test-cloud

false

Getting started with Test Cloud
Managing Test Cloud organizations
- Overview
Working with Test Cloud
- Best practices
  - Application testing

Test Cloud user guide

DELIVERY:

Last updated Nov 11, 2025

Overview

This section gives an introduction to managing Test Cloud for Automation Suite organizations in the UiPath® ecosystem. This overview covers the basic aspects of Test Cloud for Automation Suite organizations, such as their creation, operation, and various features.

For more detailed information on the platform capabilities of Test Cloud for Automation Suite, visit the Automation Suite Admin guide.

Organizations

In Test Cloud for Automation Suite, an organization represents the highest level in the hierarchy after the host. Each organization is isolated from others and manages its own tenants, users, licenses, and services.

Hierarchy overview

At the top of the hierarchy sits the host level, which is accessible only to system administrators.

Host administrators manage global settings, such as authentication, email, and Orchestrator host configurations, that apply to all organizations.

Each organization inherits these global configurations by default, though some settings can be overridden at the organization level.

Organization administration

An organization is managed by an organization administrator, who has full privileges within that organization only. Organization administrators can:

Manage user accounts, authentication, and email settings specific to their organization.
Configure licenses distributed from the host level.
Access all functional areas in the Admin section of the organization portal.

To access the organization portal:

Go to https://<AutomationSuiteURL>/.
On the login page, enter the organization name and your administrator credentials.
Select Log In to open the organization’s Admin area.

Creating and deleting organizations

Only system administrators at the host level can create or delete organizations.

Create organizations: When creating an organization, the system administrator defines its name (which also determines its unique URL) and sets up the first organization administrator account.
Delete organizations: Deleting an organization removes all its data and returns any allocated licenses to the host license pool.

Separation between organizations and tenants

Organizations are completely isolated from each other: they have distinct URLs, license pools, user directories, and roles. Tenants exist within organizations and allow finer separation of services and data, such as provisioning different UiPath services or maintaining separate license allocations within the same organization.

For more information on Host administration and organizations, refer to About the host level and About organizations.

Authentication and security

Test Cloud for Automation Suite inherits the same authentication and security framework as Automation Suite, providing flexible, enterprise-grade controls for managing access, identity, and data protection.

Authentication options

Administrators can configure one or more authentication methods at the organization level, ensuring consistent and secure access for all users:

Basic authentication: Allows users to sign in with a username and password for a local account. This method can be restricted so that only directory-based authentication (through an external identity provider) is permitted.
Microsoft Entra ID integration: Enables Single Sign-On (SSO) using OpenID Connect and synchronization with Microsoft Entra ID users and groups, allowing gradual rollout without service disruption.
SAML 2.0 integration: Provides secure SSO and Single Logout (SLO) with any SAML 2.0–compliant Identity Provider (IdP), improving efficiency and user experience across connected applications.

Password and account protection

Test Cloud supports customizable security policies to help maintain strong password and account hygiene:

Password complexity: Define requirements for character types, minimum length, expiration period, and reuse restrictions.
Account lockout: Protect against repeated failed login attempts by automatically locking accounts after a configurable number of unsuccessful tries.
Change-on-first-login: Optionally require users to reset their password on first access.

Encryption and tenant-level security

To ensure data segregation and compliance, each tenant can be encrypted using Microsoft Azure Key Vault. This setup allows unique encryption keys per tenant, managed securely through Azure services.

Administrative control

Organization administrators can configure all authentication and security settings from Admin > Security Settings in the Management portal. System administrators at the host level define global policies, which organizations inherit by default but can override where necessary.

For more information, refer to the Authentication and security section.

Licensing

The licensing model for Test Cloud for Automation Suite organizations involves having Test Cloud for Automation Suite-specific licenses assigned to yourself or your users.

Important: The licenses associated with (App Tester User - Named User and App Test Developer - Named User) grant access to all the products available within Test Cloud for Automation Suite. No additional user licenses, beyond the App Tester User or App Test Developer, are needed for accessing the products within Test Cloud for Automation Suite.

For more information on how to activate, assign, deallocate, and monitor licenses, visit Licensing.

Tenants and services

In Test Cloud for Automation Suite, tenants let you organize and manage your testing environment within an organization. Each tenant acts as a secure container for services and resources, helping you model your business structure, for example, by department, region, or project, while keeping data, licenses, and configurations isolated.

Tenant structure and management

Every organization starts with a DefaultTenant, automatically created during setup.
System administrators can create additional tenants from the Admin area, specify regions for data hosting, and choose which services to enable in each tenant.
A tenant can be enabled, disabled, or deleted as needed. When disabled, all licenses return to the organization pool, and data remains preserved.
You can easily switch between tenants from the tenant picker to work with data specific to each environment.

