Comeen

This guide explains how to configure SAML 2.0 Single Sign-On (SSO) between Okta and Comeen Play.

- Enable secure SSO via Okta
- Restrict access based on SAML attributes

___________________________________________________________

Access to: Settings → Authentication → SAML SSO

- Admin access to Okta
- Admin access to Comeen Play
- Access to: Settings → Authentication → SAML SSO

Scroll to service provider information section:

Keep this page open and proceed to the next step in a new tab.

1. Log in to your Comeen account
2. Go to Settings

3. Open the Authentication tab

4. Enable SAML SSO

5. Click Configure SAML

6. Scroll to service provider information section:

7. Keep this page open and proceed to the next step in a new tab.

In Comeen Play, copy the SP ACS URL and paste it into the Single Sign-On URL field in Okta. Do the same with the SP Entity ID, which you need to paste into the Audience URL field in Okta. For the Name ID format, select EmailAddress. For the Application username, choose whichever value you prefer to use.

Map the correspondence between the names of attributes in Comeen and Okta and save.

In Okta, copy the Identity Provider Single Sign-On URL and paste it into the IdP SSO URL field in Comeen Play. Do the same with the Identity Provider Issuer, which you need to paste into the IdP Entity ID field in Comeen Play.

And the X.509 Certificate in the IdP Certificate:

1. Log in to your Okta account
2. Select the application tab
3. Click on "Create App Integration"
4. Select SAML 2.0

5. Add Name, Logo and click on next
6. In Comeen Play, copy the SP ACS URL and paste it into the Single Sign-On URL field in Okta. Do the same with the SP Entity ID, which you need to paste into the Audience URL field in Okta. For the Name ID format, select EmailAddress. For the Application username, choose whichever value you prefer to use.

7. Click on Next and Finish
8. Click on Sign On

9. Go to Attribute statements

10. Map the correspondence between the names of attributes in Comeen and Okta and save.

11. Click on View SAML setup instructions
 
 
12. In Okta, copy the Identity Provider Single Sign-On URL and paste it into the IdP SSO URL field in Comeen Play. Do the same with the Identity Provider Issuer, which you need to paste into the IdP Entity ID field in Comeen Play.
 And the X.509 Certificate in the IdP Certificate:

13. Save Configuration

Step 3 - Automatic Role &amp; Group Synchronization

Users are automatically assigned roles based on SAML attributes

Users are added to groups based on SAML attributes

Mappings must be configured in Roles and User Groups settings

- Users are automatically assigned roles based on SAML attributes
- Users are added to groups based on SAML attributes
- Mappings must be configured in Roles and User Groups settings

Go to User Attribute Synchronization and Enable automatic role and group synchronization.

1. Open SAML configuration
2. Go to User Attribute Synchronization and Enable automatic role and group synchronization.

Enter an attribute name that you will use in Okta

Enter the value that must be entered about the user in order for them to be associated with the group. If the SAML attribute city contains <code>Bordeaux</code>, the user will automatically be added to the Bordeaux group in Comeen.

⚠ Attribute matching is case-sensitive.

In Okta, got to the Comeen App and click on Sign On

1. Go to User Group page
2. Edit the group you want to map
3. Click on Add Mapping
4. Enter an attribute name that you will use in Okta
5. Enter the value that must be entered about the user in order for them to be associated with the group. If the SAML attribute city contains <code>Bordeaux</code>, the user will automatically be added to the Bordeaux group in Comeen.
 ⚠ Attribute matching is case-sensitive.
 
 
6. In Okta, got to the Comeen App and click on Sign On

7. Go to Attribute statements
 
 
8. Add attribute and Save

In the Conditional Access section:

Access Control Attribute: appAccess Required Attribute Value: comeen-play

If configured: → Only users with <code>appAccess = comeen-play</code> can log in.

If left empty: → All authenticated users can log in.

Step 5 - Enable SSO as Default Login Method

This automatically redirects users to Okta without displaying the local login screen.

Assign the Comeen Play application to a test user in Okta

- Redirection to Okta
- Successful login
- Automatic user creation
- Proper group/role assignment

1. Assign the Comeen Play application to a test user in Okta
2. Open a private/incognito browser window
3. Navigate to your Comeen Play URL
4. Verify:
   - Redirection to Okta
   - Successful login
   - Automatic user creation
   - Proper group/role assignment

SAML - Okta Configuration

Comeen Website

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Empty Help Center

Uh oh. That page doesn’t exist.

Home

Search

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

SAML - Okta Configuration

Objective

Prerequisites

Step 1 - Enable SAML

Step 2 - Create Comeen Play app in Okta

Step 3 - Automatic Role & Group Synchronization

Group Mapping

Step 4 - Conditional Access (Optional)

Step 5 - Enable SSO as Default Login Method

Step 6 - Testing the Configuration