The capabilities described on this page are included in Appian's standard capability tier. Usage limits may apply. |
Note: If RPA isn't enabled for your Appian environment, you won't be able to use the Operations Console.
This page provides information on how to install and set up robots through the Operations Console.
Tip: Only administrators can create and delete robots in the Operations Console.
Before you begin, carefully review this checklist for creating new robots. It covers critical steps from launch decisions to final checks, ensuring your agents are optimally configured for effective robotic task execution. Completing each step is crucial for maintaining smooth and reliable operations within Appian RPA.
Note: Review the Agents page for complete information about setting up and monitoring agents.
Required role: Administrator
Note: Next steps
To enable a new robot to execute robotic tasks, ensure you install the agent on the host machine. The agent facilitates communication between Appian and the host machine, including relaying the robot's status. Before installation, make certain the host machine is properly configured.
You can use a VM to run robotic tasks. By default, VMs may timeout and become unavailable after a period of inactivity.
To ensure the VM remains available, you can allow Appian to sign in to the host machine to start an execution. You can also complete additional configurations on the VM. Microsoft Remote Desktop users can configure the following to prevent VM host machines from timing out:
Additionally, ensure that the agent you have downloaded on the host machine has administrator privileges to allow them to unblock sessions as needed.
Before a robotic task starts, it may need to access your host machine and start a user session if one isn't already active. On top of that, your business may restrict the privileges available to this user session.
You can configure your robot to allow Appian to automatically sign into a virtual machine as any designated user (basic or administrator) in order to start a robotic task. This means that you won't need to keep user sessions active on virtual machines in case a robotic task needs to start. Instead of keeping user sessions active, Appian can start a session as needed for robots with Standby status.
Appian can also automatically sign out of the host machine if there are no more robotic tasks to run after the last execution. Configure this option to build more flexibility into your unattended automations.
The automatic sign in service automatically syncs and updates to the latest version when connecting to a newer version of Appian RPA, ensuring you always have the latest security features and performance enhancements.
Note: Appian only supports Enable automatic sign in on Windows host machines.
You can find these configuration options when you create a robot or edit a robot's details.
To allow Appian to sign in:
Existing robots only: If you're allowing Appian to sign in for a robot you already set up, you need to replace the agent on the host machine by downloading the installer again:
To improve image recognition for automatic sign in, try disabling font smoothing before taking screenshots. If you're having trouble with the image recognition, this could help.
For the automatic sign-in service to work as expected, you must first complete several prerequisite steps. These steps and installation require administrator privileges. Once the service is installed, you can execute a robotic task using a standard user account.
Additionally, the host machine must use a Windows 64-bit OS (x64-based) and the user account Appian uses to sign in should be configured in the following ways:
To add the user account, go to Computer Management > Local Users and Groups > Groups > Remote Desktop Users
.
Local Security Policy > Local Policies > User Rights Assignment
:
Allow log on through Remote Desktop Services
Remote Desktop Settings
.Tip: You need administrator privileges on the host machine to install the sign-in service using the instructions below.
After you configure the host machine, install the sign-in files using the installation wizard:
C:\Users\<username>\AppData\Local
. The installer will create a folder titled Appian RPA
in this location with all the necessary files.Services
. You should see the new service in the list: Appian RPA AutologinService [Host Machine Name]
.You are now ready to use automatic sign-in.
Note: If your Windows OS uses a proxy for internet access, configure the auto-login service to use this proxy too. See the Configure the proxy for the auto-login service information on this page.
When installing the automatic sign-in service, the service is automatically started by the Local System account, which is the predefined local account used by the service control manager. You can change it to be another user if you'd like to use a separate account. This user account does not need administrator privileges.
To modify which account starts the service:
If your Windows OS uses a proxy for internet access, you need to configure the auto-login service to use this proxy too.
Before you begin, make sure you've set up a local account on the Windows Virtual Machine specifically for the auto-login service. You can choose any name for this account.
If you are logged in with... | Then... |
---|---|
an admin account | select Edit the system environment variables from the search results. The System Properties window displays. Next, click the Environment Variables button. |
a service account that does not have admin privileges | select Edit environment variables for your account from the search results. |
b. Configure the following fields:
http
or https
. If your proxy... | Then... |
---|---|
does not require authentication | enter each address as a regular URL. For example: http://proxyaddress:port |
requires authentication | embed the username and password in the URL like this: http://username:password@proxyaddress:port . Note: If your password includes the @ symbol, replace the symbol with |
Example
c. Click OK on each open window to close them and return to the desktop.
Configuration Option | Description |
---|---|
User-scoped environment variables (Recommended) |
We recommend using this user-scoped environment variables approach, because it is more secure and less likely to interfere with other programs that may be running on the same machine.
|
Machine-scoped environment variables | Select the Local System account radio button. |
Back in the Operations Console, you can test the connection to the host machine remotely. Appian does this through Remote Desktop Protocol (RDP).
Tip: If there is an active user session on the robot, Appian may not be able to sign in successfully. For the best results, ensure there is no active user session for the user account Appian uses to sign in to the robot.
