Using ADFS with LogMeIn Central
How to Integrate LogMeIn Central with Microsoft Active Directory Federation Services.
Prerequisite: Set up ADFS
Set-up ADFS on your internal server network before proceeding.
A live ADFS environment with an externally addressable Microsoft Active Directory Federation Services (ADFS) server must be configured before implementing federated authentication for the host using ADFS.
ADFS is a software module downloaded and installed on Windows Server operating systems to provide users with Single Sign-On access to systems and applications located across organizational boundaries. For more information, see:
Task One: Provide information to GoTo
Provide the relevant information to GoTo and we make adjustments on your account. Contact your Account Manager to begin the ADFS process.
Task Two: Establish a Trust Relationship
Add the host software as a Relying Party Trust in AD FS 2.0 Management.
- In AD FS 2.0 Management, open the Add Relying Party Trust wizard by going to .
- Set the data as follows:
Tab Input or Action Select Data Source Select Enter data about the relying party manually specify a display name Enter the Display name as LogMeIn authentication Choose Profile Select AD FS 2.0 profile Configure URL Enter the SAML Assertion Consumer Endpoint URL: https://accounts.logme.in/federated/saml2.aspx Configure Identifiers The following URL must be added to the list of Relying party identifiers: https://accounts.logme.in Choose Issuance Authorization Rules Select Permit all users to access this relying party Ready to Add Trust Select Open the Edit Claim Rules Finish Select Finish
Task Three: Allow Data to be sent to GoTo
Add a Transform Claim Rule for GoTo.
- In AD FS 2.0 Management, open the Add Transform Claim Rule Wizard by going to .
- Set the data as follows:
Tab Input or Action Choose Rule Type Under Claim rule template select Send LDAP Attributes as Claims Configure Claim Rule Set Claim rule name to Email and name Configure Claim Rule Set Attribute store to Active Directory Configure Claim Rule Set the LDAP attributes as: - E-Mail-Addresses: E-Mail Address
- Given-Name: Given Name
- Surname: Surname
- Click Finish.
Task Four: Browser Setup (Optional)
Find out what to do if the browsers do not redirect automatically.
When users who have already authenticated to the domain try to log in to a host service via Internet Explorer and Chrome, the browser should automatically recognize their intranet URL and use NTLM for FS server authentication. If the address is not recognized as intranet, you can add the FQDN of your ADFS to the Local intranet zone. This can be deployed to multiple computers via Group Policy. This ensures that users who have already logged in to the domain are able to log in to services with their domain email address alone. They will not need to enter a password since they have already been authenticated.
In Internet Explorer, set the Local Intranet website under
.In Firefox:
- Type about:config in the URL bar and press Enter.
- Modify the network.automatic-ntlm-auth.trusted-uris to include the Local Intranet Website.
- Click OK.