Skip to main content

Celonis Product Documentation

Signing in

Configuring how users sign in to your EMS is an important security setting. When deciding which approach to take, you have the following options:

Celonis ID (default)

Allow users to access your EMS team with their existing Celonis login credentials. There is no configuration necessary for this.

When using a Celonis ID, two-factor authentication is turned on for your users. This requires users to generate an access token (sent to their email address) when logging in.

For more information, see: Celonis ID

Single sign on (SSO)

By connecting your company’s authentication mechanism, your users can log in to your EMS with their existing access credentials. SSO configuration reduces manual account management for your EMS admins and increases the ease of access for your users.

We recommend using either SAML or OIDC methods here:

SAML

Allow users to login to your EMS team via an external identity provider. To configure this, you need to upload a SAML metadata XML file.

For more information, see: Configuring SAML SSO

OIDC

Allow users to login to your EMS team using OpenID Connect, assigning each user with an ID token. To configure this, you need to supply a client ID, a client secret, and a provider discovery URL.

For more information, see: Configuring OIDC SSO