English

Change

Change

FAQ

How do I update my company’s Enterprise Sign-In setup?

Enterprise Sign-In (also known as "SAML single sign-on" or "SSO") allows your users to log in to GoTo products using the same username and password that they might use to log in to their Windows computer or their work email.

Due to the merger between GoTo products and LogMeIn, many of our products and services must be updated, including Enterprise Sign-In. If you are the IT Administrator for a company that uses Enterprise Sign-In, you will need to update your setup to ensure uninterrupted service.

The way in which you or your IT Admin configured Enterprise Sign-In for your account will determine what actions (if any) that you need to take. Please see below for the scenario that applies to you:

Please also see our Account Alert FAQs for more info about additional actions you may need to take to update your account.

I used Okta, G Suite, or OneLogin

If you used one of the pre-configured packages offered by one of our official third-party partners when you set up Enterprise Sign-On for your account, then you don’t need to take any further action! All updates will be made on your behalf by those teams to ensure uninterrupted service.

These third-party partners include:

I used Active Directory Federation Services

If you used AD FS to set up your Enterprise Sign-In configuration, then you can complete the following steps to update the trust relationship with LogMeIn.

  1. Open the AD FS management console.
  2. In the left navigation, expand AD FS > Trust Relationships.
  3. Select the trust relationship associated with your GoTo application to open its properties (login.citrixonline.com).
  4. From here you have 2 options for updating the info:
    1. To update the info automatically, open the "Monitoring" tab.
      • In the"Relying party's federation metadataurl" field, enter https://authentication.logmeininc.com/saml/sp.
      • Enable the "Automatically update relying party" checkbox if not already checked.
      • Select "Test URL" and ensure the test is successful.
      • Once the timestamp on "This relying party was last updated from Federation metadata on " is updated, you should check to make sure all info has been properly updated. Use the instructions below for updating the info manaully to see all the locations where data should be updated.
    2. To update the info manually, open the “Identifiers” tab.
      • In the "Relying party identifier" field, enter https://authentication.logmeininc.com/saml/sp.
      • In the "Endpoints" tab, under "SAML Assertion Consumer Endpoints" update the URL to authentication.logmeininc.com instead of login.citrixonline.com.
      • Under "SAML Logout Endpoints" set the value https://authentication.logmeininc.com/saml/SingleLogout with the "POST" binding.
      • In "Signature" tab, upload the certificate from https://link.logmeininc.com/saml-cert.
      • Click OK when finished. Then do a test login to ensure everything was updated correctly.
  1. Return to the Organizer Center at https://organization.logmeininc.com. You will be automatically prompted to confirm that your IdP has been updated.
  2. Enable the “My Identity Provider has been updated with the new domain” checkbox.
  3. Click Done when finished.

I used Azure

If you used the Azure Active Directory App to set up your Enterprise Sign-In configuration, then you can complete the following steps to update the trust relationship with LogMeIn.

  1. Log into the Azure Management Portal using your Global Admin credentials
  2. In the Azure Active Directory service click Enterprise Applications.
  3. Click All Applications in the left navigation, then search for "GoToMeeting".
  4. Once you find the application, click on it to edit it.
  5. Click the Single-Sign On link on the left navigation and it will open the Single Sign on page for editing. Previously no configuration values are required for this application. But now as we are moving to the newer endpoints we must enter those specific URLs in the configuration.
  6. Click Show Advanced URL configuration and you will be able to see the text box where we can configure the newer endpoints.
  7. Please configure the URLs as shown below to enable IdP- and SP-initiated SSO.
    • Sign on URL: [keep this blank]
    • Identifier: https://authentication.logmeininc.com/saml/sp
    • Reply URL: https://authentication.logmeininc.com/saml/acs
    • RelayState:
      • For GoToMeeting App, use https://global.gotomeeting.com
      • For GoToTraining, use https://global.gototraining.com
      • For GoToWebinar, use https://global.gotowebinar.com
      • For GoToAssist, use https://app.gotoassist.com
  8. Save the settings.
  9. Make sure that you have assign the application to test users and/or groups.
  10. Return to the Organizer Center at https://organization.logmeininc.com. You will be automatically prompted to confirm that your IdP has been updated.
  11. Enable the “My Identity Provider has been updated with the new domain” checkbox.
  12. Click Done when finished.

I used SecureAuth

If you used SecureAuth to set up your Enterprise Sign-In configuration, then you can complete the following steps to update the trust relationship with LogMeIn.

  1. Log in to SecureAuth and go to the SAML Assertion/WS Federation section (as shown in Step #8 of the SecureAuth for GoToMeeting Configuration Guide).
  2. Update the SAML Consumer URL to be https://authentication.logmeininc.com/saml/acs.
  3. Update the SAML Audience to be https://authentication.logmeininc.com/saml/sp.
  4. Save your settings. Then do a test login to ensure everything was updated correctly.
  5. Return to the Organizer Center at https://organization.logmeininc.com. You will be automatically prompted to confirm that your IdP has been updated.
  6. Enable the “My Identity Provider has been updated with the new domain” checkbox.
  7. Click Done when finished.

I used PingOne

If you used PingOne to set up your Enterprise Sign-In configuration, then you can complete the following steps to update the trust relationship with LogMeIn.

  1. Log in to https://admin.pingone.com/web-portal/dashboard.
  2. Select the "Applications" tab.
  3. Select the GoTo application, then click Edit.
  4. From here you have 2 options for updating the info.
    • To update the info automatically, select the “Or use URL” link and enter our new metadata URL, https://authentication.logmeininc.com/saml/sp.
    • To update the info manually instead, follow the same instructions detailed under I used a custom SAML setup below.
  5. Save your settings. Then do a test login to ensure everything was updated correctly.
  6. Return to the Organizer Center at https://organization.logmeininc.com. You will be automatically prompted to confirm that your IdP has been updated.
  7. Enable the “My Identity Provider has been updated with the new domain” checkbox.
  8. Click Done when finished.

I used a custom SAML setup

No matter which service provider is acting as the IdP, the following fields must be updated in the trust relationship to ensure that the IDP is pointing to the authentication.logmeininc.com domain.

  1. You have 2 options for updating the info.
    • If the IdP supports trust-relationship configuration via metadata URL, then you can make the updates automatically. Simply update the configuration to use our new metadata URL, https://authentication.logmeininc.com/saml/sp. Then continue on to Step 2.
    • If the IdP does not support metadata URL updates, then the following fields can be configured manually:
      • Assertion Consumer Service URL (the URL where the IdP's SAML responses are delivered to): https://authentication.logmeininc.com/saml/acs with the "POST" binding
      • Entity ID (the identifier of the IdP): https://authentication.logmeininc.com/saml/sp
      • Single-Logout Endpoint (if applicable): https://authentication.logmeininc.com/saml/SingleLogout with either the "POST" or "Redirect" binding
      • Single-Logout Response Endpoint: https://authentication.logmeininc.com/saml/SingleLogout
        Primary Verification Certificate: Upload from https://link.logmeininc.com/saml-cert.
  2. Once the information in your IdP is updated, please return to the Organizer Center at https://organization.logmeininc.com. You will be automatically prompted to confirm that your IdP has been updated.
  3. Enable the “My Identity Provider has been updated with the new domain” checkbox.
  4. Click Done when finished.