Skip to main content

Configure OIDC

CPM_OIDC.png

  1. It's easiest to set up the connection by having Celonis Process Management (CPM) open in one tab, and your identity provider open in another. This way, you can copy and paste information between the two as needed. If you have additional documents for SSO configuration, such as a metadata file or a custom certificate, you should keep them handy.

  2. In your CPM tab, upload your metadata file or custom certificate to auto-populate the fields, if using. If not, use the configuration table below to fill out each field.

  3. Next, in your identity provider tab, check to see if your claims have custom names. If so, use the claim mappings section to map them for use in CPM.

  4. In your CPM tab, once you've finished filling out the configuration form, click Save.

  5. The last step is to add some additional information within your identity provider so that it recognizes the connection you just configured in CPM. Use the information in the redirect section below, and make sure to replace companyShortName in the sample URLs with your company's name.

Table 21. OIDC Configuration Settings

Field

Description

Provider name

The login provider name.

Client ID

Indicated in your identity provider as “Application” or “Client ID” in GUID format. For example, if your identity provider is Microsoft, you can find it under Microsoft Entra > Management > App registrations.

Authority

This is the Authority URL from your identity provider. For example, if your identity provider is Microsoft, the URL will be https://login.microsoftonline.com/{GUID}. Replace GUID with your {Tenant ID}.

Enable/Disable toggle

Enables or disables the login provider. If disabled, the button will not show on the login page.

Claim mappings:

The expected claims sent by the identity provider (IdP)  are:

  • email

  • given_name

  • family_name

If the IdP uses different claim types, remap them here.



Redirect URLs

Once ODIC is configured, the last step is to add the redirect URLs to your identity provider. The companyShortName is a unique identifier for your tenant inside our systems. It can be found in the URLs provided to you for Process Designer or Process Navigator.

For example, the URLs for a company called Celonis would be:

  • in Process Designer: https://symbioweb.com/celonis/demoStorage

  • in Process Navigator: https://navigator.symbio.cloud/celonis

You can find out what region you're in by checking the URL of your workspace in either Process Designer or Process Navigator.

Region

URLs

West Europe

Sign-in redirect URL: https://auth.symbio.cloud/signin-companyShortName-oidc

Logout redirect URL: https://auth.symbio.cloud/signout-&companyShortName-oidc

East US

Sign-in redirect URL: https://auth.us-1.symbio.cloud/signin-companyShortName-oidc

Logout redirect URL: https://auth.us-1.symbio.cloud/signout-companyShortName-oidc

Japan

Sign-in redirect URL: https://auth.jp-1.symbio.cloud/signin-companyShortName-oidc

Logout redirect URL: https://auth.jp-1.symbio.cloud/signout-companyShortName-oidc