Edit

Share via

Create a machine mapping credential (preview)

[This article is prerelease documentation and is subject to change.]

This feature lets you map user account credentials to your robotic process automation (RPA) machines.

Important

  • This is a preview feature.
  • Preview features aren’t meant for production use and may have restricted functionality. These features are available before an official release so that customers can get early access and provide feedback.
  • This feature is gradually rolling out across regions and might not be available in your region.

How a machine mapping works

A machine mapping is a type of credential that can be used in desktop flow connections to use specific credentials depending on the machine assigned.

  • Example 1

    For a machine group that contains multiple machines, you can define for each machine which user account must be used to sign in.

    Note

    There isn't a restriction on mapping multiple credentials to the same machine.

  • Example 2

    For a server, you can define all the user accounts that can execute your desktop flow.

    Screenshot of mapping architecture.

Availability

Currently, this feature isn't available for US Government Clouds and China regions.

Prerequisites

To create a mapping between machines and credentials, follow these steps:

  1. Ensure the Microsoft Flow Extensions core package (MicrosoftFlowExtensionsCore) Dataverse solution in your environment equals to 1.8.36.0 or higher.
  2. Ensure the version of Power Automate desktop app is 2.50 or higher.
  3. Create your credential using Azure Key Vault or CyberArk. To select them in your mapping, define these credentials as usable in connection.
  4. Register your machines in this environment. If your machine isn't registered, follow the steps in Manage Machines.
  5. CyberArk only: Configure all machines using CyberArk credentials with a CyberArk application.

Create a machine mapping

  1. From the left navigation, select Credentials.

  2. Select New > Mapping between machine and account credential(s).

  3. In the wizard, define a credential name and a brief description, then select Next.

  4. Define the default value of your mapping used when an assigned machine doesn't have a mapped credential.

  5. For each machine, select one or several credentials to be used to sign in to the machine.

    1. From the machine dropdown, select the machine you would like to apply the mapping to.

      Note

      • You can map a machine with multiple credentials.
      • After a machine is mapped with credentials, it can't be selected for another mapping.
      • Map all your machines with credentials in the same machine mapping or define a mapping for each machine group.

    2. From the credential dropdown, select the credentials to map to this machine.

      Note

      In the dropdown, you only see credentials that are usable in connections. All credentials listed for a machine must be working credentials for that machine. In other words, if one credential fails for a machine, this machine is considered as not available even if there are other credentials defined for this machine. You can't map a mapping credential to another mapping.

      Screenshot of create new mapping.

  6. Once the mapping between a machine and credentials is done, you can see it in the list of mappings. You can edit the mapping to change the credentials or delete it.

  7. If you need to define a new mapping, select Add new.

  8. After you complete the mappings, select Save.

Use the machine mapping in a desktop flow connection

You can now use this mapping in a desktop flow connection. Instead of selecting a single credential, you can select this mapping.

During runtime, the appropriate user account credential defined in your mapping is used to connect to the assigned machine.

Share a machine mapping

From the list of credentials, you can share a mapping with other users:

  1. Select a credential.
  2. Select Share.
  3. From Add People, enter the name of the people you want to share the mapping with.
  4. Finally, select the permissions for this user (user, user + share, co-owner).

When you share the mapping, you also share all the credentials selected for this mapping. Whenever you update the mapping with new credentials, those credentials are shared with other users of this mapping. Removing permissions on a machine mapping credential doesn't remove permissions on the mapped credentials.

Limitations

  1. The run detail page doesn't display the credential used in the credential mapping. Retrieve the credential used in the flowsession table in the credentials field.
  2. In machine mapping credential, the default credential can be exported and imported, but you must reconfigure the mappings between machines and user credentials in the environment where the machine mapping credential is imported.