User gets "Lock account" from LDAP and SAML configuration


#1

Hi Community :slight_smile:,

I have a question regarding of Lock account.
image

We have setup LDAP and SAML with Active Directory.

My understanding is that LDAP will add new users to Celonis application.
SAML is to enable users to use Single Sign On to Celonis web application.

Interestingly, I find some users got created by ID: SAML
image

Please advise,

Thank you


#3

Dear Winut,

My understanding is that LDAP will add new users to Celonis application.
SAML is to enable users to use Single Sign On to Celonis web application.

That’s correct.

Interestingly, I find some users got created by ID: SAML

this output is related to the #SAML Configuration in the config-custom file.

There is a Paramater that allows to create users, using SAML:

# Set to true to automatically create users when they log in
saml.users.autocreate=true

Celonis will show you, that the user has been created by “ID: SAML”, instead of LDAP.

Best,
David


#4

Thank you David :slight_smile:
you are always very helpful.

Could you also give me more information about how Celonis automatically lock users?

Thanks again.


#5

Hello Winut,

my pleasure. :slightly_smiling_face:

Could you also give me more information about how Celonis automatically lock users?

There are two ways to Lock users in Celonis:

  1. Manually by choosing the user, and checking the “Lock Account” option. Or
  2. Automatically, by Locking the user in your Active Directory.

When using the second option, you would need to wait until the LDAP connection refresh has taken place, Celonis process the new given Information, and locks the user.

Best,
David