Manage Credentials
Credentials store login data for external applications or web services. By using a credential, a bot can log in to an application during process runs. Passwords are encrypted. Only affiliated users can view, edit, and use the credentials.
You can create the following types of credentials:
-
AWS Credentials
To access Amazon Web Services to use them with the RPA Builder Document Processing with AWS action steps.
-
Connected App Credentials
To access MuleSoft Intelligent Document Processing (IDP) with RPA Builder MuleSoft IDP action steps.
-
Google API Service Account Credentials
To access the Google API with the Google Drive operation action steps.
-
OAuth Credentials
To access the Microsoft Outlook and Gmail email applications with the RPA Builder Mail Session (OAuth) action steps.
-
User Account Credentials
To access all other kinds of applications.
Use descriptive names for credentials and only use them in an appropriate context. For example, if the employee Nina
has an account for two applications, Letters
and Numbers
, create either two credentials (nina_account_letters
and nina_account_numbers
) or a single credential that includes both applications in its name (nina_accounts_letters_numbers
).
Affiliated process team members can link global credentials to activity parameters in automations:
Editing or deleting a credential affects all configurations that use the credential.
Check the usage of a credential before changing or deleting it.
Before You Begin
-
Ask an organization administrator in Access Management to assign you the required permissions:
Action RPA Permission Deprecated RPA Permission Open the Process Automation module.
RPA Automations Designer, RPA Automations Contributor, RPA Automations Manager, RPA Administrator
Process Automation Open
Create and change global variables and credentials to use in the test phase.
RPA Automations Contributor, RPA Automations Manager, RPA Administrator
Global Variables Create for Test phase, Global Variables Edit for Test phase
Create and change global variables and credentials to use in the production phase.
PA Automations Contributor, RPA Automations Manager, RPA Administrator
Global Variables Create for Production phase, Global Variables Edit for Production phase
Delete global variables and credentials.
RPA Automations Manager, RPA Administrator
Global Variables Delete
-
If you have access to an Amazon Web Services (AWS) account and want to create AWS credentials for RPA Builder Document Processing with AWS action steps, configure the basic settings for the AWS CLI.
-
If you have access to a Microsoft Azure account and want to create OAuth credentials for RPA Builder Mail Session (Outlook with OAuth) action steps, follow these instructions:
-
To autofill the Google API service account credentials, obtain the credentials JSON file from your Google Cloud Console administrator.
If you have access to the Google Cloud console, follow the instructions in Create credentials for a service account to obtain credentials for your Google Cloud service account.
-
If you want to use RPA Builder to generate a refresh token for your OAuth credentials, ask an administrator to assign you the
Builder Usage
privilege.
Create a Credential
Create credentials that a bot can use to log in to an external application during process runs.
To create a credential:
-
Open the Credential Pool view of the Process Automation module.
-
Click Create.
-
Complete the Create a New Credential form:
-
Select users that may view, edit, and use the credential. Add yourself so that you can also view, edit, and use the credential.
-
User group affiliation
Select user groups whose members may view, edit, and use the credential.
If you use an Anypoint account to login to RPA Manager, user groups are replaced by teams.
-
Phase affiliation
Phases in which the credential can be deployed. When you create or change the credential, your privileges determine which phases the user can select:
-
Test
The credential can be deployed in the test phase.
-
Production
The credential can be deployed in the production phase.
-
-
Type
Type of the global credential, which determines where you can use it. The original value defined in RPA Builder is typed. Select one of the following types:
-
AWS Credentials
Use this credential to access Amazon Web Services. Fill in the client ID, client secret, and region. The session token is optional.
-
Connected App Credentials
Use this credential to access MuleSoft Intelligent Document Processing (IDP) via RPA Builder action steps.
-
Client ID
Client ID of the connected app configured to call IDP.
-
Client Secret
Client Secret of the connected app configured to call IDP.
-
-
Google API Service Account Credentials
Use this credential to access the Google API with the Google Drive operation action steps.
Click Autofill from JSON to import the authentication data from a credentials JSON file provided by your Google Cloud Console administrator. The JSON file must contain all properties of the form.