If your test was successful, then you're all set! Appian will automatically sign in to this host machine using the provided credentials whenever the robot is called upon to execute a robotic task.
To help keep you on track, Appian may display messages to show you when it's unable to sign in. Use the following table to understand the error and learn how to fix the issue.
Error message | Reason | Guidance |
---|---|---|
Invalid sign-in credentials. Unable to sign in because the credentials are invalid. Check the username and password are correct and try again. | Appian tried to sign into the user sessions using the credentials you provided, but it didn't work. The credentials may be inaccurate, or they don't match an account found on the domain. | Check the domain, username, and password fields to make sure they're correct. |
Robot not found. Unable to sign in because RDP couldn't locate the agent on the host machine. Check that the agent is installed on the host machine and try again. | Appian was unable to locate the agent file on the host machine. The agent is required to allow the host machine to communicate with Appian RPA. | Check that the agent is installed and that the user account configured to sign in to the host machine has permissions to run the agent. |
RDP is not enabled. Unable to sign in because Remote Desktop is disabled on the host machine. Enable Remote Desktop and try again. | Appian tried to sign in to a user session on the virtual machine, but RDP isn't enabled. | Enable RDP on the host machine. |
Error: Active user session. Unable to sign in because the host machine has an active session. Sign out from the active session and try again. | Appian tried to sign in to the virtual machine, but there is already an active user session. Note that this message appears for standard Windows operating systems. |
Sign out of the active user session on the host machine. |
Error: Active user session. Unable to sign in because the host machine has an active session for the OS user account you're using to sign in. Sign out from the user's active session and try again. | Appian tried to sign in to the virtual machine, but there is already an active user session for the user account you're using to sign in. Note that this message appears for Windows Server operating systems. |
Sign out of your active user session on the host machine. |
Error with automatic sign-in. Unable to sign in because of an issue with Remote Desktop. Review the Remote Desktop settings and try again. | Appian tried to sign in to the virtual machine, but was unable for an unknown reason. | Verify that the RDP settings on the host machine match the configurations listed above. |
Error with automatic sign-in. Unable to sign in because Remote Desktop didn't respond. Verify that the sign-in service is running on the host machine and try again. | Appian tried to sign in, but the sign-in service didn't respond in time. It might be that the sign-in service isn't running on the host machine. | Confirm that the sign-in service is running on the host machine. |
Error: Interactive logon message. Unable to sign in because the host machine has an interactive logon screen. Enable the Skip interactive logon message option on the Robot Details page and try again. | Appian tried to sign in, but the host machine has an interactive logon message. The robot wasn't configured to allow Appian to skip the interactive logon message. | Edit the robot details to allow Appian to skip the interactive logon message. |
For a robot to test, record, or execute robotic tasks, you need to install and launch the agent on the host machine. The agent enables the robot to communicate with Appian, so it's an essential part of the setup process.
You can download the installer when you create the robot. Or, you can download the installer at a later time through the MANAGE CONNECTION menu. Launch the guided installer to complete robot setup.
Required role: Administrator
Automating the installation of agents and the auto-login service on your host machines, especially on virtual machines that frequently terminate, can be a tedious process. Robot keys streamline this process. Robot keys encapsulate a robot's unique identity in a single credential that can be incorporated into your custom scripts. This not only facilitates the seamless automation of agent installations but also enables auto-login services on Windows OS.
You can store robot keys in your own secure credentials manager. Appian RPA ensures your security by automatically rotating your robot keys each time an agent connects and authenticates. This seamless process keeps your interactions secure without any extra effort on your part. However, for added flexibility, Appian RPA lets you manually update your robot keys at your convenience, offering you tailored control to meet specific security needs or preferences.
Setting up your robot key script is an essential step for preparing your system. You need to place a script in the same directory where your configuration file is located. When needed, the RPA agent or the auto-login service executes your script. The robot key should be the last line in the output of the script. An agent or auto-login service can then use this key to authenticate itself with Appian RPA.
If the OS is… | Then name the file… | Location |
---|---|---|
Windows | getRobotKey.bat |
During the installation process, the software is automatically installed in a folder named "Appian RPA," located in the user's Local App Data folder. If you need to locate this folder, you can open a command prompt window in the user's session and enter the command echo %LOCALAPPDATA% . |
Mac or Linux | getRobotKey.sh |
You created this folder on the host machine to store the AppianRPAagent.run file when you set up the robot. |
Example
Appian RPA automatically keeps your robot keys up-to-date for your security. If you need a more hands-on approach, follow these steps to enable manual robot key rotation.
If you have manual robot key rotation enabled, you need to periodically refresh your robot keys to you ensure that the security and integrity of your robots and systems are maintained.
Here are some considerations you should keep in mind when rotating robot keys:
To rotate a robot key:
Caution: This step is essential. The old key is immediately deactivated once a new key is generated. Any robots using the old key will fail to connect as intended.
Tip: Be sure to copy the robot key now. You will not have another chance to view it.
getRobotKey.bat
or getRobotKey.sh
script is dynamic enough to retrieve the updated key.Required role: Administrator
You can simplify setting up Appian RPA robots by automating the process. This process makes it quicker and easier to get agents up and running on different virtual machines, leading to a smooth, automated RPA setup ready to grow with your needs.
