Set up identity and access manager (IAM) provider

The Identity Provider tab lets you configure your Identity Provider (IdP) relationship to establish Single Sign-On for your organization users. The IdP can be a service such as Active Directory Federation Services ( ADFS 2.0 | ADFS 3.0); a third-party provider such as OneLogin, Okta, Azure AD, G Suite.; or another SAML-based IdP solution.

Back to Organization Center Contents

Once configured, your users can log in either from the Identity Provider’s website or from your GoTo product’s website using the Use my company ID link in the log-in form.

When you set up an Identity Provider, you are establishing the landing point for authentication requests, the trusted certificate that is used by the Identity Provider to encrypt authentication calls, the IdP’s formal Entity ID, and optionally, a landing page for logouts.

Set up either an Automatic or Manual configuration. You cannot do both. If you save one after the other, the last save is accepted.

Automatic Identity Provider setup

The easiest and most robust way to configure SSO is to use a link to your Identity Provider's metadata file if they provide one. The metadata contains additional information that the IdP can use to make the transaction more secure. In addition, since the metadata file is generated, the method is less prone to typographical errors.

1. Log into the Organization Center.

2. In the Identity Provider tab, choose Automatic.

3. Enter the Metadata URL for your Identity Provider.

4. Click Save. The metadata file is uploaded and configures the relationships correctly.

Manual Identity Provider setup

Not all IdPs support a metadata implementation. To set up a manually configured IdP relationship, you enter key data that will get built into the SAML assertions.

1. Log into the Organization Center.

2. In the Identity Provider tab, choose Manual.

3. Enter the data provided by your Identity Provider:

  • Sign-in page URL - The IdP’s landing page for authentication requests.
  • Sign-out page URLOptional: This is the URL where the user is redirected upon log-out.
  • Identity Provider Entity ID – Location of the globally unique name for your IdP as a SAML entity.
  • Verification certificate – The IdP’s public certificate used to verify incoming responses from the IdP.

For the verification certificate, you can copy-and-paste the certificate contents as text into the entry form, or choose Upload certificate to import the certificate from a disk location. Both options result in the certificate being pulled into the page and displayed as shown.

4. Click Save. The configuration is stored in the GoTo account service.


Manage your organization

Set up domains

Manage organization users