UiPath Orchestrator Guide

App Settings

The Web.config file (C:\Program Files (x86)\UiPath\Orchestrator) contains multiple settings that enable you to configure Orchestrator to your liking. Most of the parameters that interest you can be found under appSettings, but there might be some logging configurations that can be changed after install.

Note:

It is recommended that only administrators change the values of these parameters.
Additionally, it is recommended that you shut down the IIS site in order to modify web.config settings under any circumstances.

Advanced Installation Settings

  • DeploymentUrl - The address of a web app that uses the NuGet protocol (NuGet, MyGet), so that you can store your packages. By default, this is empty as Orchestrator provides a default NuGet package manager. This value should be changed only if you install Orchestrator in a cluster. For this to work properly, you also have to configure the following parameters: requireApiKey, NuGet.Packages.ApiKey, and NuGet.Packages.Path as described below. The default value is used in the initial seeding of the database.
  • MonitoringUrl - The URL where you set up the Monitoring service. By default, this value is blank as Orchestrator comes with its own monitoring endpoint.This value should be changed only if you install Orchestrator in a cluster. The default value is used in the initial seeding of the database.
  • NotificationHubUrl - The URL where the SignalR channel is located. By default, this value is blank as Orchestrator comes with its own notification endpoint. This value should be changed only if you install Orchestrator in a cluster. The default value is used in the initial seeding of the database.
  • LoggingUrl - The URL where you want to save logs. By default, this value is blank as Orchestrator comes with its own logging endpoint. This value should be changed only if you install Orchestrator in a cluster. The default value is used in the initial seeding of the database.
  • LoggingIndex - The ElasticSearch index. By default, it is set to logflow. The default value is used in the initial seeding of the database.
  • QueuesSvcUrl - The URL address of the Queues service. By default, this value is blank as Orchestrator comes with its own queues endpoint. This value should be changed only if you install Orchestrator in a cluster. The default value is used in the initial seeding of the database.
  • EncryptionKey - The encryption key used to secure passwords from credential assets. If you are using an environment with a network load balancer, this key should be the same for all machines.

Queues

  • autogenerateStatistics - Automatically generates transaction charts. By default, this parameter is set to true.
  • inProgressMaxNumberOfMinutes - The maximum amount of time queue items can have the In Progress status. After this time, the status of the queue items changes to Abandoned. By default, this is set to 1440 minutes (24 hours).
  • QueuesStatisticsScheduleCron - The amount of time at which to update queue items statistics in the Dashboard and Transactions page, and the Chart window. By default, they are updated every minute.
  • UpdateUncompletedItemsJobCron - The amount of time at which to look in the database for queues that need to be moved to Abandoned. By default, this parameter is set to every hour.

Alerts

  • DailyAlertMailJobCron - If e-mail alerts are enabled, a report (with all Fatal and Error messages that were received during the previous day) is sent every day at 7 a.m.
  • Alerts.Email.Enabled - Enable or disable e-mail alerts for Fatal and Error messages. This parameter corresponds to the Enable Alerts Email check box from the Settings page. By default, it is set to false. For it to work, you also have to configure the e-mail related settings, from the Settings page. The default value is used in the initial seeding of the database. Changing the value afterwards does not toggle email alerts.
  • NotificationDistributerJobCron - the frequency with which alert notifications are sent to the interface. Alerts are sent by default every 10 seconds.
  • PeriodicErrorMailJobCron - the frequency with which email alerts should be sent. The default value is every 10 minutes.
  • PasswordComplexity - Controls the validation rules for password complexity and is expressed using regular expressions. The complexity applies to all passwords (including the host admin one) by default but each tenant can customize their user login password complexity on the Security tab in the Settings page. By default, passwords must contain at least 8 characters and at least one letter and a digit.
  • SystemJobs.DetectNotRespondingRobots.MaxAlertCount - Enables you to limit the number of alerts that are sent when Robots become unresponsive. This parameter can be useful if your Orchestrator instance deals with a very large number of Robots and most of them become unresponsive often. Please note that is is not displayed in the configuration file by default. For example, if you want to limit the number of alerts you receive for unresponsive Robots to 10, add <add key="SystemJobs.DetectNotRespondingRobots.MaxAlertCount" value="10" /> in the web.config file, under all the other alerts parameters. If you apply this setting, please note that a warning is raised in the Event Viewer when the total number of alerts is higher than that of the ones configured, such as: Alerts not published: total number of unresponsive sessions (21) is bigger than configured max allowed (10)..

