Back button image

Set Up Enterprise Sign-In (SSO)

Set up a SAML-based single sign-on (SSO) option for your global GoTo account to provide a simplified sign-in experience for your users.

Before you begin:
  • You must have a GoTo product account.
  • This is an advanced task typically performed by your IT Admin.
  • Please excuse our mess as we improve your account database. We are in the process of migrating all accounts to the new account settings feature. To determine your account database:

Step #1: Set up your organization

Create your organization by verifying at least one (1) domain used by your company.

Domains within your organization are wholly-owned email domains. For example, in the email Joe@main.com, "main.com" is the email domain. Verifying the initial domain automatically creates your organization. You can also add more domains to verify, or delete any domains you no longer need listed.

  1. Sign in to the GoTo Organization Center at https://organization.logmeininc.com.
  2. The first screen will ask that you verify that you own the domain for the account with which you are signed in currently. You are provided two methods for setting up domain validation, each of which uses a unique verification code to complete the verification. Copy the verification value to your clipboard.
    Note: The verification screen will display until the domain is verified. If it takes you longer than 10 days to verify the domain, the system will automatically generate new verification codes for your domain the next time you visit the Organization Center.
  3. Paste the verification code into the DNS record or a text file for upload to one of the locations, depending on which of the verification methods you choose: 

    • Method 1: Add a DNS record to your domain zone file. To use the DNS method, you place a DNS record at the level of the email domain within your DNS zone. Typically, users are verifying a “root” or “second level” domain such as “main.com”. In this case, the record would resemble:

      @ IN TXT “logmein-verification-code=668e156b-f5d3-430e-9944-f1d4385d043e”

      OR

      main.com. IN TXT “logmein-verification-code=668e156b-f5d3-430e-9944-f1d4385d043e”

      If you require a third-level domain (or subdomain) such as “mail.example.com” the record must be placed at that subdomain, such as:

      mail.main.com. IN TXT “logmein-verification-code=668e156b-f5d3-430e-9944-f1d4385d043e”

      For more detailed documentation, see Add a TXT DNS record.

    • Method 2: Upload a web server file to the specified website. Upload a plain-text file to your web server root containing a verification string. There should not be any whitespace or other characters in the text file besides those given.
      • Location: http://< yourdomain >/logmein-verification-code.txt
      • Contents: logmein-verification-code=668e156b-f5d3-430e-9944-f1d4385d043e
  4. Once you have added the DNS record or text file, return to the domain status screen and select Verify.

Step #2: Configure an Identity Provider

We support SAML 2.0 Identity Providers to include the following:
  • Microsoft Active Directory Federation Services (AD FS)

    Active Directory Federation Services is a feature of the Windows Server operating system that extends user's Windows sign-on access to other applications outside the corporate network. You can configure AD FS to work as an Identity Provider for GoTo's products. Learn how to configure AD FS 2.0 or AD FS 3.0.

  • Third-party Identity and Access Management Providers

    Many third-party Identity and Access Management partners offer SSO as part of their feature set, including:

  • If your Identity Provider is not listed, proceed to Set Up a Custom Enterprise Sign-In Configuration.

Step #3: Add your Identity Provider to the Organization Center

We recommend that you automatically add the Identity Provider to the Organization Center by using the link to your Identity Provider's metadata file if they have provided one. Since the metadata file is generated, it is less prone to typographical errors.

If your Identity Provider does not supply a metadata file, you will need to manually add your Identity Provider.

  1. Sign in to the GoTo Organization Center at https://organization.logmeininc.com.
  2. Select the Identity Provider tab.
  3. If you have a metadata file from your IdP:
    1. Choose Automatic from the drop-down menu.
    2. Enter the Metadata URL.
  4. If you do not have a metadata file from your IdP:
    1. Choose Manual from the drop-down menu.
    2. Enter the data provided by your Identity Provider:
    Option Description
    Sign-in page URL Enter the full IdP URL path. It must begin with https://.
    Sign-in binding Select Redirect or POST.
    Sign-out page URL Enter a URL where you want your users redirected upon sign-out.
    Sign-out binding Select Redirect or POST.
    Identity Provider Entity ID Location of the globally unique name for your IdP as a SAML entity.
    Verification certificate The IdP’s public certificate used to verify incoming responses from the IdP. You can add it by uploading (select Upload certificate to import the certificate from a saved location) or copy and paste the text of the certificate.
    Tip: If you choose to copy and paste the text of the certificate, it is required that the field starts with -----BEGIN CERTIFICATE----- and ends with -----END CERTIFICATE-----.
  5. Select Save.

Step #4: Test your SSO setup

  1. Sign in to your LogMeIn Central account to test your newly established Enterprise Sign-In setup.
    Note: If you are not automatically redirected, select My Company ID, then enter your email address and select Continue.
  2. Enter your company credentials, then proceed to sign in.

(Optional) Request to enforce Enterprise Sign-In

If you are interested in enforcing enterprise sign-in as the only sign-in method available for your LogMeIn Central users, select the  Contact Support option in this article for assistance.
Note: We can create an exclusion list, but this exclusion list will only apply to users with a Member role. We cannot exclude Admins and Super admins.
Related Articles: