This article provides an overview of the available user provisioning and authentication methods in Comeen Play, helping you understand how users can access the platform and how their accounts are created and managed.
1. User Provisioning Overview
Comeen Play offers flexible user provisioning options. Pre-creating user accounts is not always required, as accounts can be created dynamically when users log in.
The following provisioning methods are available:
Manual Creation
Administrators can manually create users directly from the Comeen Play interface.
CSV Import
Users can be imported in bulk using a CSV file, allowing for efficient onboarding of multiple users at once.
Just-In-Time Provisioning (JIT)
User accounts are automatically created at the time of their first login via SAML authentication (see section below).
API Provisioning
An API method is available to allow customers to integrate their own systems and manage user provisioning programmatically. For more information on how to use this capability, please reach out to your Customer Success Manager or Support.
2. Authentication Methods
Comeen Play supports multiple authentication methods to accommodate different organizational needs. Each method can be enabled or disabled depending on your configuration:
Google Authentication
Users can sign in using their Google account.
Microsoft Authentication
Users can authenticate via their Microsoft account.
Email and Password
A local authentication method using email and password is also available.
SAML (Single Sign-On)
Comeen Play supports SAML-based authentication, enabling integration with Identity Providers (IdP) such as Okta, Ping Identity, or Azure AD.
3. Just-In-Time (JIT) Provisioning
Just-In-Time provisioning is a key feature of Comeen Play when using SAML authentication. It can be enabled or disabled depending on your needs, allowing you to use SAML for authentication only if preferred.
How it works
When JIT provisioning is enabled, if a user attempts to log in via a SAML Identity Provider and does not yet have an account in Comeen Play, their account is automatically created at the time of login.
Benefits
No need for prior user synchronization
Simplified integration with existing identity systems
Reduced administrative overhead
Ability to assign user roles and user groups dynamically based on SAML attributes
Role Management
User roles can be assigned dynamically during the JIT process by mapping specific SAML attributes sent by the Identity Provider.
4. SCIM Protocol Considerations
SCIM (System for Cross-domain Identity Management) has not been implemented for Comeen Play. Unlike other platforms, Play does not require users to have a pre-existing account before their first login.
Thanks to SAML authentication and Just-In-Time provisioning, user accounts are created automatically at the time of connection, making SCIM unnecessary for this use case.
Summary
Comeen Play provides a flexible and modern approach to user management:
Multiple authentication methods (SSO Google, SSO Microsoft, Email/Password, SAML)
Automatic user creation via Just-In-Time provisioning
Optional manual and CSV-based provisioning
This approach allows organizations to integrate quickly with their identity systems while minimizing setup complexity.