cancel
Showing results for 
Search instead for 
Did you mean: 

Separate AD user for each application

EddaBurheim
Level 2
Hi!

I have troubles finding a good and secure structure for setting up a Blue Prism infrastructure where the IT-department wants a separate AD-user for each application the robot is using. At the same time they also want to set up Blue Prism with single sign on. 

What is the most elegant way to solve this problem? 

I have tried to see if I can use comand line params to launch applications from Blue Prism. However, this is not very secure do to the fact that Blue Prism then has to send the credentials for the user into the comand line. 

It would also not be optimal for each process to log into the machine for each time it is going into a new system. For us developing it will also not be optimal. 

Thanks!
Edda

------------------------------
Edda Burheim
Senior Consultant
AVO consulting
------------------------------
1 REPLY 1

AmiBarrett
Level 12
It sounds like you're trying to launch via the runas command? You can bypass the callback for a user's password and supply it in the same go by using PSExec from the PSTools package. The only thing with this is that you still have to store the credentials someplace, which even though they're encrypted, may violate security policies if you aren't using dedicated service accounts.

------------------------------
Ami Barrett
Lead RPA Software Developer
Solai & Cameron
America/Chicago
------------------------------