Skip to main content

Celonis Product Documentation

Configuring SCIM API (Preferred)

In addition to allowing users to login to your EMS team, SCIM API also enables the provisioning and deprovisioning of user accounts and groups. Once enabled, an API key or application key is then required. This key allows your EMS and identity providers to communicate, with an authorization header required when making calls.

To enable SCIM for your EMS team, click Admin & Settings - Settings and then click Enable:

A screenshot of where to enable SCIM in admin & settings.


Once enabled, you then must create either an API key or an application key. This choice depends on your identity provider's preferred method, with some only supporting one method.

For example, Azure AD can only currently be used with a User API key.

API keys

When creating an API key, its permissions mirror those of the user who created it. This user must have SCIM permissions enabled for the configuration to work.

For more information about creating API keys, see Creating API keys

Application keys

When creating an application key, the application is treated like a user within your EMS. As such, you must then assign permissions to the application.

For more information about creating application keys and assigning permissions, see Creating application keys