CI/CD integrations user guide

Last updated Nov 12, 2025

Authentication and Scopes

All Solution commands require authentication through an External Application configured in Orchestrator. Unlike standalone project tasks, solutions do not support machine or interactive authentication methods.

Authentication requirements

Solutions commands authenticate exclusively via OAuth2 with External Apps.

You must configure an External Application in Orchestrator Admin with the appropriate scopes before running any Solution CLI commands.

Required OAuth scopes

Solutions use a dedicated set of application scopes that differ from standard Orchestrator scopes. Configure your External App with the following scopes for all Solution operations:

Copy-paste format for CI/CD secrets:

AutomationSolutions Solutions.Deployments Solutions.Deployments.Read Solutions.Deployments.Write Solutions.Packages Solutions.Packages.Read Solutions.Packages.WriteAutomationSolutions Solutions.Deployments Solutions.Deployments.Read Solutions.Deployments.Write Solutions.Packages Solutions.Packages.Read Solutions.Packages.Write

This single-line, space-separated format can be directly used in:

Azure DevOps Variable Groups
GitHub Repository Secrets
Jenkins Credentials Store

Note: The following operations do not require authentication as they run locally:

restore - Restores dependencies locally
analyze - Validates projects locally
pack - Creates packages locally

Common authentication parameters

All Solution commands that interact with Orchestrator require these parameters:

Parameter	Description	Example
`-U`	Orchestrator URL	`https://cloud.uipath.com/`
`-T`	Orchestrator tenant name	`DefaultTenant`
`-A`	Organization name	`myorg`
`-I`	External App ID	`12345678-xxxx-xxxx-xxxx-xxxxxxxxxxxx`
`-S`	External App secret	`****` (keep secure)
`--applicationScope`	Space-separated scope list	See scopes above
`--traceLevel`	Logging level	`Information`, `Verbose`, `Warning`

Setting up an External Application

To create an External Application for Solutions:

Log in to Orchestrator as an Administrator.
Navigate to Admin → External Applications.
Click Add Application.
Provide a name (e.g., CI-CD-Solutions).
Select Confidential application as the Application Type.
Add the required scopes listed above.
Copy the Application ID and Secret and store them securely in your CI/CD secret manager.

For detailed instructions on configuring external applications, see Managing external OAuth applications.

Using custom Orchestrator feeds

When using custom activity feeds from Orchestrator during restore operations, use these alternative parameters:

Standard Parameter	Custom Feed Parameter
`--applicationScope`	`--libraryOrchestratorApplicationScope`
`-T` (tenant)	`--libraryOrchestratorTenant`
`-U` (URL)	`--libraryOrchestratorUrl`
(folder)	`--libraryOrchestratorFolder`

Example:

uipcli solution restore <solution-path> \  -A myorg \  -I 12345678-xxxx-xxxx-xxxx-xxxxxxxxxxxx \  -S **** \  --libraryOrchestratorApplicationScope "OR.Folders OR.Settings.Read" \  --libraryOrchestratorTenant DefaultTenant \  --libraryOrchestratorUrl https://cloud.uipath.com/ \  --libraryOrchestratorFolder MyFolderuipcli solution restore <solution-path> \  -A myorg \  -I 12345678-xxxx-xxxx-xxxx-xxxxxxxxxxxx \  -S **** \  --libraryOrchestratorApplicationScope "OR.Folders OR.Settings.Read" \  --libraryOrchestratorTenant DefaultTenant \  --libraryOrchestratorUrl https://cloud.uipath.com/ \  --libraryOrchestratorFolder MyFolder

Security best practices

Never hardcode secrets in pipeline YAML or scripts.
Use your CI/CD platform's secret management:
- Azure DevOps: Variable Groups with Secret variables.
- GitHub Actions: Repository or Organization Secrets.
- Jenkins: Credentials Store.
Rotate External App secrets regularly.
Use separate External Apps for different environments (Dev, Test, Prod).
Apply least-privilege scopes - only grant what's needed for each pipeline.