UiPath On-Premise Integration
Connect a self-hosted UiPath Orchestrator: client credentials, TLS configuration, and folder scoping
UiPath On-Premise Integration
Connect a self-hosted UiPath Orchestrator to RPA Watch using client credentials authentication.
Prerequisites
- A self-hosted UiPath Orchestrator instance accessible from RPA Watch
- Client credentials configured on the Orchestrator (Client ID and Client Secret)
- Network access from RPA Watch to your Orchestrator URL
- Account Admin or Tenant Admin role in RPA Watch
Setting Up Client Credentials on UiPath Orchestrator
1. Log in to your UiPath Orchestrator as an administrator
2. Navigate to Tenant → API Access (or Identity Server settings)
3. Register a new confidential client application
4. Note the Client ID and Client Secret
5. Assign the appropriate roles/permissions for reading processes, jobs, robots, and folders
Configuration in RPA Watch
1. Navigate to Account Settings from the sidebar
2. Select UiPath as your RPA tool
3. Fill in the configuration:
| Field | Description | Example |
|---|---|---|
| Your Orchestrator URL | ||
| OAuth client ID | ||
| OAuth client secret | ||
| Optional — comma-separated | ||
4. Leave Organization Name and Tenant Name empty (not used for on-prem)
5. Leave User Key empty
6. Click Save
7. Click Test Connection to verify
> Note: RPA Watch auto-detects on-premise mode when the base URL is not cloud.uipath.com.
TLS / SSL Considerations
If your Orchestrator uses a self-signed certificate or a private CA:
- The RPA Watch server must trust the certificate authority
- For Docker deployments: mount the CA certificate into the container's trust store
- For Kubernetes: add the CA cert to the pod's trusted certificates
RPA Watch validates TLS certificates by default. If the certificate is not trusted, the connection will fail.
Authentication Flow
For on-premise Orchestrator, RPA Watch uses:
1. POST {baseUrl}/identity/connect/token with client_credentials grant
2. Token is cached and refreshed automatically (5-minute buffer before expiry)
3. All subsequent API calls use the Bearer token
What Gets Synced
The sync behavior is identical to the cloud integration:
- Processes/Releases — from all or specified folders
- Robots — machines and robot definitions
- Jobs — mapped to jobs with status conversion
- Schedules — cron-based process schedules
See [UiPath Cloud Integration](/docs/uipath-cloud-integration) for detailed status mapping and sync behavior.
Folder Scoping
If your Orchestrator has many folders and you only want to monitor specific ones:
1. Click Fetch Folders in the account settings to see available folders
2. Enter the desired folder IDs in the Folder IDs field, comma-separated
3. Only processes, jobs, robots, and schedules within those folders will be synced
Troubleshooting
| Issue | Solution |
|---|---|
| Connection refused | Ensure RPA Watch can reach your Orchestrator URL. Check firewalls and network rules. |
| TLS certificate error | Your Orchestrator's SSL certificate may not be trusted. Add the CA cert to the trust store. |
| Authentication fails | Verify client credentials. Ensure the client has the correct permissions on the Orchestrator. |
| Token endpoint not found | Confirm the Orchestrator version supports Identity Server at /identity/connect/token. |
| Empty sync results | Check folder IDs. If no folders are specified, the client must have access to at least one folder. |