Before proceeding, it's essential to ensure that all pre-requisites are met and that all settings are correctly configured. In addition, you should complete the following tasks to prepare your environment.
Task | Description |
---|---|
Enable Manual Robot Key Rotation setting | Enable the Manual Robot Key Rotation setting. This setting is vital for security and control over robot keys. If you are using Appian 23.4 or earlier, this setting is called Authenticate Windows OS robots with robot keys. |
Create robots with automatic sign-in enabled | Create the robots whose installations you want to automate by selecting the appropriate options and configurations. For each robot, ensure that the automatic sign-in feature is enabled. This setting is crucial for allowing robots to authenticate and operate without manual intervention. Make sure to note down the robot key for future reference. After acquiring the robot key, store it in a secure vault, like AWS Secrets Manager. You will use a batch file to access the robot key for a designated host machine. This enables the agent and the automatic sign in service to retrieve the robot key and establish a connection with the RPA server. |
Verify network and security settings | Ensure that your network settings are configured to allow communication between the robots and the Operations Console. This may involve adjusting firewall settings or network access control lists. |
The installation process involves executing the Appian RPA installer on your Windows host machine. The installer is a zip file containing two key components: the rpa-installer.exe
, which installs both the agent and the automatic sign in service, and the rpa-installer.properties
, which contains necessary configuration settings for the installation.
Follow the steps below to ensure a smooth installation.
You'll download the installer in the Operation Console from an available robot or when you create a new one.
The installer that you downloaded in Step 1 is a zip file that contains the rpa-installer.exe
file and the rpa-installer.properties
file. These files must be placed in the same folder. It's up to you to decide which folder that is.
The way you set up the installer depends on whether you're using the same Windows user account for all your robots or different ones:
rpa-installer.exe
and the rpa-installer.properties
file, and it'll be ready to use.rpa-installer.exe
. Then, add a customized rpa-installer.properties
file for each specific user account (make sure to change the robot.userName
) into the image before you start installing. Do not make any other changes to the rpa-installer.properties
file.Ensure each user session automatically runs a single agent. The agent's executable file, linked to the robot's profile in the Operations Console, is unique to one host machine. Downloading the agent automatically invalidates earlier versions to avoid conflicts.
Example
Note: Ensure the .exe
file and the .properties
file are in the same folder before proceeding.
Carry out the following steps on the host machine where you want to install the agent. You'll need administrator privileges to complete installation since the installer includes the agent and automatic sign-in service.
/S
to the installer command; e.g., rpa-installer.exe /S
. This must be a capital /S
. The silent mode allows the installer to run without manual input, as if clicking 'Next' through the installation wizard.Robot keys encapsulate a robot's unique identity in a single credential that can be incorporated into your custom scripts. You might have a universal script that retrieves the correct robot key based on the host machine's details. Alternatively, you could have individual scripts for each robot, tailored for use on their respective host machines. The robot key should be the last line in the output of the script.
As soon as they start, both the agent and the automatic sign in service look for the robot key file named getRobotKey.bat
. Create a script that places the getRobotKey.bat
file in the same directory as the Appian RPA installation. The automatic sign-in service and the agent will automatically be able to authenticate with the robot key.
Example
It's crucial to note that since you are using the automatic sign-in service, you need to close all open sessions on the host machine, or just the particular user's session if it's operating on a Windows Server.
Security for robots consists of the following:
Action | RPA Operations Manager | Designer |
---|---|---|
Access the Operations Console and view the Robot Management page | Yes | Yes |
Create a new robot | Yes | No |
Starting from the Appian 23.4 release, newly created robots can only be secured using role maps. The security role map of a robot controls whether users can view or modify it and its properties. Unlike some other objects, Robots never inherit security.
The following table outlines the actions that can be completed for each permission level in a robot's security role map:
Robot Actions | Administrator | Editor | Viewer | Deny |
---|---|---|---|---|
Monitor executions (Also requires Viewer, Editor, or Admin permission on the robotic task) |
Yes | Yes | Yes | No |
View list of robots | Yes | Yes | Yes | No |
View robot dashboard (robot details) | Yes | Yes | Yes | No |
Edit properties | Yes | Yes | No | No |
View security | Yes | Yes | No | No |
Edit/Enable/Disable auto login | Yes | Yes | No | No |
Update security | Yes | No | No | No |
Download and install agents | Yes | No | No | No |
Download and install auto-login | Yes | No | No | No |
View live robots | Yes | No | No | No |
Enable / Disable robot | Yes | No | No | No |
Lock / Unlock robot input | Yes | No | No | No |
Restart robot | Yes | No | No | No |
Delete robot | Yes | No | No | No |
If you are using Appian 23.4 or later, you can permanently switch your robots from using permission tags to role maps. Follow these steps in the Operations Console to transition a robot to security role maps and remove permission tags.
Use one of the following methods to navigate to the robot Robot Security screen from the Robot Management screen.
Method | Example |
Select the checkbox next to the robot then click SECURITY. | |
Select the robot you want to change. Result: The Robot Detail page displays. Select Security from the action menu. |
Install Robots