1 BEST ANSWER
Best Answers
Hi Jose,
I am a bit confused from your question in understanding if you are referring to the credentials of any application for the service account of the robot or the windows credential itself which the robot uses to log in to the VDI?
If you mean storing the credential of any application for robots, then yes we use 'Credential Manager' functionality of Blue Prism which is ideally present under your system tab:
One of the best practices that is followed while storing any credential is that we store the credentials for any application with a credential name that comprises of:
For example, let us assume I want to store credentials to log into Workday and my resource name is: DESKTOP-C391FA9, then I will be creating one credential item in my Credential Manager with the name as:
We do this as tomorrow if we scale and let say there are multiple robots which would be using this same workday application then in order to fetch the respective credentials from each robot machine we can use the 'Get' action from 'Internal - Credentials' VBO which helps us to get the parameter stored for a supplied credential name and this credential name that we will pass would be something like:
So ideally this function,
Now, if you mean the second part of my understanding which was how we store credentials of any individual bot's service account to login into the Windows OS itself, then that is ideally done with the help of third party credential management and storage tools such as 'CyberArk', 'strongDM', 'Thycotic' and many more software. The benefit of using such systems are first they securely store your credentials and they can be only fetched via some secure mechanism like passing encrypted tokens, also a review approval process can be setup which when approved by someone will only allow the credential to be fetched. Secondly, they have algorithms which can update these passwords automatically after a set interval of time and the same can be incorporated as the login password all via API's. Thirdly, auditing becomes a lot more easier as anyone can track who requested for what credentials at what particular time and if approved who approved the request and so on. I have however, seen one client where they had a master bot in Blue Prism which used to store all these credentials, change the passwords regularly at a set interval of time and manage the accesses of the same using Blue Prism Credential Manager functionality along with some internal API integrations with a SQL server database but well generally I have not seen that kind of practice being followed when it comes to storing the credential of a service account of a robot.
------------------------------
----------------------------------
Hope it helps you out and if my solution resolves your query, then please mark it as the 'Best Answer' so that the others members in the community having similar problem statement can track the answer easily in future
Regards,
Devneet Mohanty
Intelligent Process Automation Consultant | Sr. Consultant - Automation Developer,
WonderBotz India Pvt. Ltd.
Blue Prism Community MVP | Blue Prism 7x Certified Professional
Website: https://devneet.github.io/
Email: devneetmohanty07@gmail.com
----------------------------------
------------------------------
I am a bit confused from your question in understanding if you are referring to the credentials of any application for the service account of the robot or the windows credential itself which the robot uses to log in to the VDI?
If you mean storing the credential of any application for robots, then yes we use 'Credential Manager' functionality of Blue Prism which is ideally present under your system tab:
One of the best practices that is followed while storing any credential is that we store the credentials for any application with a credential name that comprises of:
<RESOURCE_MACHINE_NAME>:<APPLICATION_NAME>For example, let us assume I want to store credentials to log into Workday and my resource name is: DESKTOP-C391FA9, then I will be creating one credential item in my Credential Manager with the name as:
DESKTOP-C391FA9:WorkdayWe do this as tomorrow if we scale and let say there are multiple robots which would be using this same workday application then in order to fetch the respective credentials from each robot machine we can use the 'Get' action from 'Internal - Credentials' VBO which helps us to get the parameter stored for a supplied credential name and this credential name that we will pass would be something like:
So ideally this function,
GetResourceName() whenever is executed by any bot it will set the machine name of that bot itself and hence the credential name formed as a result of this would ideally map to the credential stored for that bot only. This is how multiple service accounts for each individual bot can be stored while accessing any application credential.Now, if you mean the second part of my understanding which was how we store credentials of any individual bot's service account to login into the Windows OS itself, then that is ideally done with the help of third party credential management and storage tools such as 'CyberArk', 'strongDM', 'Thycotic' and many more software. The benefit of using such systems are first they securely store your credentials and they can be only fetched via some secure mechanism like passing encrypted tokens, also a review approval process can be setup which when approved by someone will only allow the credential to be fetched. Secondly, they have algorithms which can update these passwords automatically after a set interval of time and the same can be incorporated as the login password all via API's. Thirdly, auditing becomes a lot more easier as anyone can track who requested for what credentials at what particular time and if approved who approved the request and so on. I have however, seen one client where they had a master bot in Blue Prism which used to store all these credentials, change the passwords regularly at a set interval of time and manage the accesses of the same using Blue Prism Credential Manager functionality along with some internal API integrations with a SQL server database but well generally I have not seen that kind of practice being followed when it comes to storing the credential of a service account of a robot.
------------------------------
----------------------------------
Hope it helps you out and if my solution resolves your query, then please mark it as the 'Best Answer' so that the others members in the community having similar problem statement can track the answer easily in future
Regards,
Devneet Mohanty
Intelligent Process Automation Consultant | Sr. Consultant - Automation Developer,
WonderBotz India Pvt. Ltd.
Blue Prism Community MVP | Blue Prism 7x Certified Professional
Website: https://devneet.github.io/
Email: devneetmohanty07@gmail.com
----------------------------------
------------------------------
