A user is an entity that stores the assigned role(s), email settings and enables you to login to Orchestrator. A user’s view of Orchestrator is dependent on the assigned roles.
There are two types of users: Robot and User. The Robot user is automatically created when you deploy a Robot to Orchestrator, with the Robot role. This grants your Robot access to multiple pages, so that it's able to:
- read details from the Settings page;
- communicate and display its configuration its status in the Robots page;
- read process and package information;
- read data from the Assets page;
- be displayed in the Environments page and be assigned to environments;
- read queue details from the Queues page;
- view, edit and create transactions;
- display its status in the Jobs page and read information, such as which process to execute;
- communicate its status in the Schedules page and read information such as when to execute a given process;
- write logged messages to the Logs page.
The other type, User , is used to log into Orchestrator, have a custom view of Orchestrator, depending on your position within the automating team and, optionally, to receive email alerts. This type of users can be imported from the Active Directory or they can be created directly in Orchestrator (local users).
Orchestrator comes with one predefined user only: admin. Its username cannot be changed, and it cannot be deleted. It comes with the Administrator role, but you can add other roles to it, and even deactivate it. Note that you can not deactivate the user you are currently logged in with.
If Organization Units are enabled, a user with no assigned Organization Unit does not have access to any type of entity.
The Users page displays all available users, enables you to edit their details or remove them, and import users from Active Directory groups (only if the
WindowsAuth.Enabled parameter is set to
true and the
WindowsAuth.Domain parameter is filled in with a valid domain). Editing a user requires your user to have View and Edit permissions on Users, as well as View permissions on Roles. Read more about roles.
Users created in Orchestrator with Enabled Windows Authentication can log in both as a local and domain user.
Logging in with the same user on a different machine disconnects the user from the first machine.
After 10 failed login attempts the user is locked out for 5 minutes. These are the default Account Lockout settings which can be changed on the Security tab.
You can open the Users page from the User menu.
Robot users are also displayed on this page, yet you can only change their roles.
You can access the Profile page of each user in order to view General details and modify them, as well as to view Login Attempts. Learn more about the Profile page.
The Profile page only allows you to change General details for all users. You can only change the password in your own profile page.
Users with the Administrator role can edit user information even for currently logged in users, including the password.
The Login Attempts window is not available for Robot users.
Editing a user requires you to have View and Edit permissions on Users, as well as View permissions on Roles. Read more about roles.
Users with the Administrator role can activate, deactivate, and remove other users. You cannot delete users that have the Administrator role.