1] User Documentation (English) Celonis Discovery LDAP Synchronization Secure Coding Guide Version 1.3 Version 1.0 Corresponding Software Version: 4.2 This This document document is copyright is copyright of the of the Celonis Celonis GmbH. SE. Distribution or reproduction are only permitted permitted by by written written approval approval of the of Celonis the Celonis SE. Usage GmbH. only Usage permitted, only permitted, if a valid software if a valid license software is available. for Celonis Discovery is available. license This document is copyright of the Celonis GmbH. Distribution or reproduction are only permitted by written approval of the Celonis GmbH.
CONFIGURING LDAP-SYNCHRONIZATION I. ADDING BASIC USER SYNCHRONIZATION ON OU-LEVEL 1. Login to the web frontend of your Celonis-Installation 2. In the administration menu select System Settings (Figure 1) Figure 1 3. Open the Source Configuration and Add a new LDAP source (Figure 2) Figure 2 2017 Celonis SE LDAP Synchronization 2
4. Enter the connection data of your LDAP-Source, where your user accounts can be found according to the format shown in Figure 3 and click the save button. Note that you have to specify the search base on OU-Level. Figure 3 5. Switch to the User Provider Tab to add a new User Provider 2017 Celonis SE LDAP Synchronization 3
6. Enter the requested information to the corresponding fields. The fields Username Attribute and your previously created LDAP Source are mandatory fields. Note that by default, the synchronization runs every hour. If you want to increase the time between synchronization you can do this by modifying the Hours delay field. Figure 4 2017 Celonis SE LDAP Synchronization 4
7. Save and Test your configuration. The response should look similar to the message in Figure 5. Otherwise you should review your configuration. Note that the number of returned entries depend on the number of users you have in the OU specified in step 4. Figure 5 8. You are now able to synchronize the Users in the given OU with Celonis by pressing the Execute all button. Figure 6 2017 Celonis SE LDAP Synchronization 5
II. IMPLEMENTING GROUP BASED USER SYNCHRONIZATION 9. Before you can configure the group based synchronization you have to create corresponding groups in Celonis. You can find this option in the administration menu (Figure 7) Figure 7 10. Add a new Celonis Group (e.g. Analysts) 11. If your LDAP-Groups are located in a different OU than your users, you have to add another LDAP-Source. To do so, repeat Step 4 and set the LDAP Search Base to the OU where your LDAP-Groups are located. Figure 8 2017 Celonis SE LDAP Synchronization 6
12. Switch to the Group Provider tab and Add new Group Provider Figure 9 2017 Celonis SE LDAP Synchronization 7
13. Provide the needed data: a. As LDAP Source select your LDAP-Group-Source you created at step 12. b. As LDAP user provider select the User Provider you created at step 6. c. Save your configuration Note: By default, the synchronization runs every hour. If you want to increase the time between synchronization you can do this by modifying the Hours delay field. Figure 10 14. Add a new Group Mapping, type in the name of the LDAP-Group containing your users and select the corresponding group you created in Step 10. Note: Nested groups are currently not supported. So be sure your users are located on the 1 st level of the provided group. Figure 11 15. Save your configuration by clicking the Save Button. 2017 Celonis SE LDAP Synchronization 8
16. If you switch back to the User Provider and hit the Test-Button again, the response should be narrowed down to the number of users located in the group you defined at Step 14. Figure 12 17. You re now able to synchronize your users based on the groups specified in step 13 by clicking on Execute all. III. ADDING LDAP-AUTHENTICATION 18. In order to allow your users to log into Celonis with their familiar credentials you have to configure the LDAP authentication in the Authentication tab. 19. Add a new LDAP-Provider 20. Select one of your previously created LDAP sources and the User Provider you created at step 6. 21. You are now able to use your LDAP credentials at the normal login mask to log into Celonis. 2017 Celonis SE LDAP Synchronization 9