SAML: Requirements for the Identity Provider
Active Directory (AD) link via SAML 2.0
The following chapter explains the synchronization of Active Directory users and groups. Synchronized users are not shown a login dialogue.
In Celonis Process Management Web Active Directory user can be linked via SAML 2.0 so they can log onto Celonis Process Management Web with their Windows user accounts without having to set up users manually in the Celonis Process Management Web user settings.
For the configuration settings in Celonis Process Management Web als well as in the Active Directory Federation Services on your Ative Directory-Server have to be adjusted.
The identity provider makes it possible for Celonis Process Management users to log in with authentication information provided by the identity provide:
Celonis Process Management is the Service Provider here.
Identity Provider can be Active Directory Federation Services, for example.
Celonis Process Management authenticates against the identity provider via the browser, so identity provider and Celonis Process Management Web cannot access each other.
Communication takes place via the browser, which has access to both networks.
The following picture shows the authentication process:
