Host, define an Azure application in your space. This Azure application has an ID, which is unique in the entire OAuth Host space, and that allows users to explicitly grant or revoke access for this Azure application to their accounts.
    
    For more information about how to create this Azure application for Outlook, see Quickstart: Register an application with the Microsoft identity platform.
    
    Client Secret
    
    This secret enables RPA Manager to prove to the OAuth Host that it received permission to access user accounts on behalf of the registered Azure application. Without it, authentication is not possible.
    
    Redirect URI
    
    The URI to which the OAuth Host redirects after the user completes the authentication attempt. This redirect URI must be registered with the Azure application. The OAuth Host allows authentication only if the entered redirect URI matches one of the registered URIs.
    
    Scopes
    
    The scopes define which permissions you grant over your account to the Azure application. Separate the scopes to grant by blank spaces, for example offline_access https://outlook.office.com/IMAP.AccessAsUser.All.
    
    If you leave the scopes field empty, RPA Manager grants the following scopes by default:
    
    offline_access
    
    (Required) Enables access via a refresh token, which you can use to repeatedly log in to the mail services without requiring user interaction each time.
    
    https://outlook.office.com/IMAP.AccessAsUser.All
    
    (Required when using IMAP) Enables reading and moving emails from the Outlook IMAP server.
    
    https://outlook.office.com/POP.AccessAsUser.All
    
    (Required when using POP3) Enables reading emails from the Outlook POP3 server.
    
    https://outlook.office.com/SMTP.Send
    
    (Required when using SMTP) Enables sending emails from the Outlook SMTP server.
    
    openid email
    
    Enables RPA Manager to automatically detect the email account used to log in to the Azure application. If this scope is omitted, you must provide an email in RPA Builder.
    
    E-Mail Address
    
    Specifies the email address for accessing Outlook.
    
    Refresh Token
    
    Specifies the refresh token generated with the authentication properties.
    
    Learn how to generate an OAuth refresh token with RPA Builder.
  - User Account Credentials
    
    Use this credential to access all other types of applications. Fill in the username and password.
Click OK.

Check the Usage of a Credential

Before editing a credential, check its usage to avoid inadvertent side effects. You can check the usage of a credential only if you belong to the affiliated users of that credential.

To check the usage of a credential:

Open the Credential Pool view of the Process Automation module.
Click Usage () in the row of the credential to check.

A window with a table shows you the configurations that use the credential.

Edit a Credential

Edit a credential to change its data. You cannot change the type of a credential. You can edit a credential only if you belong to the affiliated users of that credential.

Check the usage of the credential first to avoid inadvertent side effects:

Open the Credential Pool view of the Process Automation module.
Click Edit () in the row of the credential to edit.
Change data in the Edit the Credential form.

For an explanation of the properties, see Create a Credential.
Click Save.

The credential is changed everywhere it is used.

Delete a Credential

Delete credentials that are no longer needed. You cannot delete credentials linked in configurations. You can only delete a credential if you belong to the affiliated users of that credential.

To delete a credential:

Open the Credential Pool view of the Process Automation module.
Click Delete () in the row of the credential to delete.
Confirm the deletion.

Gartner names MuleSoft a Leader

Unleash the power of Salesforce Customer 360 through integration

Anypoint Platform Fundamentals

MuleSoft at World Tour