Deployment

  • NuGet.Packages.Path - The NuGet path to the packages folder. By default, this is ~/NuGetPackages. This can be a virtual or physical path.
  • NuGet.Packages.ApiKey - The license key of your NuGet account. If the activities and packages are stored in the same NuGet feed, the value of this parameter has to be identical to the NuGet.Activities.ApiKey one. The default value is used in the initial seeding of the database. Please note that arbitrary strings are also accepted.
  • NuGet.Activities.Path - The NuGet path to the activities folder. By default, this is ~/NuGetPackages/Activities.
  • NuGet.Activities.ApiKey - The license key of your NuGet account. If the activities and packages are stored in the same NuGet feed, the value of this parameter has to be identical to the NuGet.Packages.ApiKey one. Please note that arbitrary strings are also accepted.

Package synchronization between multiple Orchestrator nodes and Orchestrator interface can be done either by monitoring the file system or using Redis. This can be configured using the configuration below. The recommended way is through Redis.

  • NuGet.EnableFileSystemMonitoring - If set to true, constant file system monitoring is used to reflect the updates and changes from the packages folder. If set to false, the sync of cache files on all nodes (cluster environment) or the sync between the packages directory and the Orchestrator interface (single-node environment) is done every 60 minutes. By default, this parameter is set to true.
  • Nu.Get.EnableRedisNodeCoordination - If set to true, then the package synchronization between nodes is done using Redis, instead of File System Monitoring. The sync is triggered whenever a package is uploaded or removed from Orchestrator through the interface, API or Studio publishing functionality. Please note that if you manually copy and paste package files (.nupkg) in the Orchestrator packages folder, the sync of cache files of all nodes is done every 60 minutes. If this setting is used, the Redis component is mandatory. Please note that if you use this parameter, you have to set NuGet.EnableFileSystemMonitoring to false. By default, this parameter is set to false.

Authorization

Note:

Google authentication only works if Orchestrator is set up on a top-level domain.

  • ExternalAuth.Google.Enabled - Enables or disables Google authentication. By default, this is set to false.
  • ExternalAuth.Google.ClientId - A Google API code required for Google authentication. This cannot work without the ExternalAuth.Google.ClientSecret.
  • ExternalAuth.Google.ClientSecret - A Google API code required for Google authentication. This cannot work without the ExternalAuth.Google.ClientId.

Note:

The WindowsAuth.Enabled, WindowsAuth.Domain and AcceptedRootUrls parameters have to be configured before you can import Active Directory groups.

  • WindowsAuth.Enabled - Enables or disables Windows Active Directory authentication. It is automatically set according to what you chose during the installation process. By default, it is set to false.
  • WindowsAuth.Domain - The Windows domain that the users from the Active Directory that you want to import are connected to.
  • WindowsAuth.AutoLogin.Enabled - Enables or disables Windows automatic login. The value of this parameter is set during the installation or upgrade process.
  • AcceptedRootUrls - Enables you to add a list of trusted URLs. If no value is attributed to this setting, then no one can access Orchestrator. If you want to add multiple URLs, do it without spaces and separate items through commas (,), such as "https://server1,https://server2".
  • Auth.Cookie.Expire - The amount of time after which you are automatically logged off, in minutes. By default, this is set to 30 minutes.
  • Auth.Cookie.ValidateInterval - Add this line, in the <add key="Auth.Cookie.ValidateInterval" value="0"/> format, if you want to change the amount of time (in seconds) until you are logged out after a password reset. When this line is not added, the default is 60 seconds.

Multi-tenancy

  • Tenant.Registration.Enabled - Enables the creation of tenants, from the Login page, so that data can be isolated according to teams. By default, this is set to false. The default value is used in the initial seeding of the database. Changing the value afterwards does not toggle the tenant creation options.

Load Balancer

These settings should only be modified if you are using a load balancer.

