Account management
While single sign-on provides a secure way for users to sign in to your Celonis Platform, configuring SCIM API or SAML JIT (Just-in-time) gives you additional account management options. Though both options allow you to securely connect your Celonis Platform to your identity provider, we recommend using SCIM API here.
SCIM API (recommended)
In addition to allowing users to login to your Celonis Platform team, SCIM API also enables the provisioning and deprovisioning of user accounts and groups. Once enabled, an OAuth client, an API key, or an application key is required. This key allows your Celonis Platform and identity providers to communicate, with an authorization header required when making calls.
For more information, see: Configuring SCIM API on the Celonis Developer Portal.
SAML JIT
If you’re using SAML as SSO, you can enable Just-in-time user provisioning, allowing new users to join and access your Celonis Platform team on demand. Adopting SAML JIT user provisioning reduces the need for manual user management, with the information passed between the Celonis Platform and your identity provider securely.
For more information, see: Configuring SAML JIT single sign on