Logging in to Orchestrator using the Internet Explorer or Edge web browsers does not work if the name of your website contains an underscore (“_”), such as
You can log in to Orchestrator with:
- A user account previously created in the Users page (For more information, see the Managing Users page). Please note that on the first login, these users have to reset their password.
- A user account under a Windows Active Directory group that was previously imported in the Users page, (For more information, see the Importing Users from an AD group page). By default, the NTLM authentication protocol is used. To switch to Kerberos, please take a look at this page.
- A user account under a Microsoft Azure Active Directory group that was previously imported in the Users page, (For more information, see the Importing Users from an AD group page and these
Logging in with the same user on a different machine or browser session disconnects the user from the first machine/session.
If external users (from the Windows or Azure AD) are members of multiple tenants, when they log in they are redirected to the Choose Tenant page.
It is not recommended to use Microsoft Azure AD and Windows AD on the same Orchestrator instance.
You can also set up your environment to automatically log in to Orchestrator, on the default tenant.
If you enable AutoLogin and access an Orchestrator URL without being authenticated the app tries to automatically log in with your current Active Directory user, without redirecting to Login page. If AutoLogin is disabled you are redirected to Login page and have to manually press the "Windows" button to perform a Windows Login.
The user must first be created in the Users page.
- Fill in the Tenant name field. The last tenant used for authentication is remembered so if you want to use a different one, first click Change and then fill in the name.
Fill in the Username or email and Password fields.
(Optionally) Select the Remember me check box. This enables you to automatically login later on.
- Click Login. The first time you log in, the Change Password page is displayed in order for you to define a new password.
- In the Current Password field, type the password that was given to you by your Orchestrator administrator.
- In the New Password and Confirm Password fields, type a password of your choice.
- Click Change Password. Your password is changed, and Orchestrator is loaded. Access is provided to components according to the assigned role(s) and organization unit (if any).
After 10 failed login attempts the user is locked out for 5 minutes. These are the default Account Lockout settings which can be changed in the Security tab.
This login method is only available for Orchestrator with Enabled Windows Authentication.
The Active Directory group must first be imported or manually added in the Users page.
- Click the Windows button . The Authentication Required dialog box is displayed.
This dialog box is displayed only when the user is not in the AD or if it is not added to Orchestrator. If you are on a trusted machine, it should not appear.
- Fill in the User Name and Password fields.
- Click Log In. Orchestrator is loaded and access is provided to components according to the assigned role or roles.
By default, the user is locked for 5 minutes after 10 failed login attempts. You can change this in the Settings window under the Security tab.