# UiPath ### Overview The Veza integration for UiPath connects to UiPath Automation Cloud via OAuth 2.0 to collect authorization data from your UiPath Orchestrator environment. It discovers users, robots, roles, folders, processes, assets, and queues, providing visibility into who can access what within your UiPath automation platform. ### Configuring UiPath Before adding the integration to Veza, create an External Application in UiPath Automation Cloud: 1. Log in to **UiPath Automation Cloud** at `https://cloud.uipath.com`. 2. Navigate to **Admin > External Applications**. 3. Click **Add Application**. 4. Configure the application: * **Application Name**: Choose a descriptive name (e.g., `Veza Integration`). * **Application Type**: Select **Confidential application**. 5. Under **Resources**, add the following scope: * **Orchestrator API Access**: `OR.Default` 6. Click **Save**. 7. Copy the **Client ID** and **Client Secret**. {% hint style="info" %} The Client Secret is only shown once at creation time. Store it securely. {% endhint %} You will also need the following values from your UiPath environment: * **Account Logical Name** — your organization identifier (found in **Admin > Organization Settings**) * **Tenant Name** — the tenant to connect to ### Configuring UiPath on the Veza platform To enable Veza to gather data from UiPath, complete the following steps: 1. In Veza, open the **Integrations** page. 2. In the main pane, click **Add Integration**. Pick **UiPath** as the integration to add. 3. Complete the required fields: 1. **Client ID**: OAuth Client ID from the UiPath External Application. 2. **Client Secret**: OAuth Client Secret from the UiPath External Application. 3. **Account Logical Name**: UiPath Account Logical Name (organization identifier). 4. **Tenant Name**: UiPath Tenant Name to connect to. 5. **Cloud Region** *(optional)*: UiPath Cloud region base URL (default: `cloud.uipath.com`). 4. Click **Save** to enable the integration. ### Notes and supported entities * **Folders**: The integration supports UiPath modern folder architecture only. * **Rate limiting:** The integration respects UiPath API rate limits (approximately 60 requests per minute) with automatic retry and backoff on 429 responses. * **Partial failure handling:** If resource gathering fails for some folders, the integration continues with the remaining folders and logs the failures. Users and roles are required — if those fail, the entire extraction fails. * **Strict API mode fallback:** Some UiPath tenants enable Strict API mode, which blocks `$expand` parameters. The integration automatically detects this and falls back to an alternative endpoint for gathering folder-role assignments. * **Process filtering:** Only the latest version of each process is collected to avoid duplicates across versions. #### Discovered entities **Identity entities** | **UiPath object** | **Veza entity type** | **Description** | | ----------------- | -------------------- | -------------------------------------------------- | | User | Local User | Human users and service accounts | | Robot | Local User | Automation workers (also represented as resources) | | Folder | Local Group | Organizational units for scoping access | | Role | Local Role | Permission bundles assigned to users per folder | **Resource entities** | **UiPath object** | **Veza entity type** | **Description** | | ----------------- | -------------------- | ------------------------------------------------- | | Folder | Folder | Organizational container for resources | | Robot | Robot | Attended, Unattended, or Studio automation worker | | Process | Process | Automation workflow package | | Asset | Asset | Credential or configuration value | | Queue | Queue | Work item queue for transaction processing | #### Key attributes **User** | **Property** | **Type** | **Description** | | ------------ | -------- | ------------------------------------------------------ | | `full_name` | String | User's display name | | `user_type` | String | User type (User, Robot, DirectoryUser, DirectoryGroup) | | `is_active` | Boolean | Whether the user account is active | **Folder** | **Property** | **Type** | **Description** | | ---------------------- | -------- | ------------------------------------------------ | | `fully_qualified_name` | String | Full hierarchical path of the folder | | `description` | String | Folder description | | `parent_folder_id` | String | ID of the parent folder (empty for root folders) | **Robot** | **Property** | **Type** | **Description** | | -------------- | -------- | ----------------------------------------- | | `machine_name` | String | Name of the host machine | | `robot_type` | String | Robot type (Attended, Unattended, Studio) | | `username` | String | Machine username for the robot | Robots are represented in two ways in the Veza access graph: 1. **As identities (Local Users):** Robots can have folder-scoped role assignments, similar to human users. In modern UiPath folders, each robot is backed by a user account, and the integration captures those role assignments. 2. **As resources:** Robots are also modeled as resources that other users can manage via permissions like `Robots.View`, `Robots.Edit`, and `Robots.Delete`. **Process** | **Property** | **Type** | **Description** | | ------------------- | -------- | ---------------------------------- | | `version` | String | Package version | | `is_latest_version` | Boolean | Whether this is the latest version | | `description` | String | Process description | | `folder_id` | String | ID of the containing folder | | `folder_name` | String | Name of the containing folder | **Asset** | **Property** | **Type** | **Description** | | ------------- | -------- | -------------------------------------------- | | `value_type` | String | Asset type (Text, Bool, Integer, Credential) | | `value_scope` | String | Scope (Global for Modern folders) | | `folder_id` | String | ID of the containing folder | | `folder_name` | String | Name of the containing folder | **Queue** | **Property** | **Type** | **Description** | | ----------------------- | -------- | --------------------------------------------- | | `description` | String | Queue description | | `max_number_of_retries` | Number | Maximum retry attempts for failed queue items | | `folder_id` | String | ID of the containing folder | | `folder_name` | String | Name of the containing folder | #### Authorization model UiPath uses a folder-based access control model. Users are assigned **roles** within specific **folders**, and those roles grant permissions over the resources contained in that folder. For example, a user might have the `Automation User` role in the `Production` folder, granting them `Robots.View` and `Processes.View` permissions over the robots and processes in that folder. **Permissions** | **Permission** | **Veza permission types** | **Description** | | ---------------- | -------------------------------------------------------------------------------------------------------- | -------------------------- | | `Robots.View` | DataRead | View robots | | `Robots.Edit` | DataRead, DataWrite | Edit robot properties | | `Robots.Create` | DataWrite | Create new robots | | `Robots.Delete` | DataDelete | Delete robots | | `Assets.View` | MetadataRead | View assets | | `Assets.Edit` | MetadataRead, MetadataWrite | Edit asset properties | | `Processes.View` | DataRead | View processes | | `Queues.View` | DataRead | View queues | | `Queues.Edit` | DataRead, DataWrite | Edit queue properties | | `Folders.View` | MetadataRead | View folders | | `Administrator` | DataRead, DataWrite, DataCreate, DataDelete, MetadataRead, MetadataWrite, MetadataCreate, MetadataDelete | Full administrative access | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/uipath.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.