Single Sign-On with ADFS (Microsoft Azure Active Directory Federated Services)

Connect your Single-Sign-On account with Comeet and reap the benefits of allowing your teammates to sign in easily and automatically sync with your ADFS people management setup.

 

In order to integrate the Comeet application on Azure, please make sure you have the appropriate plan starting from Premium P1. For more information please click here.

Create the Comeet application in the Azure Active Directory

  1. Azure Active Directory -> Enterprise Applications -> New Application -> Non gallery application. Set the name of the Application. Click “Save”
  2. On the tab “Properties” upload the following Comeet logo
  3. Check that next properties set to YES on the Properties tab:
    * Enabled for users to sign-in
    * User assignment required
    * Visible to users
  4. Copy the User access URL
  5. Go to Comeet –> Settings –> Authentication and click on Microsoft Azure and paste the User access URL in the correct field

Set up SSO (Single Sign-On)

  1. Go to the Single sign on tab
  2. Select SAML-base Sign-on
  3. Copy Identifier URL from within Comeet –> Settings –> Authentication –> Microsoft Azure and set the Identifier in Azure with the value taken Comeet
  4. Copy Reply URL from within Comeet –> Settings –> Authentication –> Microsoft Azure and set the Reply URL in Azure with the value taken Comeet
  5. Set the User identifier to user.mail
  6. Select checkbox “View and edit all other user attributes”
  7. Add attribute: comeet_id<->user.userprincipalname and remove others.
  8. Set notification email and click Save
  9. Download metadata, open and copy
  10. Paste the Metadata in correct field in Comeet

Set up Provisioning (synchronization)

  1. Go to tab “Provisioning”
  2. Set Provisioning Mode to automatic
  3. Set Tenant URL : https://app.comeet.co
  4. Paste to Secret Token value taken from Comeet (Settings->Authentication->Microsoft)
  5. Click “Test Connection”. If successful -> Save. If not – check that SSO settings are saved on Comeet
  6. Go to “Mappings” and disable group provisioning
  7. Change mappings for “Synchronize Azure Active Directory Users to customapp”:
    • Remove unnecessary attributes
    • Change attribute “mailNickname”. Set Matching precedence to 2.
    • change attribute “userPrincipalName”. Set Match objects using this attribute to Yes. Set Matching precedence to 1
    • Save changes.
  8. Save general changes of the tab

Start synchronization

  1. Assign users and group on the tab “Users and groups”
  2. Go to “Provisioning” tab
  3. Set Provisioning status to ON
  4. Create a group that includes everyone in the company
  5. Set Scope to “Sync only assigned users and groups”
  6. Select checkbox “Clear current state and restart synchronization” (it is enforcing of the synchronization)
  7. Save changes.

Refersh page after a couple of minutes. Under “Summary” see the status of the synchronization.
NOTE: Synchronization happens automatically every 20 minutes.

FAQ

Q: What happens when an employee leaves the company?
The teammate will no longer be able to log in to Comeet. On the teammates page the person will be marked as “Deactivated by SSO”.
To reassign tasks and roles of employees that leave click “Deactivate” and choose the teammate to whom to assign current tasks.

Q: How permissions and roles in Comeet are managed?
ADFS allows or disallows teammates to sign in to Comeet. Teammates permissions in Comeet are determined by the company roles and position roles in Comeet.

Have more questions? Contact us at support@comeet.co