Skip to main content

Celonis Product Documentation

JumpCloud: Setting up SSO via SAML

This article describes how you can set up SSO to Celonis EMS via SAML on JumpCloud.

How to configure SAML SSO via JumpCloud
  1. Go to JumpCloud admin portal.

  2. Go to "SSO" which can be found under USER AUTHENTICATION section.

    • 41195891.png
  3. Click "+" to add a new Application.

  4. Click the Customer SAML App button.

    41195892.png
  5. Enter the name of the application in the General Info section. In this example: Celonis EMS. Here you can further customize the application (e.g. by uploading a custom icon etc.).

    • 41195896.png
  6. In the Single Sign-On Configuration section, enter the following details:

    1. IdP Entity ID: A unique ID that identifies the application: e.g. celonis-cloud

    2. SP Entity ID: [customer].[realm] .celonis.cloud (e.g. customer1.eu-1.celonis.cloud)

    3. ACS URL: https:// [customer].[realm].celonis.cloud/api/auth-handler/saml/callback?client_name=SAML2Client (e.g. https://customer1.eu-1.celonis.cloud/api/auth-handler/saml/callback?client_name=SAML2Client)

    4. SAMLSubject NameID: email

    5. SAMLSubject NameID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

    6. Signature Algorithm: RSA-SHA256

      • Sign Assertion

    7. Default RelayState: https://[customer].[realm].celonis.cloud/ (e.g. https://customer1.eu-1.celonis.cloud/)

    8. IDP URL:

      • https://sso.jumpcloud.com/saml2/[unique-id] (e.g. https://sso.jumpcloud.com/saml2/celonisems)

    1. Attributes:

      • email → email

      • firstName → firstname

      • lastName → lastname

    2. GROUP ATTRIBUTES:

      • include group attribute: memberOf

  7. Click on to save the newly created application

  8. Confirm dialog box:

    • 41195894.png
  9. You should now see a notification popup and new entry in the SSO applications list:

    41195897.png
    41195895.png
  10. Download the IdP Metadata file: expand the Single Sign-On Configuration and click Export Metadata.

  11. The downloaded xml file must be uploaded to the team settings and by this the configuration is done.