Active Directory integration

This section provides an overview of how Active Directory is integrated with Blue Prism, for more details, see Active Directory Integration. For details of Authentication Server, see the Authentication Server Configuration Guide.

There are a number of common considerations when deploying Blue Prism within an Active Directory Network Infrastructure:

• How runtime resources can authenticate against target business applications using single sign-on.
• A common Active Directory Network Infrastructure allows native encryption of internal Blue Prism communications.

• User access to the Blue Prism platform can be configured to use single sign-on where user accounts reside in trusted forests.

Runtime resources accessing target applications using single sign-on

The Blue Prism runtime resources are responsible for executing the processes designed and configured within the platform. Typically processes will require interaction with various applications and systems, some of which may be integrated with Active Directory for single sign-on (SSO). Using a domain account to authenticate the runtime resources against the network allows a process to authenticate with relevant target systems using single sign-on. This simplifies the security model and accelerates development.

Additional benefits of using a domain account to authenticate a runtime resource include:

• Enforces existing security policies for the runtime resources, for example, password reset and complexity requirements.
• Allows Active Directory Group Policy Objects (GPO) to be used to enforce user specific settings.
• Provides auditability and control of the account via Active Directory.
• Simplifies access to network resources such as shared drives, mailboxes, printers, and so on.

Active Directory allowing natively secured internal Blue Prism communications

When the Blue Prism components are deployed within an Active Directory Network Infrastructure configured with appropriate domain trusts, communication message security is enabled by default for the necessary inter-component communication.

If using the following connection modes with a Blue Prism Server connection, a Service Principal Name (SPN) must be configured against the Active Directory (AD) account under which each Blue Prism Server service instance is running:

• WCF: SOAP with Message Encryption & Windows Authentication
• WCF: SOAP with Transport Encryption & Windows Authentication
• .NET Remoting Secure

Further information on securing connections by enabling message security is provided in the Securing Blue Prism Network Connectivity data sheet.