We are implementing Celonis and we want to use single sign on via SAML. We set up an Active Directory group for auto provisioning and when we add users to the group, it does not sync with Celonis and create an invitation that is sent to them. Any insight would be great! I am not sure if Celonis or my company’s computer security folks need to resolve this. Thanks!
Not sure what version of Celonis are you using but I would believe you may be missing a piece. That is the LDAP Sync to create user accounts and acquire the group mappings (AD groups to Celonis groups)
the way SAML/ SSO works is that you first configure SAML on your Celonis environment. For this SAML configuration, we provide a detailed documentation, which you can request at Celonis servicdesk.
Once you have configured SAML, the users are automatically synced and created. The users can then log in via their company mail address. There’s usually no need to send a seperate invite to the e-mail address.