Skip to main content

Celonis Product Documentation

Account management

While single sign-on provides a secure way for users to sign in to your EMS, configuring SCIM API or SAML JIT (Just-in-time) gives you additional account management options. Though both options allow you to securely connect your EMS to your identity provider, we recommend using SCIM API here.

SCIM API (Preferred)

In addition to allowing users to login to your EMS team, SCIM API also enables the provisioning and deprovisioning of user accounts and groups. Once enabled, an API key or application key is then required. This key allows your EMS and identity providers to communicate, with an authorization header required when making calls.

For more information, see: Configuring SCIM API


If you’re using SAML as SSO, you can enable Just-in-time user provisioning, allowing new users to join and access your EMS team on demand. Adopting SAML JIT user provisioning reduces the need for manual user management, with the information passed between the EMS and your identity provider securely.

For more information, see: Configuring SAML JIT single sign on