HELP FILE

Using Azure Active Directory with Central

    Integrate Azure Active Directory with Central for additional authentication.

    Prerequisites:
    • An Azure Active Directory Premium subscription.
    • An active Central subscription.
    • When you have a login policy enabled, you must set it up as "Standard". Single Sign On does not work with "Strong" password policy. See How to Set a Password Strength Requirement.
    Important: You can log in with Single Sign On on the website only. The Client App does not support Single Sign On login.
    Note: For more information on using SAML with Azure Active Directory, see Microsoft's support site.

    Configure your Azure Active Directory Account

    1. Log in to https://portal.azure.com.
    2. Navigate to Azure Active Directory > Enterprise Applications > New application.

      Result: The Add an application menu is displayed.

    3. Select Non-gallery application.

      Result: The Add your own application menu is displayed.

    4. Give the new application a name and click Add.
    5. Click Single sign-on > SAML.
    6. Under Basic SAML Configuration, set the following values:

      Result:

      Identifier (Entity ID) https://accounts.logme.in
      Reply URL https://accounts.logme.in/federated/saml2.aspx?returnurl=https:∕∕secure.logmein.com∕federated∕loginsso.aspx

    7. Click Save.
    8. Under SAML Signing Certificate, download the Certificate (Raw) and Federated Metadata XML.

    Allow Data to be sent to GoTo

    For more information, see Microsoft's support site.
    Note: The following claims are required by GoTo, but they are usually part of the default Azure AD SAML configuration. The following claims must be included in the User attributes and claims configuration.
    1. Log in to https://portal.azure.com.
    2. Navigate to Azure Active Directory > Enterprise Applications > All application.
    3. Click the previously configured application name.

      Result: The Set up Single Sign-On with SAML menu is displayed.

    4. Next to User Attributes & Claims, click the edit icon.
    5. Under Claim Name, the following information is required:

      Result:

      Name Description Full Schema Address
      Email The email address you registered with GoTo http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
      Given name Your first/given name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
      Surname Your surname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

    Provide information to GoTo

    Provide the relevant information to GoTo and we make adjustments on your account. Contact your Account Manager to begin the SAML process.

    1. Verify domain ownership.

      You must prove ownership of your domain before Azure Active Directory can be activated for your account. There are two methods of verification: HTML upload and DNS record.

      Option Procedure
      Verify domain ownership by HTML Upload
      1. Create an html file named logmein-domain-confirmation.html to the website for your planned ADFS domain.
      2. In the logmein-domain-confirmation.html file, include a random string. Example: logmein-domain-confirmation jska7893279jkdhkkjdhask
      3. After you have created the logmein-domain-confirmation.html file containing the random string, email your Account Manager with the string and they will confirm the logmein-domain-confirmation.html is visible and contains the correct information.
      Verify domain ownership by DNS record
      1. Create a TXT for your domain's DNS entry with the value logmein-domain-confirmation.
      2. In the logmein-domain-confirmation TXT file, include a random string. Example: logmein-domain-confirmation jska7893279jkdhkkjdhask
      3. After you have created the logmein-domain-confirmation file containing the random string, email your Account Manager and they will confirm the logmein-domain-confirmation TXT file is visible and contains the correct information.
      Tip: If you do not have an Account Manager, you can get in touch with customer support by selecting Contact Support in this article.
    2. From https://portal.azure.com, the Certificate (Raw) and Federated Metadata XML must be given to your Account Manager.

      Result:

      Tip: If you do not have an Account Manager, you can get in touch with customer support by selecting Contact Support in this article.

    Results: Once your GoTo representative has configured the SAML 2.0 connection using the information provided, your users gain access to the appropriate account and permissions via the IdP as the authentication source. It may take up to 30 minutes for the SSO service to be established for the first time.
    Article last updated: 21 November, 2022