How To: Integrate K2 and UiPath Cloud
KB003681
DOWNLOADS
Discover the options available for integration between K2 and UiPath Automation Cloud. The integration allows for both inbound and outbound communication that lets you make calls from K2 (via SmartObjects) to start processes in UiPath and make calls from UiPath to interact with K2 forms and workflows.
Table of Contents
- Requirements and Prerequisites
- Setting up K2 to handle UiPath's API Requirements
- Step 1: In UiPath, register an external application
- Step 2: Create an OAuth Resource Type in K2
- Step 3: Add Resource Type Parameters
- Step 4: Create and Configure an OAuth Resource
Requirements and Prerequisites
Requirements include:
- K2 Cloud,
or
K2 Five (5.2) or later with TLS 1.2 enabled. For more information about TLS 1.2, see K2 and TLS 1.2 Support. - UiPath Automation Cloud API Swagger definition.
- UiPath Orchestrator Cloud tenant.
Prerequisites include:
- K2 Administrator privileges to configure a new service instance and OAuth resource.
- A familiarity with UiPath Orchestrator and Studio.
- Dedicated Orchestrator account for use with K2.
In addition to the above requirements, you must have a basic understanding of REST-based web services, OAuth, and Swagger (OpenAPI).
This article is only for the UiPath Cloud platform, it does not cover UiPath on-premises. For info on UiPath on-premises, see the article How To: Integrate K2 and UiPath.
Setting up Nintex K2 to handle UiPath's API Requirements
You can set up User authorization and Client Credential authorization with Nintex K2 out-of-the-box for UiPath Cloud. The Client Credential auth requires that you use the Nintex K2 Client Credential extension. UiPath Cloud allows you to create either Confidential or Non-confidential external applications. Confidential apps provide you with a client secret that Nintex K2 can store securely. Therefore Nintex K2 only integrates with confidential external apps, using OAuth tokens for authentication and SmartObjects for interaction. Nintex K2 does not cater for non-confidential UiPath apps.
On the Nintex K2 side, you can set up a User auth type integration for specific UiPath users. These users need to sign in with their credentials to use the SmartObjects to interact with UiPath. Or you can set up the Client Credential auth type integration where anyone using the generated Nintex K2 SmartObjects has access to UiPath without needing permissions to UiPath itself.
When you create a UiPath OAuth resource type in Nintex K2, you need to use specific parameters which the UiPath API requires. The details are in the steps below.
Step 1: In UiPath, register an external application
Register an external application in UiPath to delegate authorization to Nintex K2 using the OAuth framework.
See the UiPath documentation for how to do this.
When you register the external application in UiPath, configure the following:
- Select the Confidential application type.
- Select the Orchestrator API Access resource.
- If planning on creating an OAuth resource for both User auth and Client Credentials, set the User Scope and Application Scope of the Orchestrator API Access resource to whichever scopes you need to access from K2. For example: OR.Folders OR.Users
Otherwise set only User Scope for user auth or Application Scope for Client Credential auth. - Set the Redirect URI to: HTTPS://{your K2 server}/identity/token/oauth/2
For the K2 configuration, you need the following information from your application in UiPath:
- App ID (also called the client ID in K2)
- App secret (also called the client secret in K2. The app secret is only shown once, in a pop-up dialog, when you register the app. If you don't note it down you will have to edit your app and generate a new one, then update your OAuth resource in Nintex K2.)
- App scopes (OR.Folders OR.Users)
Step 2: Create an OAuth Resource Type in K2
Use this step to add a new OAuth resource type. You can create either a Client Credentials OAuth resource, or a User auth resource type.
You need the following information when setting up the OAuth resource in K2:
- The Authorization Endpoint: https://cloud.uipath.com/identity_/connect/authorize
- The Token Endpoint: https://cloud.uipath.com/identity_/connect/token
- The UiPath Swagger descriptor URL: https://cloud.uipath.com/{your organization}/{your tenant}/orchestrator_/swagger/{version}/swagger.json
- Specific property names for the OAuth resource, which you'll see in the steps below.
Create a Client Credentials OAuth resource
Use this for the Client Credentials grant type, the request is for application scope.
- Open K2 Management and navigate to Authentication > OAuth > Resource Types.
- Click New.
- Specify the following information for the new resource type:
- Name: UiPathClient
(Note: this can be anything but should identify the resource as UiPath client credentials) - Description: A resource type for UIPath using client credential auth.
