Celonis Process Management SSO
Checklist
The following checklist aids you in collecting all necessary data to get started with setting up SAML for Celonis Process Management.
Is your Infrastructure Ready for Celonis Process Management SSO?
If you can answer every question with "Yes", your infrastructure is ready for Celonis Process Management SSO.
| Question | Answer |
|---|---|
| Celonis Process Management and IdP both reachable by browser? | ☐ Yes ☐ No |
| SAML 2.0-compliant IdP available? | ☐ Yes ☐ No |
| SSO HTTP-REDIRECT endpoint supported? | ☐ Yes ☐ No |
| POST to ACS endpoint supported? | ☐ Yes ☐ No |
| SHA-256 signatures supported? | ☐ Yes ☐ No |
| IdP Metadata XML file available? | ☐ Yes ☐ No |
| Metadata contains trustworthy certificate? | ☐ Yes ☐ No |
| (If on premise) Celonis Process Management installed on HTTPS binding? | ☐ Yes ☐ No |
| If targeting Azure AD: Are you using Azure AD Premium? | ☐ Yes ☐ No |
Provide the IdP Metadata XML file to Ploetz + Zeller GmbH to get your Cloud instance of Celonis Process Management configured for SSO.
Claims Details
| Additional Questions | Answer (needed by P+Z for Cloud setups) |
|---|---|
| Claim Type users are identified by? | (UPN preferred) |
| Claim Type used for group membership? | (Group preferred) |
If these answers diverge from the desired claim types, a custom claims mapping needs to be added.
What is needed to set up your IdP?
The following data is likely needed to set up your IdP:
| Element | Value |
|---|---|
| Initiated By | Service Provider (IdP-initiated not supported) |
| SP Entity ID | http://symbioworld.com/web |
| SSO Service | Expect HTTP-REDIRECT |
| AuthnRequest | Expect Unsigned |
| ACS Type | Set to HTTP-POST |
| Response | Set to Signed |
| SP URL | Celonis Process Management Root URL (Cloud: provided by P+Z) |
| ACS URL | Celonis Process Management Root URL + "/AuthServices/Acs" |
| Minimal Claims | (see below) |
Minimal Claims expected by Celonis Process Management
- UPN (upn: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn )
- Last Name (surname: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname )
- First Name (givenname: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname )
- E-Mail (emailaddress: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress )
- Group (group: http://schemas.xmlsoap.org/claims/Group )
If your claims diverge from this list, please provide P+Z with a list of transmitted claims.