Set up identity and access manager (IAM) provider
The Identity Provider tab within the Organization Center lets you configure your Identity Provider (IdP) relationship to establish single sign-on for your organization's users. Whichever single sign-on configuration method you choose, you must finalize the relationship with LogMeIn using the Identity Provider tab to complete the setup.
The Identity Provider tab supports all configurations. IT Administrators can configure it automatically using a metadata URL or or uploading a SAML metadata file, or they can configure it manually with sign-in and sign-out URLs, an identity provider ID and an uploaded verification certificate.
When you set up an Identity Provider, you are establishing the landing point for authentication requests, the trusted certificate that is used by the Identity Provider to encrypt authentication calls, the IdP’s formal Entity ID, and (optionally,) a landing page for logouts.
You can set up this configuration either automatically or manually – you cannot do both. If you save one after the other, the last save is accepted.
Back to Organization Center Contents
Automatic Identity Provider setup
The easiest and most robust way to configure SSO is to use a link to your Identity Provider's metadata file if they provide one. The metadata contains additional information that the IdP can use to make the transaction more secure. In addition, since the metadata file is generated, the method is less prone to typographical errors.
1. Log into the Organization Center.
2. In the Identity Provider tab, choose Automatic.
3. Enter the Metadata URL for your Identity Provider.
4. Click Save. The metadata file is uploaded and configures the relationships correctly.
Manual Identity Provider setup
Not all IdPs support a metadata implementation. To set up a manually configured IdP relationship, you enter key data that will get built into the SAML assertions.
1. Log in to the Organization Center.
2. In the Identity Provider tab, choose Manual.
3. Enter the data provided by your Identity Provider:
- Sign-in page URL - The IdP’s landing page for authentication requests.
- Sign-out page URL – Optional: This is the URL where the user is redirected upon log-out.
- Identity Provider Entity ID – Location of the globally unique name for your IdP as a SAML entity.
- Verification certificate – The IdP’s public certificate used to verify incoming responses from the IdP.
For the verification certificate, you can copy-and-paste the certificate contents as text into the entry form, or choose Upload certificate to import the certificate from a disk location. Both options result in the certificate being pulled into the page and displayed as shown.
4. Click Save. The configuration is stored in the LogMeIn account service.