Signing in
Configuring how users sign in to your Celonis Platform is an important security setting. When deciding which approach to take, you have the following options:
Celonis ID (default)
Allow users to access your Celonis Platform team with their existing Celonis login credentials. There is no configuration necessary for this.
When using a Celonis ID, two-factor authentication is turned on for your users. This requires users to generate an access token (sent to their email address) when logging in.
For more information, see: Celonis ID
Single sign on (SSO)
By connecting your company’s authentication mechanism, your users can log in to your Celonis Platform with their existing access credentials. SSO configuration reduces manual account management for your Celonis Platform admins and increases the ease of access for your users.
We recommend using either SAML or OIDC methods here:
SAML
Allow users to login to your Celonis Platform team via an external identity provider. To configure this, you need to upload a SAML metadata XML file.
For more information, see: Configuring SAML SSO
OIDC
Allow users to login to your Celonis Platform team using OpenID Connect, assigning each user with an ID token. To configure this, you need to supply a client ID, a client secret, and a provider discovery URL.
For more information, see: Configuring OIDC SSO