-
OAuth Credentials
Use this credential to access the Microsoft Outlook or Google Gmail email applications.
In the current version of the OAuth Credentials, OAuth Authorization Endpoint and OAuth Token Endpoint replace OAuth Host. Check your processes to see if they exchanged the Activity Parameters and create new credentials to link. -
OAuth Host
The host address used to get the credentials. The default address for Outlook services is
https://login.microsoftonline.com/common/oauth2/v2.0/
. This address might change if the customer uses a self hosted service. -
OAuth Authorization Endpoint
The URL for the OAuth authentication endpoint. Defaults to the following values, depending on the selected provider:
-
Outlook:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
-
Google:
https://accounts.google.com/o/oauth2/v2/auth
-
-
OAuth Token Endpoint
The URL for the OAuth Refresh Token process. Defaults to the following values, depending on the selected provider:
-
Outlook:
https://login.microsoftonline.com/common/oauth2/v2.0/token
-
Google:
https://www.googleapis.com/oauth2/v4/token
-
-
Client ID
To authenticate with the OAuth Host, define an Azure application in your space. This Azure application has an ID, which is unique in the entire OAuth Host space, and that allows users to explicitly grant or revoke access for this Azure application to their accounts.
For more information about how to create this Azure application for Outlook, see Quickstart: Register an application with the Microsoft identity platform.
-
Client Secret
This secret enables RPA Manager to prove to the OAuth Host that it received permission to access user accounts on behalf of the registered Azure application. Without it, authentication is not possible.
-
Redirect URI
The URI to which the OAuth Host redirects after the user completes the authentication attempt. This redirect URI must be registered with the Azure application. The OAuth Host allows authentication only if the entered redirect URI matches one of the registered URIs.
-
Scopes
The scopes define which permissions you grant over your account to the Azure application. Separate the scopes to grant by blank spaces, for example
offline_access https://outlook.office.com/IMAP.AccessAsUser.All
.If you leave the scopes field empty, RPA Manager grants the following scopes by default:
-
offline_access
(Required) Enables access via a refresh token, which you can use to repeatedly log in to the mail services without requiring user interaction each time.
-
https://outlook.office.com/IMAP.AccessAsUser.All
(Required when using IMAP) Enables reading and moving emails from the Outlook IMAP server.
-
https://outlook.office.com/POP.AccessAsUser.All
(Required when using POP3) Enables reading emails from the Outlook POP3 server.
-
https://outlook.office.com/SMTP.Send
(Required when using SMTP) Enables sending emails from the Outlook SMTP server.
-
openid email
Enables RPA Manager to automatically detect the email account used to log in to the Azure application. If this scope is omitted, you must provide an email in RPA Builder.
-
-
E-Mail Address
Specifies the email address for accessing Outlook.
-
Refresh Token
Specifies the refresh token generated with the authentication properties.
Learn how to generate an OAuth refresh token with RPA Builder.
-
-
User Account Credentials
Use this credential to access all other types of applications. Fill in the username and password.
-
-
-
Click OK.
Check the Usage of a Credential
Before editing a credential, check its usage to avoid inadvertent side effects. You can check the usage of a credential only if you belong to the affiliated users of that credential.
To check the usage of a credential:
-
Open the Credential Pool view of the Process Automation module.
-
Click Usage () in the row of the credential to check.
A window with a table shows you the configurations that use the credential.
Edit a Credential
Edit a credential to change its data. You cannot change the type of a credential. You can edit a credential only if you belong to the affiliated users of that credential.
Check the usage of the credential first to avoid inadvertent side effects:
-
Open the Credential Pool view of the Process Automation module.
-
Click Edit () in the row of the credential to edit.
-
Change data in the Edit the Credential form.
For an explanation of the properties, see Create a Credential.
-
Click Save.
The credential is changed everywhere it is used.
Delete a Credential
Delete credentials that are no longer needed. You cannot delete credentials linked in configurations. You can only delete a credential if you belong to the affiliated users of that credential.
To delete a credential:
-
Open the Credential Pool view of the Process Automation module.
-
Click Delete () in the row of the credential to delete.
-
Confirm the deletion.