Celonis Process Management SSO

Checklist

The following checklist aids you in collecting all necessary data to get started with setting up SAML for Celonis Process Management.

Is your Infrastructure Ready for Celonis Process Management SSO?

If you can answer every question with "Yes", your infrastructure is ready for Celonis Process Management SSO.

Question Answer
Celonis Process Management and IdP both reachable by browser? ☐ Yes ☐ No
SAML 2.0-compliant IdP available? ☐ Yes ☐ No
SSO HTTP-REDIRECT endpoint supported? ☐ Yes ☐ No
POST to ACS endpoint supported? ☐ Yes ☐ No
SHA-256 signatures supported? ☐ Yes ☐ No
IdP Metadata XML file available? ☐ Yes ☐ No
Metadata contains trustworthy certificate? ☐ Yes ☐ No
(If on premise) Celonis Process Management installed on HTTPS binding? ☐ Yes ☐ No
If targeting Azure AD: Are you using Azure AD Premium? ☐ Yes ☐ No

Provide the IdP Metadata XML file to Ploetz + Zeller GmbH to get your Cloud instance of Celonis Process Management configured for SSO.

Claims Details

Additional Questions Answer (needed by P+Z for Cloud setups)
Claim Type users are identified by? (UPN preferred)
Claim Type used for group membership? (Group preferred)

If these answers diverge from the desired claim types, a custom claims mapping needs to be added.

What is needed to set up your IdP?

The following data is likely needed to set up your IdP:

Element Value
Initiated By Service Provider (IdP-initiated not supported)
SP Entity ID http://symbioworld.com/web
SSO Service Expect HTTP-REDIRECT
AuthnRequest Expect Unsigned
ACS Type Set to HTTP-POST
Response Set to Signed
SP URL Celonis Process Management Root URL (Cloud: provided by P+Z)
ACS URL Celonis Process Management Root URL + "/AuthServices/Acs"
Minimal Claims (see below)

Minimal Claims expected by Celonis Process Management

If your claims diverge from this list, please provide P+Z with a list of transmitted claims.