UiPath
Configuring the Veza integration for UiPath Orchestrator
Overview
The Veza integration for UiPath connects to UiPath Automation Cloud via OAuth 2.0 to collect authorization data from your UiPath Orchestrator environment. It discovers users, robots, roles, folders, processes, assets, and queues, providing visibility into who can access what within your UiPath automation platform.
Configuring UiPath
Before adding the integration to Veza, create an External Application in UiPath Automation Cloud:
Log in to UiPath Automation Cloud at
https://cloud.uipath.com.Navigate to Admin > External Applications.
Click Add Application.
Configure the application:
Application Name: Choose a descriptive name (e.g.,
Veza Integration).Application Type: Select Confidential application.
Under Resources, add the following scope:
Orchestrator API Access:
OR.Default
Click Save.
Copy the Client ID and Client Secret.
The Client Secret is only shown once at creation time. Store it securely.
You will also need the following values from your UiPath environment:
Account Logical Name — your organization identifier (found in Admin > Organization Settings)
Tenant Name — the tenant to connect to
Configuring UiPath on the Veza platform
To enable Veza to gather data from UiPath, complete the following steps:
In Veza, open the Integrations page.
In the main pane, click Add Integration. Pick UiPath as the integration to add.
Complete the required fields:
Client ID: OAuth Client ID from the UiPath External Application.
Client Secret: OAuth Client Secret from the UiPath External Application.
Account Logical Name: UiPath Account Logical Name (organization identifier).
Tenant Name: UiPath Tenant Name to connect to.
Cloud Region (optional): UiPath Cloud region base URL (default:
cloud.uipath.com).
Click Save to enable the integration.
Notes and supported entities
Folders: The integration supports UiPath modern folder architecture only.
Rate limiting: The integration respects UiPath API rate limits (approximately 60 requests per minute) with automatic retry and backoff on 429 responses.
Partial failure handling: If resource gathering fails for some folders, the integration continues with the remaining folders and logs the failures. Users and roles are required — if those fail, the entire extraction fails.
Strict API mode fallback: Some UiPath tenants enable Strict API mode, which blocks
$expandparameters. The integration automatically detects this and falls back to an alternative endpoint for gathering folder-role assignments.Process filtering: Only the latest version of each process is collected to avoid duplicates across versions.
Discovered entities
Identity entities
UiPath object
Veza entity type
Description
User
Local User
Human users and service accounts
Robot
Local User
Automation workers (also represented as resources)
Folder
Local Group
Organizational units for scoping access
Role
Local Role
Permission bundles assigned to users per folder
Resource entities
UiPath object
Veza entity type
Description
Folder
Folder
Organizational container for resources
Robot
Robot
Attended, Unattended, or Studio automation worker
Process
Process
Automation workflow package
Asset
Asset
Credential or configuration value
Queue
Queue
Work item queue for transaction processing
Key attributes
User
Property
Type
Description
full_name
String
User's display name
user_type
String
User type (User, Robot, DirectoryUser, DirectoryGroup)
is_active
Boolean
Whether the user account is active
Folder
Property
Type
Description
fully_qualified_name
String
Full hierarchical path of the folder
description
String
Folder description
parent_folder_id
String
ID of the parent folder (empty for root folders)
Robot
Property
Type
Description
machine_name
String
Name of the host machine
robot_type
String
Robot type (Attended, Unattended, Studio)
username
String
Machine username for the robot
Robots are represented in two ways in the Veza access graph:
As identities (Local Users): Robots can have folder-scoped role assignments, similar to human users. In modern UiPath folders, each robot is backed by a user account, and the integration captures those role assignments.
As resources: Robots are also modeled as resources that other users can manage via permissions like
Robots.View,Robots.Edit, andRobots.Delete.
Process
Property
Type
Description
version
String
Package version
is_latest_version
Boolean
Whether this is the latest version
description
String
Process description
folder_id
String
ID of the containing folder
folder_name
String
Name of the containing folder
Asset
Property
Type
Description
value_type
String
Asset type (Text, Bool, Integer, Credential)
value_scope
String
Scope (Global for Modern folders)
folder_id
String
ID of the containing folder
folder_name
String
Name of the containing folder
Queue
Property
Type
Description
description
String
Queue description
max_number_of_retries
Number
Maximum retry attempts for failed queue items
folder_id
String
ID of the containing folder
folder_name
String
Name of the containing folder
Authorization model
UiPath uses a folder-based access control model. Users are assigned roles within specific folders, and those roles grant permissions over the resources contained in that folder.
For example, a user might have the Automation User role in the Production folder, granting them Robots.View and Processes.View permissions over the robots and processes in that folder.
Permissions
Permission
Veza permission types
Description
Robots.View
DataRead
View robots
Robots.Edit
DataRead, DataWrite
Edit robot properties
Robots.Create
DataWrite
Create new robots
Robots.Delete
DataDelete
Delete robots
Assets.View
MetadataRead
View assets
Assets.Edit
MetadataRead, MetadataWrite
Edit asset properties
Processes.View
DataRead
View processes
Queues.View
DataRead
View queues
Queues.Edit
DataRead, DataWrite
Edit queue properties
Folders.View
MetadataRead
View folders
Administrator
DataRead, DataWrite, DataCreate, DataDelete, MetadataRead, MetadataWrite, MetadataCreate, MetadataDelete
Full administrative access
Last updated
Was this helpful?