Configuring your Celonis Platform security features
Your security features allow you to control who or what can access your Celonis Platform and what authentication you require from them.
As an Celonis Platform admin, you can configure the following security features:
Identity and access management
Secure your environment by defining how users authenticate and how their accounts are managed. Whether you use the native Celonis ID system or integrate with your organization's existing Identity Provider (IdP) via SSO, these settings ensure that only authorized personnel can access your data.
Signing in (Celonis ID and single sign on)
Configuring SAML single sign-on: Connect your corporate Identity Provider (like Okta or Azure AD) using the SAML 2.0 standard for secure, centralized authentication.
OIDC: Utilize the OpenID Connect protocol to allow users to sign in using their existing enterprise credentials.
Celonis ID: The default native authentication method for users to log in directly via the Celonis platform using a dedicated email and password.
Account management (SCIM API and SAML JIT)
Configuring SCIM API: Automate the entire user lifecycle by syncing your Identity Provider with Celonis to create, update, and deactivate accounts automatically.
SAML JIT SSO: Enable "Just-In-Time" provisioning to automatically create a user profile the first time a person logs in through your SSO.
Environment and network security
Beyond individual user access, you can implement broader safeguards to protect your entire platform instance. These tools allow you to harden your security posture by restricting access to known corporate networks, managing session persistence, and ensuring team-level privacy.
IP-based restrictions: Control access based on specific network locations.
Session timeout settings: Manage the duration of active user sessions.
Team privacy: Configure visibility settings for your team's environment.
Communication and enrollment
Configure how new users join your team and how the platform represents your organization in outbound communications. These settings help balance ease of onboarding with administrative control, while maintaining a professional look for automated system emails.
Open sign up: Control whether new users can self-register.
Email signatures: Manage standard signatures for platform communications.
Security recommendations
Your team security and user provisioning settings may vary depending on your team size. Before setting up your team, we therefore recommend that you choose a coupling approach and relevant settings.
For our security recommendations, see: Security recommendations