Configuring Azure Enterprise Application (Single Sign-On) or external IdP for use with the Celonis Process Management AuthService

Before you start, align with the Celonis Process Management Team to provide you with the correct Assertion Consumer Service URL.

Follow the instructions in Worked Example: Celonis Process Management & Azure AD but adjust the Assertion Consumer Service URL as follows:

https://auth.cpm.cloud/<customer>-saml/Acs

Example: https://auth.cpm.cloud/celonis-saml/Acs

Claims

The following claims are required and must be sent by the Azure Enterprise Application or external IdP.

• email (contains the email address of the user)
• given_name (contains the given, e.g. first name of the user)
• family_name (contains the family, e.g. last name of the user)

If the Azure Enterprise Application or external IdP uses different claim types, make sure to provide a set of claim types (names) that contain the required data. Deviating claim types can then be mapped to the corresponding required claim types in the Celonis Process Management AuthService.

Once the setup is complete, send the Metadata URL or file to Celonis Process Management Support for further configuration.