If your company is using Google Workspace (formerly G-Suite) then company employees who were invited to Comeet can sign in to Comeet using their Google account. This option is built-in to Comeet and doesn't require any action on your side.
This article explains how to integrate Google Workspace to Comeet as a Single Sign-On. This integration allows you to:
Enforce users to sign in with their Google account.
Import new users with ease - users in Google Workspace can easily be added to Comeet.
Off-boarding users - user’s access to Comeet is blocked automatically when they are blocked on Google Workspace.
Requirements
Access to Comeet's Authentication settings menu. The integration can be set up by the following company roles in Comeet: Owner, Admin and IT Admin.
Admin access to Google Workspace.
Please note adding and provisioning users in SSO does not automatically invite them to Comeet. This will need to be done by one of the existing Comeet users, you can find the instructions here. |
Configuration instructions
Before configuring the SSO connection, we recommend to raise a ticket with us, letting us know you are going to activate the SSO, so we could promptly help you with deactivation if anything goes wrong.
We also recommend to open the G-Suite and Comeet Authentication & Security page side by side for easy data entry.
Google's version of this guide can be found here.
Step 1
Connect to your G-Suite Workspace: https://admin.google.com/.
Step 2
Select "Web and mobile apps" in the "Apps" menu and press the "+" sign to add a new app.
Step 3
Search for "Comeet" and select the Comeet app.
On the next menu, download the IDP metadata XML file (under Option 1) and proceed to the next step.
Step 4
Open the Metadata file in text editor and copy the contents. Paste into the SAML Signing Certificate field in Comeet:
Step 5
Copy the ACS URL and Entity ID from Comeet:
and paste it into the corresponding fields in G-Suite:
Step 6
Make sure the “Name ID Format” is set to “EMAIL” and press Continue to proceed to the next step.
Step 7
In the "Attribute mapping" menu, under Google Directory attributes, select Primary email under Basic Information in the dropdown:
You should be redirected to the main page:
Step 8
In G-Suite, click on Configure Autoprovisioning:
Copy the Secret Token from Comeet:
And paste under App Authorization field in G Suite:
Step 9
In the "Map attributes" menu, review the “Comeet attributes” section and make sure your mappings are configured the same as in the screenshots below.
Step 10
Under Provisioning Scope, please select the relevant user group(s) OR, if you'd like all the company users to be auto-provisioned, leave this field empty:
Step 11
Under Deprovisioning, make sure the values are set as following:
Step 12
Back on main screen of Comeet app in G-Suite, click on View Details under User Access section.
This configuration will determine if the Comeet app will be visible to the user in G-Suite. You can select the relevant groups of users OR just choose ON for everyone:
Step 13
Once Comeet's app is available in G-Suite, find it under the Apps menu
Right click on the Comeet app and copy link address:
Step 14
Navigate back to the Authentication menu in Comeet's system settings and paste the copied value in the "SAML SSO url" field. Once done press "Connect".
Step 15
Back in G-Suite -> Comeet App, activate the Autoprovisioning:
On the next screen click Turn On under Status:
Step 16
Please make sure you and the Comeet account Owner are provisioned and synchronized, you can activate the SSO integration in Comeet by clicking Activate:
If you have encountered any problems during the setup of the integration or if you have any questions, please contact our support team at support@comeet.co. We’ll be happy to assist you with the configuration and activation of the SSO integration or answer any questions you may have.
Invite teammates to Comeet
To invite new teammates to Comeet:
Ensure the new teammate was created in the SSO system and provisioned to access Comeet.
Navigate to the Teammates page and click Add Teammate.
Start typing the teammate's name and select their name from the dropdown.
Click Invite.
Sign up using SSO
Sign up from Comeet’s website – users are redirected to sign in on your company’s SSO. If they are already signed up, they will be re-directed to Comeet.
Sign in through the list of apps in your organization (from Google Workspace).
FAQ
Q: When trying to sign in with Google Workspace SSO I get an error message: "Provided application is not a SAML app".
This error means that you were using a Google account that is not connected with Comeet. Sign in to your Google account that is connected with Comeet and try again.
Q: What happens when an employee leaves the company?
Once the employee has been de-provisioned in Google Workspace, their access to Comeet will be blocked. On the teammates page, the employee will be marked as “Deactivated by SSO”. To reassign tasks and roles of employees that no longer have access to Comeet, click on “Deactivate” and choose the teammate to whom you would like to assign their current tasks.
Q: How permissions and roles in Comeet are managed?
Google Workspace serves as an access control mechanism. Role permissions are set by the company’s directory services. Teammates’ permissions in Comeet are determined by the company roles and position roles in Comeet.