Services in each tenant

Each tenant includes one Orchestrator service by default, along with any other UiPath services available under your licenses (for example, Test Manager, Insights, or Data Service). This ensures full testing functionality within each isolated tenant.

Note: A tenant in Test Cloud for Automation Suite is different from an on-premises Orchestrator tenant. Each Test Cloud for Automation Suite tenant contains one Orchestrator service and can host multiple UiPath services under a single organizational scope.

License and access control

Administrators allocate licenses at the tenant level, deciding how many user and robot licenses to assign. Tenant visibility and access depend on user permissions within each service, ensuring users can only access tenants and services relevant to their roles.

Organizing resources with tags

Tags let you categorize and identify automation and testing resources across tenants and services. You can create labels or key–value pairs (properties) to group related items, such as test assets or environments. Tags created at the platform level are stored centrally and synchronized across Orchestrator and other connected services.

For more information, refer to the Tenants and services section.

Accounts and roles

Test Cloud for Automation Suite uses the same account, group, and role model as Automation Suite to control who can sign in and what they can do.

Account types

User accounts (local or directory): Identify people. Can receive licenses, roles, and group memberships.
Robot accounts: Non-user identities for unattended/back-office execution. No email required, no interactive settings, they are managed like users for permissions.

Groups

Manage access at scale by assigning licenses and roles to groups, then adding accounts to those groups.
Supports local groups (created in the platform) and directory groups (from a linked Identity Provider). Directory groups can be nested into local groups for seamless onboarding.

Inheritance

Roles: An account gets the mix of roles from all its groups. Service access depends on these roles.
Licenses: Group allocation rules auto-assign user licenses. Direct license assignment to an account overrides group allocation.

Roles model

Organization-level roles (fixed): For example, an Organization Administrator controls administrative capabilities.
Service-level roles (per product): Managed inside each service (such as Orchestrator or Test Manager). You assign service-level roles to groups or to individual accounts.

Provisioning options

Direct provisioning: Add accounts or groups and assign roles or licenses in the platform.
Auto-provisioning(with Identity Provider): When integrated with Microsoft Entra ID or SAML, directory admins can grant access or roles via directory group membership with no extra steps in the platform.

Administration entry points

From Admin, go to Accounts & Groups to create or edit users, robot accounts, and groups, as well as manage group membership and license allocation rules.
Within each service (such as Orchestrator or Test Manager), assign and audit service-level roles, as well as verify effective permissions.

For more information, refer to Accounts and groups.

AI Trust Layer

The AI Trust Layer brings administration and strict governance capabilities to generative AI featuresall UiPath® products. Aimed to ensure data confidentiality and security in every interaction, AI Trust Layer keeps your data restricted within the UiPath® environment. For more information, visit About AI Trust Layer.

External applications

Test Cloud for Automation Suite supports secure integrations with external applications via OAuth 2.0 and Personal Access Tokens (PATs), enabling controlled API access without sharing user credentials.

OAuth external apps

OAuth external apps are third-party apps registered in your organization to call UiPath APIs with delegated authorization. OAuth apps can be of the following types:

Confidential (application scopes): Headless or server apps that can securely store secrets. They act as the app itself.
Confidential (user scopes): Server apps that act on behalf of a user. They store secrets securely.
Non-confidential (user scopes): Client apps (no secret storage), where user authorizes with short-lived tokens.

Personal access tokens (PATs)

Personal access tokens are user-scoped tokens (local-user accounts only) that substitute passwords for API access with defined scopes and expiry. An organization administrator can enable or disable PATs, set a maximum lifespan, view all PATs, and revoke tokens individually, or by pasting a known token to revoke immediately in case of suspected exposure.

For more information, refer to the External applications section.

Notifications

Stay updated about your actions and their outcomes with notifications. Keep track of user or administrative actions within your organization account through both in-app, and email notifications. For more details on enabling and managing notifications, visit About notifications.

Logging

Logging is an important tool for various tasks like debugging issues, reporting trends, and enhancing security and performance. Test Cloud for Automation Suite, along with other cloud services, uses different types of logs based on their unique requirements. For a thorough walkthrough on the uses and management of logs, visit Audit logs.

Was this page helpful?

PREVIOUSLicensing

NEXTBest practices

Support and Services

Get The Help You Need

UiPath Academy

Learning RPA - Automation Courses

UiPath Forum

UiPath Community Forum

Trust and Security

Cookies Policy