Managing federated identity credentials
As an organization administrator, you can register, view, update, and delete federated credentials for an OAuth external application.
Prerequisites
- You are an organization administrator.
- The OAuth external application is already registered. To register one, see Managing external OAuth applications.
Register a federated credential
To add a federated credential to an existing OAuth external application, use the Create a federated credential API.
Each application supports a maximum of 20 federated credentials.
View existing credentials
To retrieve the federated credentials registered for an application, use the List federated credentials API.
Update a federated credential
To update a federated credential, use the Update a federated credential API.
Delete a federated credential
Deletion is permanent. After deletion, the credential can no longer be used to acquire new access tokens. Access tokens already issued before deletion remain valid until they expire.
To delete a federated credential, use the Delete a federated credential API.
Obtain an access token using a federated credential
After registering a federated credential, an application obtains a UiPath access token by presenting a JWT from the configured identity provider as a client_assertion.
Replace {accessURL} with the base URL for your cloud platform:
| Cloud platform | Access URL |
|---|---|
| Automation Cloud | https://cloud.uipath.com |
| Test Cloud Public Sector | https://govcloud.uipath.us |
| Automation Cloud Dedicated | https://{customURL}.dedicated.uipath.com |
curl --location '{accessURL}/identity_/connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id={CLIENT_ID}' \
--data-urlencode 'client_assertion={JWT_TOKEN}' \
--data-urlencode 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer'
| Parameter | Description |
|---|---|
grant_type | Must be client_credentials. |
client_id | The client ID of the registered OAuth external application. |
client_assertion | The JWT issued by your external identity provider. |
client_assertion_type | Must be urn:ietf:params:oauth:client-assertion-type:jwt-bearer. |
On success, the endpoint returns a UiPath access token you can use to call UiPath APIs.
For the full API reference for managing federated credentials programmatically, see External client — Federated credentials API.