orchestrator

latest

false

Getting started
- Introduction
- Orchestrator feature availability
- Licensing
- Robots
  - Robot Statuses
  - Robot Settings
- Auto Updating Client Components
- Time-to-live Periods
- Orchestrator outbound IP ranges
- Autopilot Chat in Orchestrator
- Notifications
Best practices
- Organization Modeling in Orchestrator
- Automation Best Practices
- Optimizing Unattended Infrastructure Using Machine Templates
- Unattended automation
- Organizing Resources With Tags
- Exporting grids in the background
  - The exported report
- Enforcing user-level Integration Service connection governance
Tenant
- About the Tenant Context
- Searching for Resources in a Tenant
- Robots
- Folders
- Monitoring
- Access control
- Configuring automation capabilities
- Machines
- Solutions
- Packages
- Audit
- Credential Stores
- Webhooks
  - Types of Events
  - Managing Webhooks
- Licensing
  - Managing Your Licenses
- Settings
Registry
- About the Registry context
- Solution deployments
- Processes
- Resources
Cloud robots
- Cloud robots overview
- Unified Pricing licensing
- Flex licensing
- Elastic Robot Orchestration
- Automation Cloud™ Robots - VM
- Automation Cloud™ Robots - Serverless
- Configuring VPN for cloud robots
- Configuring an ExpressRoute connection
- Live streaming and remote control
- My notifications
Automation Suite Robots
- About Automation Suite Robots
- Executing Unattended Automations With Automation Suite Robots
- Regenerating Client Secrets
- Frequently Asked Questions
Folders Context
- About the Folders Context
- Home
Processes
- About Processes
- Managing Processes
- Managing Package Requirements
- Recording
- Live streaming and remote control
  - Live streaming and remote control via RealVNC
    - Error scenarios
  - Live streaming and remote control via TightVNC
    - Error scenarios
Jobs
- About Jobs
- Managing Jobs
- Job States
- Working with long-running workflows
- Running Personal Remote Automations
- Process Data Retention Policy
Apps
- About Apps
- Publishing an App to a Tenant
- Managing Apps
- Running a Deployed App from a Folder
Triggers
- About triggers
- Managing triggers
- Managing Non-Working Days
- Using Cron Expressions
  - Triggering jobs on the last day of the month
Logs
- About Logs
- Managing Logs in Orchestrator
- Logging Levels
Monitoring
- About Monitoring
- Machines
- Agents
- Processes
- Queues
- Indexes
- Queues SLA
Indexes
- About indexes
- Managing indexes
Queues
- About Queues and Transactions
- Bulk uploading Queue Items using a CSV file
- Managing Queues in Orchestrator
- Managing Queues in Studio
- Managing Transactions
  - Editing Transactions
  - Field Descriptions for the Transactions .csv File
- Review Requests
Assets
- About Assets
- Managing Assets in Orchestrator
- Managing Assets in Studio
- Storing Assets in Azure Key Vault (read only)
- Storing Assets in HashiCorp Vault (read only)
- Storing Assets in AWS Secrets Manager (read only)
- Storing Assets in Google Secret Manager (read only)
Connections
- About Connections
- Managing Connections
Business Rules
- About Business Rules
  - Permissions for Business Rules
- Managing Business Rules
  - Creating a business rule
Storage Buckets
- About Storage Buckets
  - CORS/CSP Configuration
- Managing Storage Buckets
MCP Servers
- About MCP Servers
- MCP Server types
  - MCP Server shared foundation
  - MCP Server authentication
  - Getting the MCP Server URL
  - Using Orchestrator Assets in MCP Servers
- Managing MCP Servers
- MCP compliance guidelines
Orchestrator testing
- FAQ - Deprecating the testing module
  - FAQ - Migrating test artifacts to Test Manager
  - FAQ - Feature parity - Test Manager vs Orchestrator
- Test Automation
- Test Cases
  - Field Descriptions for the Test Cases Page
- Test Sets
  - Field Descriptions for the Test Sets Page
- Test Executions
  - Field Descriptions for the Test Executions Page
- Test Schedules
  - Field Descriptions for the Test Schedules Page
- Test Data Queues
- Testing Data Retention Policy
Resource Catalog Service
- About Resource Catalog Service
Integrations
- About Input and Output Arguments
  - Example of Using Input and Output Arguments
Troubleshooting
- About Troubleshooting
- Alerts troubleshooting
- General troubleshooting
- Frequently Encountered Orchestrator Errors

Orchestrator user guide

Last updated May 19, 2026

DELIVERY:

MCP Server authentication

All MCP Server types in UiPath share the same authentication model. Every HTTP request to an MCP Server must include a valid bearer token in the Authorization header. There is no session-based authentication carry-forward, even within an established MCP session.

Supported authentication methods

Four authentication methods are supported:

Interactive Login: uipath auth opens a browser, the user logs in, and a token is saved to the local environment. Best for development and local testing.
Personal Access Token (PAT): a long-lived, user-scoped token generated in the UiPath Cloud UI. Use it when a token is needed for an HTTP client without a browser flow.
External Application (Client Credentials): OAuth 2.0 client credentials for unattended or automated callers, such as CI/CD pipelines and service accounts.
MCP OAuth Flow: discovery-based OAuth handled automatically by MCP-aware IDE clients (for example, Visual Studio Code with GitHub Copilot).

For full setup details for each method, check the MCP Server authentication page.

Required permissions

Across all server types, the caller's identity must have the MCPServers.View permission in the folder containing the MCP Server in order to connect.

Additional permissions depend on what the tools actually do. For example, invoking process-based tools requires the Processes.View and Jobs.Create permissions, because Orchestrator creates a job for each call.

Constraints by server type

The authentication model is uniform, but one additional constraint applies to UiPath MCP Servers that expose Integration Service activity tools. Those tool calls require user-context tokens (Interactive Login or MCP OAuth). Personal Access Tokens and external application client credentials can connect to the server, but activity tool calls made with them time out.

On this page

Supported authentication methods
Required permissions
Constraints by server type

Was this page helpful?

PREVIOUSMCP Server shared foundation

NEXTGetting the MCP Server URL