Connect your Single-Sign-On account to Comeet and reap the benefits of easy sign-in, and automatic syncing with your ADFS people management setup.

Features

  • Stay in-sync: Keep Comeet in sync with the company’s Azure.
  • Import new users with ease: Current users in Azure can easily be added to Comeet.
  • One click log-in into Comeet for Azure users.
  • Off-boarding users: Disabling the user’s access to the application through Azure will block them from accessing Comeet.

Requirements

  • Access to Comeet's Authentication settings menu. The integration can be set up by the following company roles in Comeet: Owner, Admin and IT Admin.
  • Admin access to Azure.

Configuration instructions

1. Create a new application by adding Comeet’s application from the gallery.

2. Select Comeet’s newly added application, navigate to the “Single sign-on” tab and select “SAML”.

3. Download the “Federation Metadata XML” file, open it with a text editor (for example notepad or notepad++) and copy the value that's registered in the file. Navigate to the Authentication menu in Comeet's system settings and press "Connect" to connect with Azure. Paste the copied value under the “SAML Signing Certificate” field.

4. Under the “Properties” tab in Azure, copy the “User access URL” value and paste it back in Comeet under the "User access URL" field.

5. After both “User access URL” and “Metadata XML” fields have been registered in Comeet, click “Connect”.

6. Navigate back to the “Single sign-on” tab in Azure and choose to edit the “Basic SAML Configuration”.

7. Copy the “Identifier” and “Reply URL” values from Comeet and paste them under the “Identifier (Entity ID)" and “Reply URL (Assertion Consumer Service URL)" fields in Azure. The “Sign on URL” field in Azure should be empty. 

8. Choose to edit the “User Attributes & Claims” field in Azure and add a new claim. Register “comeet_id” (case sensitive) in the “Name” field and select “user.userprincipalname” in the “Source attribute” field. Press “Save”. Delete all other claims and only leave the newly created claim “comeet_id”. 

9. Navigate to the “Provisioning” tab in Azure and select “Automatic” under the “Provisioning Mode” field. Copy your company’s “Secret Token” from Comeet and paste the value under the “Secret Token” field in Azure. At this point, you can test the connection to make sure it’s working properly. Don’t forget to save.

10. Select “Synchronize Azure Active Directory Users to Comeet” under the “Mappings” field and make sure it’s enabled and configured as shown in the screenshots below:

11. Navigate to the “Users and Groups” tab and assign the relevant users/groups to Comeet’s application. 

12. Navigate back to the “Provisioning” tab in Azure, turn on the “Provisioning Status” and make sure the “Scope” is set to “Sync only assigned users and groups”. Please note that it’s best to turn on “Provisioning” after adding users/groups to Comeet’s application or the synchronization might take longer to complete. In addition, please keep in mind that the synchronization of the users from Azure might take up to 40 minutes. 

13. Once all users and/or groups have been synchronized, navigate back to Comeet’s Authentication settings menu and press “Activate” to activate the integration. 

If you have encountered any problems during the setup of the integration or if you have any questions, please contact our support team at support@comeet.co. We’ll be happy to assist you with the configuration and activation of the SSO integration or answer any questions you may have.

Sign in using SSO

  • Sign in from Comeet’s website – users are redirected to sign in on your company’s SSO. If they are already signed in, they will be automatically re-directed to Comeet.
  • Sign in through the list of apps in your organization (from Azure).

FAQ

Q: What happens when an employee leaves the company?

Once the employee has been de-provisioned in Azure, their access to Comeet will be blocked. On the teammates page, the employee will be marked as “Deactivated by SSO”. To reassign tasks and roles of employees that no longer have access to Comeet, click on “Deactivate” and choose the teammate to whom you would like to assign their current tasks.

Q: How permissions and roles in Comeet are managed?

Okta serves as an access control mechanism. Role permissions are set by the company’s directory services. Teammates’ permissions in Comeet are determined by the company roles and position roles in Comeet.


Have more questions? Contact us at support@comeet.co

Did this answer your question?