If your company is using Google Workspace (formerly G-Suite) then company employees who were invited to Comeet can sign in to Comeet using their Google account. This option is built-in to Comeet and doesn't require any action on your side.
This article explains how to integrate Google Workspace to Comeet as a Single Sign-On. This integration allows you to:
- Enforce users to sign in with their Google account.
- Import new users with ease - users in Google Workspace can easily be added to Comeet.
- Off-boarding users - user’s access to Comeet is blocked automatically when they are blocked on Google Workspace.
- Access to Comeet's Authentication settings menu. The integration can be set up by the following company roles in Comeet: Owner, Admin and IT Admin.
- Admin access to Google Workspace.
Connect to your Google Workspace: https://admin.google.com/.
Select "SAML apps" in the "Apps" menu and press the "+" sign to add a new app.
Search for "Comeet" and select the Comeet app. On the next menu, download the IDP metadata XML file (under Option 2) and proceed to the next step.
Make sure that Comeet's app details in Google Workspace are defined as can be seen in the screenshot below and proceed to the next step.
Navigate to the Authentication menu in Comeet's system settings and press "Connect" to connect with Google Workspace. Open the metadata file that was downloaded in step 3 (using a text editor like notepad) and copy all the text from it. Paste the copied text value under the “SAML Signing Certificate” field.
Copy the values from the fields “ACS URL” and “Entity ID” and paste both values in the relevant fields in Google Workspace.
Change the “Name ID Format” to “EMAIL” and proceed to the next step.
In the "Attribute mapping" menu, select "ADD NEW MAPPING". Add the mapping "comeet_id" (case sensitive) and select "Basic Information" and "Primary Email" in the drop down lists respectively. Once done press “FINISH”.
You should see the following notification message:
In Google Workspace, navigate back to the Comeet app and press "EDIT SERVICE". Make sure that the app is set to "ON for everyone". This step is necessary to complete the integration and can be changed after the integration is activated.
Once Comeet's app is available, right mouse click it and copy it's link address.
Navigate back to the Authentication menu in Comeet's system settings and paste the copied value in the "SAML SSO url" field. Once done press "Connect".
After making the initial connection, return to the Google Workspace integration menu in Comeet's system settings and copy the value from the "Secret Token for your company" field.
Navigate back to Comeet's app in your Google Workspace and select "SET UP USER PROVISIONING" under the "User Provisioning" menu. Paste the secret token in the "Authorize" screen and proceed to the next step.
In the "Map attributes" menu, review the “Comeet attributes” section and make sure your mappings are configured the same as in the screenshots below.
In the next menu ("Set provisioning scope"), you can select specific groups that you would like to provision and grant access to Comeet's app. If no specific groups are selected, by default all Google Workspace users will be provisioned to the Comeet app. Once done hit “FINISH”.
At this point, user provisioning should be activated:
However, you might encounter a #503 error. If you do, simply press on the “Activate Provisioning” button again.
Once user provisioning has been activated, Google Workspace will start synchronizing the relevant groups/users that have been provisioned. The synchronization might take some time to complete. You can view how many users have been provisioned by looking at the “User provisioning” menu in your Google Workspace (for Comeet’s app).
Please note that the synchronization is done using user’s email addresses, so you need to make sure that each user is registered with the same email address in both Google Workspace and Comeet. If there are any users that don’t have a matching email address, we will show a notification about it in the Authentication menu in Comeet's system settings.
Once at least one user that has been provisioned and synchronized, you can activate the SSO integration by pressing on the button that reads “Activate”.
Once the integration is activated, all users will be required to login to the system using SSO.
If you have encountered any problems during the setup of the integration or if you have any questions, please contact our support team at email@example.com. We’ll be happy to assist you with the configuration and activation of the SSO integration or answer any questions you may have.
Sign up using SSO
- Sign up from Comeet’s website – users are redirected to sign in on your company’s SSO. If they are already signed up, they will be re-directed to Comeet.
- Sign in through the list of apps in your organization (from Google Workspace).
Q: When trying to sign in with Google Workspace SSO I get an error message: "Provided application is not a SAML app".
This error means that you were using a Google account that is not connected with Comeet. Sign in to your Google account that is connected with Comeet and try again.
Q: What happens when an employee leaves the company?
Once the employee has been de-provisioned in Google Workspace, their access to Comeet will be blocked. On the teammates page, the employee will be marked as “Deactivated by SSO”. To reassign tasks and roles of employees that no longer have access to Comeet, click on “Deactivate” and choose the teammate to whom you would like to assign their current tasks.
Q: How permissions and roles in Comeet are managed?
Google Workspace serves as an access control mechanism. Role permissions are set by the company’s directory services. Teammates’ permissions in Comeet are determined by the company roles and position roles in Comeet.