Assisted Sign-On

After enabling Assisted Sign-On to log in users automatically, the system displays the Enter Credentials window if it cannot find credentials for the application. You can also display the window on demand through an automation.

For each listed application, enter the appropriate user name and password. You can click the application to move to that application. When finished, click OK.

If you enter invalid credentials or if the stored credentials have expired and require updating, you receive a notification and are asked to resubmit your credentials.

When storing credentials locally, Pega Robotic Automation™ uses the Data Protection Application Programming Interface (DPAPI) to encrypt the application credentials. DPAPI encrypts data using a private key derived from the Windows identity of the user. Only the same Windows user can decrypt the data. Credentials are stored locally on the machine in an encrypted file with the file name ASO.db, which is located under the user application data roaming directory by default. DPAPI storage can be used by both attended and unattended robotic implementations.

Assisted Sign-On DPAPI storage persists the following strings:

• Application Name
• Username
• Domain

As an alternative to local storage of credentials, you can use a remote, external credential provider for an unattended automation to retrieve credential information. Using an external credential provider offers the following advantages over DPAPI:

• A single location to add and update credentials for all robots
• Secured and audited access to credentials
• Integrated with the client’s security infrastructure

Pega Robotic Automation currently supports the following external credential providers:

• CyberArk Application Access Manager
• BeyondTrust Password Safe
• Custom client integration using the Pega Robotic Automation open interface

To learn more about external credential providers, see the Pega Community articles BeyondTrust support in Pega Robotic Automation and CyberArk support in Pega Robotic Automation.

Pega Robot Studio provides you with the ability to access, check, or update ASO information for applications configured to use ASO. The ASO automation methods allow you to securely access application credentials that may then be used to log in to an application automatically. Additional methods exist to manage which applications store ASO credentials, retrieve and set individual credentials, and automatically perform log-in actions. These methods are available through the Toolbox.

Suppose an application shuts down for an unexpected error. The developer may need to utilize the methods when automating the restarting of the application.

ASO methods are limited depending on the credential store in use for the project. Projects that use DPAPI local credential storage have access to the full range of methods available in Pega Robot Studio. Projects that use an external credential store, such as CyberArk or BeyondTrust, have read-only access to credentials using the ASO methods. Only Get methods, such as GetCredentials or GetDomain, may be used with an external credential store.

Check your knowledge with the following interaction.