This article explains how to configure Single Sign-On (SSO) between Microsoft Entra ID and Comeen Play using the SAML 2.0 protocol.
With this configuration, users authenticate through Microsoft Entra ID and are automatically logged into Comeen Play.
Prerequisites
You have admin access to Microsoft Entra ID
You have access to Comeen Play settings
Step 1 - Create the SAML application in Microsoft Entra ID
Go to the Microsoft Entra admin center
Navigate to Enterprise applications
Click New application
Click Create your own application
Enter a name (e.g. Comeen Play)
Select Integrate any other application you don't find in the gallery (Non-gallery)
Click Create
Once created:
Open the application
Go to Single sign-on
Select SAML
Keep this page open - you will need it for the next steps.
Step 2 - Configure the Identity Provider in Comeen Play
Go to Comeen Play β Settings
Click Authentication
In the SAML SSO section, enable Enable this authentication method
Click Configure SAML
In Microsoft Entra ID:
In the SAML configuration page, locate the section Set up Comeen Play
Copy the following values:
Login URL
Microsoft Entra Identifier
Now, locate the "SAML Certificates" section, and click on the 'Download' button next to 'Certificate (Base64)
Open the downloaded file with a text editor and copy the whole text.
In Comeen Play:
Paste these values into the corresponding fields:
IdP SSO URL β Login URL
IdP Entity ID β Microsoft Entra Identifier
IdP Certificate β Text contained in the downloaded certificate
Step 3 - Configure the Service Provider in Microsoft Entra ID
In the Comeen Play SAML configuration window, copy the following values under the 'Service Provider Information':
ACS (Assertion Consumer Service) URL
Entity ID
Then go back to Microsoft Entra ID:
In the SAML configuration page, click Edit in the Basic SAML Configuration section
Fill in:
Identifier (Entity ID) β paste the Comeen Entity ID
Reply URL (ACS URL) β paste the Comeen ACS URL
(Optional) Add:
Sign-on URL β Comeen Play login URL
Click Save
Step 4 - Configure user attributes and claims
In Microsoft Entra ID:
Go to Attributes & Claims
Ensure the following mapping exists:
Claim name | Value |
user.mail | |
displayname | user.displayname |
3. Set the NameID format to Email address
You can also add additional attributes if needed (first name, last name, groups, etc.)
Step 5 - Assign users to the application
Go to Users and groups
Click Add user/group
Select the users or groups who should access Comeen Play
Click Assign
Step 6 - Save and test the SSO login
Save the configuration in both:
Microsoft Entra ID
Comeen Play
Open the Comeen Play login page
Start the login process
You should be redirected to Microsoft Entra ID to authenticate, then back to Comeen Play.
Step 7 (optional) - Automatic role and group synchronization
Comeen Play can automatically assign roles and groups based on SAML attributes.
Enable synchronization
Open the SAML configuration in Comeen Play
Go to User Attribute Synchronization
Enable Automatic role and group synchronization
Group or Role mapping
To automatically assign users to groups:
Go to User Groups or Roles in Comeen Play
Edit a group
Click Add Mapping
Enter:
Attribute name (e.g.
department)Expected value (e.g.
Marketing)
If the SAML attribute matches, the user is automatically added to the group or assigned the corresponding role.
β οΈ Attribute matching is case-sensitive.
Troubleshooting tips
Ensure the email address matches between Entra ID and Comeen
Verify the certificate is correctly copied and saved on Comeen
Check that users are assigned to the application
Confirm the ACS URL and Entity ID are correctly configured
Your SAML SSO setup with Microsoft Entra ID is now complete.