Skip to main content

Celonis Product Documentation

Configuring SCIM API (Preferred)

In addition to allowing users to log in to your Celonis Platform team, SCIM API also enables the provisioning and deprovisioning of user accounts and groups. Once enabled, an API key or application key is then required. This key allows your Celonis Platform and identity providers to communicate, with an authorization header required when making calls.

To enable SCIM for your Celonis Platform team, go to Admin & Settings > Settings and then toggle the Enable SCIM switch to on:

A screenshot of where to enable SCIM in admin & settings.


Once enabled, you then must create either an API key or an application key. This choice depends on your identity provider's preferred method, with some providers only supporting one method.

For example, currently Azure AD can only be used with a User API key.

API keys

When creating an API key, its permissions mirror those of the user who created it. This user must have SCIM permissions enabled for this configuration to work.

For more information about creating API keys, see Creating API keys.

Application keys

When creating an application key, the application is treated like a user within your team. Therefore, you must then assign permissions to the application.

For more information about creating application keys and assigning permissions, see Creating application keys.

Additional resources

For additional help configuring SCIM or to see which SCIM endpoints are available, please refer to the API documentation provided. To access this API documentation, copy the URL below and replace [Team-Name] and [Realm] with the corresponding details from your instance: