Create the Comeet application in the Azure Active Directory
- Azure Active Directory -> Enterprise Applications -> New Application -> Non gallery application. Set the name of the Application. Click “Save”
- On the tab “Properties” upload the following Comeet logo
- Check that next properties set to YES on the Properties tab:
* Enabled for users to sign-in
* User assignment required
* Visible to users
- Copy the User access URL
- Go to Comeet –> Settings –> Authentication and click on Microsoft Azure and paste the User access URL in the correct field
Set up SSO (Single sign on)
- Go to the Single sign on tab
- Select SAML-base Sign-on
- Copy Identifier URL from within Comeet –> Settings –> Authentication –> Microsoft Azure and set the Identifier in Azure with the value taken Comeet
- Copy Reply URL from within Comeet –> Settings –> Authentication –> Microsoft Azure and set the Reply URL in Azure with the value taken Comeet
- Set the User identifier to user.mail
- Select checkbox “View and edit all other user attributes”
- Add attribute: comeet_id<->user.userprincipalname and remove others.
- Set notification email and click Save
- Download metadata, open and copy
- Paste the Metadata in correct field in Comeet
Set up Provisioning (synchronization)
- Go to tab “Provisioning”
- Set Provisioning Mode to automatic
- Set Tenant URL : https://app.comeet.co
- Paste to Secret Token value taken from Comeet (Settings->Authentication->Microsoft)
- Click “Test Connection”. If successful -> Save. If not – check that SSO settings are saved on Comeet
- Go to “Mappings” and disable group provisioning
- Change mappings for “Synchronize Azure Active Directory Users to customapp”:
- Remove unnecessary attributes
- Change attribute “mailNickname”. Set Matching precedence to 2.
- change attribute “userPrincipalName”. Set Match objects using this attribute to Yes. Set Matching precedence to 1
- Save changes.
- Save general changes of the tab
- Assign users and group on the tab “Users and groups”
- Go to “Provisioning” tab
- Set Provisioning status to ON
- Create a group that includes everyone in the company
- Set Scope to “Sync only assigned users and groups”
- Select checkbox “Clear current state and restart synchronization” (it is enforcing of the synchronization)
- Save changes.
Refersh page after a couple of minutes. Under “Summary” see the status of the synchronization.
NOTE: Synchronization happens automatically every 20 minutes.
Q: How permissions and roles in Comeet are managed?
ADFS allows or disallows teammates to sign in to Comeet. Teammates permissions in Comeet are determined by the company roles and position roles in Comeet.