No ratings

How To: Integrate K2 with UiPath Automation Cloud

 

How To: Integrate K2 and UiPath Cloud

 

Discover the options available for integration between K2 and UiPath Automation Cloud. The integration allows for both inbound and outbound communication that lets you make calls from K2 (via SmartObjects) to start processes in UiPath and make calls from UiPath to interact with K2 forms and workflows.

Table of Contents

 

 

The screenshots and instructions for third-party software are accurate at the time of publication. Third-party vendors may have changed or updated aspects of their systems (such as user interfaces, functionality, and security). As a result, this content may be outdated.

Requirements and Prerequisites

Requirements include:

  • K2 Cloud,
    or
    K2 Five (5.2) or later with TLS 1.2 enabled. For more information about TLS 1.2, see K2 and TLS 1.2 Support.
  • UiPath Automation Cloud API Swagger definition.
  • UiPath Orchestrator Cloud tenant.

Prerequisites include:

  • K2 Administrator privileges to configure a new service instance and OAuth resource.
  • A familiarity with UiPath Orchestrator and Studio.
  • Dedicated Orchestrator account for use with K2. 

In addition to the above requirements, you must have a basic understanding of REST-based web services, OAuth, and Swagger (OpenAPI).

This article is only for the UiPath Cloud platform, it does not cover UiPath on-premises. For info on UiPath on-premises, see the article How To: Integrate K2 and UiPath.

Setting up Nintex K2 to handle UiPath's API Requirements

You can set up User authorization and Client Credential authorization with Nintex K2 out-of-the-box for UiPath Cloud. The Client Credential auth requires that you use the Nintex K2 Client Credential extension. UiPath Cloud allows you to create either Confidential or Non-confidential external applications. Confidential apps provide you with a client secret that Nintex K2 can store securely. Therefore Nintex K2 only integrates with confidential external apps, using OAuth tokens for authentication and SmartObjects for interaction. Nintex K2 does not cater for non-confidential UiPath apps.

On the Nintex K2 side, you can set up a User auth type integration for specific UiPath users. These users need to sign in with their credentials to use the SmartObjects to interact with UiPath. Or you can set up the Client Credential auth type integration where anyone using the generated Nintex K2 SmartObjects has access to UiPath without needing permissions to UiPath itself.

When you create a UiPath OAuth resource type in Nintex K2, you need to use specific parameters which the UiPath API requires. The details are in the steps below.

 

Step 1: In UiPath, register an external application

Register an external application in UiPath to delegate authorization to Nintex K2 using the OAuth framework.

See the UiPath documentation for how to do this.

When you register the external application in UiPath, configure the following:

  • Select the Confidential application type.
  • Select the Orchestrator API Access resource.
  • If planning on creating an OAuth resource for both User auth and Client Credentials, set the User Scope and Application Scope of the Orchestrator API Access resource to whichever scopes you need to access from K2. For example: OR.Folders OR.Users
    Otherwise set only User Scope for user auth or Application Scope for Client Credential auth.
  • Set the Redirect URI to: HTTPS://{your K2 server}/identity/token/oauth/2

For the K2 configuration, you need the following information from your application in UiPath:

  • App ID (also called the client ID in K2)
  • App secret (also called the client secret in K2. The app secret is only shown once, in a pop-up dialog, when you register the app. If you don't note it down you will have to edit your app and generate a new one, then update your OAuth resource in Nintex K2.)
  • App scopes (OR.Folders OR.Users)

 

Step 2: Create an OAuth Resource Type in K2

Use this step to add a new OAuth resource type. You can create either a Client Credentials OAuth resource, or a User auth resource type.

You need the following information when setting up the OAuth resource in K2:

 

Create a Client Credentials OAuth resource

Use this for the Client Credentials grant type, the request is for application scope.

  1. Open K2 Management and navigate to Authentication > OAuth > Resource Types.
  2. Click New.
  3. Specify the following information for the new resource type:
    • Name: UiPathClient
      (Note: this can be anything but should identify the resource as UiPath client credentials)
    • Description: A resource type for UIPath using client credential auth.
    • Extension: SourceCode.Security.OAuth.Extensions.ClientCredentials
      (Note: this value is case-sensitive)
    • Refresh Token Expiration: 0
    • Expiration Warning Days: 0
    • Invalid Message Delay Minutes: 0
    • Usage: Authorization

Your new resource type looks similar to the following:

OAuthResCliCred.png

  1. Click OK to save your changes and note the new type on the Resource Types list

 

Create a User OAuth resource

Use this for the Authorization Code grant type, the request is for user scope.

