FAQ

Using PingOne with LogMeIn Central

Issue

Objective

Environment

Procedure

Answer

Using PingOne with LogMeIn Central

How to integrate LogMeIn Central with PingOne.

Prerequisites

A live IdP environment must be configured before implementing federated authentication for LogMeIn.

See PingOne's Support Site.

Note: LogMeIn requires SAML 2.0 for Single Sign-On authentication. SAML 1.1 is not supported.

Set up LogMeIn Common Login Service as an application

The Identity Provider must be configured to trust the LogMeIn Common Login Service (CLS) as a Service Provider. CLS is LogMeIn’s own shared authentication service that provides single login experience for LogMeIn products and services on every platform.

You must add LogMeIn CLS as an application in Ping Identity to allow a trust relationship to be established between your network and LogMeIn.

  1. Log into your Ping Identity account at https://admin.pingone.com/web-portal/login.
  2. On the Applications tab, go to My Applications and select Add Application.
  3. Input all data in the Application Details wizard.
    Option Description
    Field Input or Action
    Application Name Enter a unique name for LogMeIn CLS
    Application Description Enter a description for LogMeIn CLS (optional)
    Graphics Upload a logo for the LogMeIn CLS application (optional)
  4. Click Continue to Next Step.

    The Application Configuration screen is displayed.

Configure CLS connection

From PingOne's Application Configuration screen the CLS connection must be configured

  1. Select the I have the SAML configuration option.
  2. Input all data in the Application Configuration wizard as shown in the table below. If not specified, leave the other configuration fields empty.
    Field Input
    Protocol Version SAML v2.0
    Assertion Consumer Service (ACS) https://accounts.logme.in/federated/saml2.aspx?returnurl=https%3A%2F%2Fsecure.logmein.com%2Ffederated%2Floginsso.aspx
    Entity ID https://accounts.logme.in/
    Important: Must be unique across all applications.
    Application URL https://accounts.logme.in/
  3. Click Continue to Next Step.

    The SSO Attribute Mapping screen is displayed.

Configure CLS attributes

From the SSO Attribute Mapping screen, a unique identifier attribute must be configured. The identifier represents the shared identifier between the IdP and LogMeIn, allowing users to access LogMeIn services.

Note: The identifier can include any string value.
  1. Add the following attributes in the SSO Attribute Mapping wizard by clicking Add new attribute. Leave the As Literal and Required options unchecked.
    Application Attribute Identity Bridge Attribute or Literal Value
    Email Email Address
    FirstName First Name
    LastName Last Name
  2. Once all attributes are added, click Save & Publish.

    The Review Setup screen is displayed.

Provide Information to LogMeIn

Once the IdP configuration is complete, you must provide the information to LogMeIn.

If you do not have an account representative, contact support.

  1. On the Review Setup screen, download the following files and send them to your LogMeIn representative.
    Information Instructions
    Certificate The X.509 certificate used to encrypt and sign SAML 2.0 assertions.
    SAML Metadata The metadata document describing the endpoint addresses for communication.

    Once your LogMeIn representative has configured the SAML 2.0 connection using the information provided, your users gain access to the appropriate LogMeIn account and permissions via the IdP as the authentication source. It may take up to 30 minutes for the SSO service to be established for the first time.

    Tip: To test the service, go to the CLS application on the Connections page at https://admin.pingone.com/web-portal/.

Cause

Resolution

Additional Information