  • LoadBalancer.UseSqlServer - Use the default SQL database to distribute messages to and from all the machines connected through your load balancer. By default, it is set to false.
  • LoadBalancer.UseRedis - Use Redis as a database to distribute messages and cache to and from all the machines connected through your load balancer. By default, it is set to false.
  • LoadBalancer.Enabled - Enables a load balancer set-up if set to true. By default, it is set to false.
  • LoadBalancer.Redis.ConnectionString - Can only be used if LoadBalancer.Enabled is set to true. A connection string that enables you to set up your Redis server, which contains the URL of the server, the password, and port used with Redis. It is also possible to enable SSL encrypted connections between the Orchestrator nodes and the Redis service. For more information, please click here. Examples:
    • with SSL enabled - <add key="LoadBalancer.Redis.ConnectionString" value="DOCWREDIS02:6379,password=12345678,ssl=true" />
    • without SSL enabled - <add key="LoadBalancer.Redis.ConnectionString" value="DOCWREDIS02:6379,password=12345678" />

Password Vault

  • Vault.Type - Enables you to select where Robot credentials are stored. The following options are available:
    • default - Robot credentials are stored in the Orchestrator database.
    • CyberArk - Robot credentials are stored in CyberArk’s Security vault, provided you correctly filled in the Vault.CyberArk.AppId, Vault.CyberArk.Safe, Vault.CyberArk.Folder.
  • Vault.CyberArk.AppId - The application id, as it is in the CyberArk® Enterprise Password Vault®.
  • Vault.CyberArk.Safe - The safe name, as it is in CyberArk® Enterprise Password Vault®.
  • Vault.CyberArk.Folder - The location in which your credentials are stored in CyberArk® Enterprise Password Vault®, such as ROOT\applications.

Organization Units

  • OrganizationUnit.Enabled - When set to true, it enables you to add an additional level of data separation, through organization units. By default, it is set to false. Keep in mind that this functionality is considered experimental.
  • HelpUrl - Enables you to point the Help button in Orchestrator to any version of the Orchestrator user guide, such as https://orchestrator.uipath.com/v2018.1/. If you set the value to https://orchestrator.uipath.com/, the last released version of the user guide is accessible.
  • Database.EnableAutomaticMigrations - Handles the initialization of the database and quartz setup system jobs for both installations and upgrades. If set to true, the database and quartz setup system jobs are installed or upgraded when you start or restart the Orchestrator web application. If set to false, they are installed or upgraded from the Windows installer. The latter is the default value.

Azure AD Authentication

  • ExternalAuth.AzureAD.Enabled - When set to true, enables you to use the Azure Active Directory for authentication. By default, it is set to false.
  • ExternalAuth.AzureAD.ApplicationId - The ApplicationId associated with the registered Orchestrator in an Azure Active Directory.
  • ExternalAuth.AzureAD.RedirectUri - The Orchestrator web app URL that should also be used when registering the Orchestrator in Azure Active Directory, such as https://platform.uipath.com.

Important!

It is not recommended to use Microsoft Azure AD and Windows AD on the same Orchestrator instance.

Logs

  • Logs.RequestAbortedLogBehavior - Specifies the logging behavior for cancellation exceptions. Note that this parameter is hidden by default. The following values are available:
    • Ignore - All cancellation exceptions are ignored if the corresponding requests were aborted. This is the default value.
    • Info - Cancellation exceptions are logged with Info severity level.
    • None - Cancellation exceptions are logged with Error severity level.

For example, if you don't want any cancellation exceptions to be logged, add <add key="Logs.RequestAbortedLogBehavior" value="Ignore" /> in the web.config file.

Scalability

  • Scalability.Heartbeat.PeriodSeconds - The time interval, expressed in seconds, at which the Robot sends a heartbeat to Orchestrator, letting the latter know its status. By default, it is set to 30 seconds.
  • Scalability.Heartbeat.FailureThreshold - The number of successively failed heartbeats send by a Robot until it is marked as unresponsive in Orchestrator. By default, it is set to 4, meaning that after 2 minutes of failed heartbeats (4 x 30 seconds = 2 minutes) a Robot is flagged as unresponsive.
  • Scalability.SignalR.Enabled - Specifies if the Robot service should subscribe to Orchestrator's SignalR channels. By default, it is set to true.
  • Scalability.SignalR.Transport - Specifies the transport protocol used to connect to Orchestrator's SignalR channels. The following values can be attributed (any combination - bitwise OR):
    • WebSocketTransport = 1
    • ServerSentEventsTransport = 2
    • LongPollingTransport = 4
    • Default value: 7 (WebSocketTransport | ServerSentEventsTransport | LongPollingTransport)

system.webServer

<dynamicTypes>
	<remove mimeType="text/csv" />
	<add mimeType="text/csv" enabled="true" />
</dynamicTypes>

This element enables the compression of dynamic content, respectively large downloadable .csv reports, in Orchestrator. By default, this feature is enabled - set to true. To disable it change the value of the enabled attribute to false.