- Extension: SourceCode.Security.OAuth.Extensions.ClientCredentials
(Note: this value is case-sensitive) - Refresh Token Expiration: 0
- Expiration Warning Days: 0
- Invalid Message Delay Minutes: 0
- Usage: Authorization
- Name: UiPathClient
Your new resource type looks similar to the following:
- Click OK to save your changes and note the new type on the Resource Types list
Create a User OAuth resource
Use this for the Authorization Code grant type, the request is for user scope.
- Open K2 Management and navigate to Authentication > OAuth > Resource Types.
- Click New.
- Specify the following information for the new resource type:
- Name: UiPathUser
(Note: this can be anything but should identify the resource as UiPath user auth) - Description: A resource type for UIPath using user auth.
- Leave the Extension field empty
- Refresh Token Expiration: 0
- Expiration Warning Days: 0
- Invalid Message Delay Minutes: 0
- Usage: Authorization
- Name: UiPathUser
Your new resource type looks similar to the following:
Step 3: Add Resource Type Parameters
You need to add parameters to the UiPath resource type. These parameters are specific to and required by UiPath.
- Resource type parameters for Client Credentials UiPath resource
- Resource type parameters for User UiPath resource
Resource type parameters for Client Credentials UiPath resource
- Select the UiPathClient resource type to open the Resource Type Parameters section.
- Click New from the toolbar and add the following parameters:
- client_secret
- grant_type
- client_id
- scope
For each parameter check the Token Request option.
For only the grant_type parameter, enter client_credentials in the Token Default Value field.
Then click OK.
Your parameters look like the following:
Resource type parameters for User UiPath resource
- Select the UiPathUser resource type to open the Resource Type Parameters section.
- Click New from the toolbar and add the following parameters with the relevant checkboxes checked:
client_id
client_secret
grant_type
redirect_uri
response_type
scope
Your parameters look like the following:
Step 4: Create and Configure an OAuth Resource
OAuth resources are instances of an OAuth resource type, and contain configuration values to provide authorization tokens for a system. For example, if you have two UiPath tenancies, you'd create two OAuth resources based on the type you created in step 2.
OAuth Resource for Client Credentials UiPath resource
- In K2 Management navigate to Authentication > OAuth > Resources and click New under the Resources section at the top of the right-hand pane.
- Give the resource a name, such as UiPath-ClientCreds, select UiPathClient (from step 2) as the type, and specify the OAuth token endpoint for UiPath Cloud: https://cloud.uipath.com/identity_/connect/token
- Click OK.
- Select the new resource and configure its parameters by selecting one and clicking Edit.
- Specify a Token Value for each of the parameters, client_id, client_secret, grant_type, and scope. The token values are those that you noted when creating the external app in UiPath.
Note: the grant_type value is always client_credentials for the client credentials UiPath resource.K2 Parameter Name UiPath app equivalent Example client_id App ID 2906d779-xxxx-xxxx-xxxx-c444f67922e5 client_secret App secret Ds9LXxxxxx4L1F0q grant_type client_credentials client_credentials scope App scopes OR.Folders OR.Users
Your page looks similar to the following and K2 is configured to communicate with UiPath Cloud using client credentials.
OAuth Resource for User UiPath resource
- In K2 Management navigate to Authentication > OAuth > Resources and click New under the Resources section at the top of the right-hand pane.
- Give the resource a name, such as UiPath-User, select UiPathUser (from step 2) as the type, and specify the OAuth authorization and token endpoints for UiPath Cloud:
Authorization Endpoint: https://cloud.uipath.com/identity_/connect/authorize
Token Endpoint: https://cloud.uipath.com/identity_/connect/token
- Click OK.
- Select the new resource and configure its parameters by selecting one and clicking Edit.
- Specify Authorization, Token Value, and Refresh values for each of the parameters using the table and image below as guidance. The values are those that you noted when creating the external app in UiPath.
K2 Parameter Name UiPath app equivalent Example client_id App ID 2906d779-xxxx-xxxx-xxxx-c444f67922e5 client_secret App secret Ds9LXxxxxx4L1F0q scope App scopes OR.Folders OR.Users offline_access
You must add a space and offline_access after your scopes for the refresh token to work. Your page should look similar to the following:
Nintex K2 is now configured to communicate with UiPath Cloud.
For more information on using Nintex K2's UiPath integration, see the UiPath on-premises article.