Introduction to Enterprise Sign-In
Enterprise Sign-In allows your users to log into GoTo products using the same username and password they might use to access their email or log into Windows. Enterprise Sign-In provides IT administrators options for easily managing large numbers of users, user product access, and for delivering Single Sign-On (SSO) for those users.
Enterprise Sign-In is delivered, depending on your preferences, as fully packaged offerings from third-party Identity and Access Management (IAM) providers, as a set of GoTo-provided tools, or via identity and licensing APIs that allow you to design and build fully custom solutions. These solutions are available to new customers as well as those with existing accounts and users.
This document identifies the options to help you choose the most effective implementation for your requirements.
At this time, Enterprise Sign-In is available for:
- GoToAssist Remote Support
- GoToAssist Service Desk
- GoToAssist SeeIt
Enterprise Sign-In for these products lets you provision users and grant access to GoTo products to streamline the IT admin workflow. You can also offer your users Single Sign-On (SSO) to improve their access to their GoTo business tools. Both of these options require that you first create a domain organization, and that you validate any company email domains in that organization.
In the chart, the three main implementation options - managed, implemented, and custom - are examples. These options can be mixed and matched. You could implement a managed IAM solution and a custom provisioning solution. Or just implement provisioning without Single Sign-On.
An organization is an entity you manage. The domain organization allows your administrators to configure sign-in options for your GoTo users based on the email domain they use to sign into GoTo products. For example, if all of your users sign in with names such as email@example.com and firstname.lastname@example.org, then “mycompany.com” is the organization email domain.
Note that an organization is not necessarily related to your product account where you manage product access. Organizations simply manage sign-in options for user identities matching your verified email domain(s). The users themselves could be given access through one or more customer accounts - for example, perhaps your Marketing department and Sales department have separately signed up for and are separately billed for two different GoToMeeting accounts. In this case, the user identities and SSO functionality can still be centrally managed through one organization.
- See the Organization Center for detailed documentation.
User and product access provisioning / licensing
Provisioning is the process of creating valid users within your company account, and extends to providing users with access for specific products. Smaller firms manage this using the Admin Center, but as the number of users increases, or if large shifts in users due to acquisitions, turnover, etc. occur, it makes sense to automate this process. Your options are (one of):
- Manually add or remove users, and manage product access in the Admin Center (Admin Center login) (Admin Center help).
- Automate the process based on your Active Directory updates by implementing the Active Directory Connector (ADC v2 download) (ADC v2). (This does not currently support GoToAssist accounts.)
- Choose one of the managed Identity and Access Management Providers that provide provisioning.
- Build a custom solution using the SCIM APIs and Administration REST APIs.
SCIM (System for Cross-domain Identity Management) is a specification that lets you manage users within your domain organization entity.
Single Sign-On (SSO)
Organizations can be configured using the SAML specification to allow users in the validated email domains to be authenticated for sign-on through an Identity Provider. Your options are: