This article provides details on different security aspects of RPA Supervisor.
RPA Supervisor Server
Like any web server, the RPA Supervisor Server must be open for inbound connections from users. By configuring your network, you can decide to what extent you want the server to be open for such connections.
- Only accepts SSL encrypted connections.
- Communicates with the Adapter using WebSocket Secure (WSS) and the component is authorized using Json Web Tokens (JWT), encrypted using the HMAC-SHA256 algorithm.
- Authentication is based on an internal system of users stored in the RPAS database with a username and password.
- The authentication system is based on Json Web Tokens (JWT)
RPA Supervisor Blue Prism Adapter
- Communicates using encrypted channels (SSL), and only makes outbound connections. There is no way to connect to the Blue Prism Adapter externally.
- If you enable SSO to access Blue Prism and the Blue Prism Database, it will use the same security as provided by Windows Single Sign-On
- If not using the SSO for accessing Blue Prism and the Blue Prism Database, user credentials for these logins are stored with AES 256-bit encryption in configuration files to obfuscate them. The encryption key is stored within the Blue Prism Adapter software.
By design, no customer or GDPR sensitive data from the Blue Prism operations are needed for the RPA Supervisor to function. Please note that RPA Supervisor will collect all Tags from Blue Prism. These should not contain sensitive data according to Blue Prism best practices.
All data is encrypted using Rijndael256, commonly known as Advanced Encryption Standard (AES) 256-bit.
Application code security
To maintain secure code we use Veracode (.NET) and Arachni (OWASP) for security analysis of all components of the RPA Supervisor.