Click HERE to see how Saviynt Intelligence is transforming the industry. |
on 02/02/2024 12:30 AM - edited on 04/04/2024 09:08 AM by Rishi
Disclaimer
The integration was created by Saviynt community users.. The integration is available “as is” and falls under standard connectors support for REST, SOAP, JDBC, LDAP, PowerShell, Jar, and Saviynt Connector Framework.
This guide describes the integration between Saviynt Enterprise Identity Cloud (EIC) and Celonis.
This guide is intended for administrators and target application integration teams responsible for implementing a secure integration service with Celonis.
Celonis is a Process Mining & Task Mining Tool, It does this by Connecting source system data to achieve the following Insights generation into. Process improvements improved cycle time, rework efficiency benefits, & automation opportunities. Process visibility telling the story through facts and data to improve the process for the business & GBS. Process optimization & improved business processes and customer experience.
The Celonis connector enables you to seamlessly integrate with Celonis to manage the user lifecycle and govern access to their accounts and workspaces.
For more information about different connectors in EIC, see Connectors Documentation.
The Celonis integration supports the following features:
Software | Version |
EIC | Release v4.5 and later |
You must create an integration between EIC and the collaboration platform hosted by the target application to perform import, provisioning, and de-provisioning tasks. The following components are involved in the integration:
Objects are imported as entitlement types into EIC.
Security System represents the connection between EIC and the target application.
It comprises an endpoint, which is the target application for which you want EIC to manage the identity repository.
It provides application instance abstraction from connectivity including high-level metadata. For more information about creating a security system, see Creating a Security System.
It is the target application or application from which the connector imports the data and performs provisioning or de-provisioning of identity objects, such as users, accounts, and entitlements.
It is mandatory to create an endpoint after creating the security system.
You can associate a single security system with multiple endpoints if the deployment involves modeling multiple isolated virtual applications (based on sets of specific entitlements according to certain categories) within a single application instance. For more information about creating an endpoint, see Creating an Endpoint for the Security System.
The connector is a software component that enables communication between EIC and the target application. It provides a simplified integration mechanism where in some instances you only need to create a connection with minimal connectivity information for your target application. The REST connector is used for importing, provisioning accounts, and accessing through the REST APIs. For more information about creating a connection, see Creating a Connection.
Job Scheduler is a software component that executes a job based on the configured schedule to perform import or provisioning operations from EIC.
When a provisioning job is triggered, it creates provisioning tasks in EIC. When these tasks are completed, the provisioning action is performed on the target application through the configured connector. If you want to instantly provision requests for completing the tasks without running the provisioning job, you must enable Instant Provisioning at the security system level and the Instant Provisioning Tasks global configuration. For more information about the jobs used by the connectors in the Celonis integration.
Celonis Account Attribute | Saviynt Account Attribute |
userName | name |
id | accountID |
active | status |
displayName | displayName |
active | customproperty1 |
Celonis Entitlement Attribute | Saviynt Entitlement Attribute |
id | entitlementID |
displayName | entitlement_value |
displayName | displayName |
urn:celonis:params:scim:schemas:extension:2~dot#0:Group.role | entitlement_glossary |
Using API keys is an effective and secure method of communicating between your and external systems, such as an identity provider. They are created within an individual user profile in your Celonis Platform, with the key’s permissions mirroring those of the user who created them.
For security reasons, an API key is only displayed at the time it is created. Therefore you must create a new key if you no longer have access to any you create.
Using an API key is one of the methods involved in configuring SCIM API (for provisioning and deprovisioning users and groups in your ), with the alternative being creating and granting permissions to application keys.
Admins can also receive a system notification whenever an admin creates or deletes an API key. See: System notifications
To create an API key as an admin:
|
Note:You can only view an application key once, so make sure to copy it when you create it. If you don't have a copy of the keys on your list, you'll need to create a new one.
Authorization: Bearer API_KEY |
Connection refers to the configuration setup for connecting EIC to target applications. For more information about the procedure to create a connection, see Creating Connections.
While creating a connection, you must specify connection parameters that the connector uses to connect with the target application, define the type of operations to perform, the target application objects against which those operations are performed, and the frequency of performing them. In addition, you can view and edit attribute mappings between EIC and the target application, predefined correlation rules, and provisioning jobs and import jobs.
The Connection Package helps you build the connection with pre-defined JSONs, this can be used if your tenant does not already have out of the box connection templates available. Here are the steps to import the Celonis connection package.
The connection JSON cannot be embedded in the Connection Package. Hence attaching the Connection JSON separately
The connection JSON cannot be embedded in the Connection Package. Hence attaching the Connection JSON separately
{ "authentications": { "userAuth": { "authType": "oauth2", "url": "", "httpMethod": "POST", "httpParams": {}, "httpContentType": "application/json", "expiryError": "ExpiredAuthenticationToken", "authError": [ "InvalidAuthenticationToken", "AuthenticationFailed" ], "retryFailureStatusCode": [ 400, 401, 403, 500, 502 ], "timeOutError": "", "errorPath": "error", "maxRefreshTryCount": 5, "tokenResponsePath": "", "tokenType": "Bearer", "myappkey": "AppKey<Please enter Celonis PROD App Key>" } } } |
The security system represents the connection between EIC and the target application. For more information on creating a security system, see Creating a Security System.
Endpoint refers to the target application used to provision accounts and entitlements (access). For more information on creating an endpoint, see Creating Endpoints..
You can use the Celonis integration for performing import and provisioning operations after configuring it to meet your requirements.
You must apply the following guidelines for configuring import:
The import jobs are automatically created in EIC after you create a connection for the Celonis integration. For more information about creating jobs, see Data Jobs.
You must import accounts after the users are available in EIC.
To import accounts:
Provisioning is automatically enabled when a connection is configured. For detailed information about performing provisioning tasks, see Access Request System.
To provision objects to the target application:
When a provisioning job is triggered, it creates provisioning tasks in EIC. When these tasks are completed, the provisioning action is performed on the target application through the connector.
To troubleshoot common problems with connectors, answer frequently asked questions, and provide solutions to a few common issues you might encounter while configuring or working with connectors, see Common Troubleshooting Guide for Connectors.
To troubleshoot common problems or obtain answers for frequently asked questions for REST connectors, see the REST Connector Guide.