Celonis Process Management SSO

Setting Up OAuth-based SSO

Celonis Process Management supports OAuth 2.0 for use with LinkedIn and Microsoft Accounts.

Setting Up LinkedIn

To register Celonis Process Management as an App for your organization, go to https://www.linkedin.com/developers/apps/new and complete the form using the following:

  1. Choose an appropriate App name , such as "Celonis Process Management OAuth by ".
  2. Select your organization under Company . A page admin will have to verify your request.
  3. Add an App logo of your choice.
  4. Accept the legal terms.
  5. Click Create app .
  6. Select your app. Go to the Auth tab and note the following information:
    • Client ID
    • Client Secret
  7. Scroll down and specify a valid Redirect URL . For example, if your normal Celonis Process Management URL is https://organization.cpmweb.com/Organization/Training/ then your "Redirect URL" would be https://organization.cpmweb.com/signin-linkedin .
  8. Save your changes.

Setting Up Microsoft Account

Here is a comprehensive guide to setting up your Azure AD tenant: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app.

You will need to provide a "Redirect URI". If your normal Celonis Process Management URL was https://organization.cpmweb.com/Organization/Training/ your "Redirect URI" would be https://organization.cpmweb.com/signin-microsoft.

Note your "Application ID" as your "Client ID".

If you have successfully registered Celonis Process Management with your Azure AD tenant, you need to create a Client Secret:

  1. Select your new app in the Azure Portal.
  2. Select "Certificates & secrets".
  3. Click on + New client secret .
  4. Enter a name for that secret.
  5. Choose if or when the secret will automatically expire.
  6. Click Add .

Note the "Value" of the new secret as your "Client Secret".

Setting Up Celonis Process Management

  1. In your Celonis Process Management storage, switch to "Editor" mode and then go to the admin area.
  2. Scroll down to "Services" and click on Authentication Providers .
  3. In the Type dropdown select "OAuth Authentication Provider".
  4. Select a name/ID for your new provider and click New .
  5. Select your new provider and then enter the information noted above:
    • Client ID
    • Client Secret
  6. Make sure you select the correct 3rd party provider, such as "LinkedIn" or "Microsoft".
  7. Enable your new provider. It is also recommended but not required that you also set it to visible. symbio oauth provider