  1. Open K2 Management and navigate to Authentication > OAuth > Resource Types.
  2. Click New.
  3. Specify the following information for the new resource type:
    • Name: UiPathUser
      (Note: this can be anything but should identify the resource as UiPath user auth)
    • Description: A resource type for UIPath using user auth.
    • Leave the Extension field empty
    • Refresh Token Expiration: 0
    • Expiration Warning Days: 0
    • Invalid Message Delay Minutes: 0
    • Usage: Authorization

Your new resource type looks similar to the following:

OAuthResUser.png

 

Step 3: Add Resource Type Parameters

You need to add parameters to the UiPath resource type. These parameters are specific to and required by UiPath.

 

Resource type parameters for Client Credentials UiPath resource

  1. Select the UiPathClient resource type to open the Resource Type Parameters section.
  2. Click New from the toolbar and add the following parameters:
    • client_secret
    • grant_type
    • client_id
    • scope

For each parameter check the Token Request option.

For only the grant_type parameter, enter client_credentials in the Token Default Value field.

Then click OK.

OAuthParamClient.png

Your parameters look like the following:

OAuthParamClient2.png

 

Resource type parameters for User UiPath resource

  1. Select the UiPathUser resource type to open the Resource Type Parameters section.
  2. Click New from the toolbar and add the following parameters with the relevant checkboxes checked:

    client_id
    UIAuth-clientIDResP.png

    client_secret
    UIAuth-clientSecretResP1.png

    grant_type
    UIAuth-GrantResP.png

    redirect_uri
    UIAuth-RedirectResP.png

    response_type
    UIAuth-ScopeResP.png

    scope
    UIAuth-ScopeResP.png

Your parameters look like the following:
UIPathUser-ResParam1.png

 

Step 4: Create and Configure an OAuth Resource

OAuth resources are instances of an OAuth resource type, and contain configuration values to provide authorization tokens for a system. For example, if you have two UiPath tenancies, you'd create two OAuth resources based on the type you created in step 2.

 

OAuth Resource for Client Credentials UiPath resource

  1. In K2 Management navigate to Authentication > OAuth > Resources and click New under the Resources section at the top of the right-hand pane.
  2. Give the resource a name, such as UiPath-ClientCreds, select UiPathClient (from step 2) as the type, and specify the OAuth token endpoint for UiPath Cloud: https://cloud.uipath.com/identity_/connect/token
    OAResClient1.png
  1. Click OK.
  2. Select the new resource and configure its parameters by selecting one and clicking Edit.
  3. Specify a Token Value for each of the parameters, client_id, client_secret, grant_type, and scope. The token values are those that you noted when creating the external app in UiPath.
    K2 Parameter Name UiPath app equivalent Example
    client_id App ID 2906d779-xxxx-xxxx-xxxx-c444f67922e5
    client_secret App secret Ds9LXxxxxx4L1F0q
    grant_type client_credentials client_credentials
    scope App scopes OR.Folders OR.Users
    Note: the grant_type value is always client_credentials for the client credentials UiPath resource.

Your page looks similar to the following and K2 is configured to communicate with UiPath Cloud using client credentials.

OAClientRes.png

 

OAuth Resource for User UiPath resource

  1. In K2 Management navigate to Authentication > OAuth > Resources and click New under the Resources section at the top of the right-hand pane.
  2. Give the resource a name, such as UiPath-User, select UiPathUser (from step 2) as the type, and specify the OAuth authorization and token endpoints for UiPath Cloud:
    Authorization Endpointhttps://cloud.uipath.com/identity_/connect/authorize
    Token Endpoint: https://cloud.uipath.com/identity_/connect/token

    OAResUser.png
  1. Click OK.
  2. Select the new resource and configure its parameters by selecting one and clicking Edit.
  3. Specify AuthorizationToken Value, and Refresh values for each of the parameters using the table and image below as guidance. The values are those that you noted when creating the external app in UiPath.
    K2 Parameter Name UiPath app equivalent Example
    client_id App ID 2906d779-xxxx-xxxx-xxxx-c444f67922e5
    client_secret App secret Ds9LXxxxxx4L1F0q
    scope App scopes OR.Folders OR.Users offline_access

You must add a space and offline_access after your scopes for the refresh token to work. Your page should look similar to the following:

OAUserRes2.png
Nintex K2 is now configured to communicate with UiPath Cloud.

 

For more information on using Nintex K2's UiPath integration, see the UiPath on-premises article.

 

 

Labels: (3)
Version history
Last update:
‎03-15-2022 07:35 AM
Updated by:
Contributors