Welcome to LogMeIn Support!
Reset Search
Search

Article

Using Okta with LogMeIn Central

« Go Back

Information

 
Answer

Using Okta with LogMeIn Central

How to integrate LogMeIn Central with Okta.

Prerequisites

Before proceeding, you must have a live Okta Identity Provider (IdP) environment.

A live IdP environment must be configured before implementing federated authentication for LogMeIn. See Okta's Customer Success Center.

Note: LogMeIn requires SAML 2.0 for Single Sign-On authentication. SAML 1.1 is not supported.

Configure LogMein as a Service Provider

The Identity Provider must be configured to trust the LogMeIn Common Login Service (CLS) as a Service Provider. CLS is LogMeIn’s own shared authentication service that provides single login experience for LogMeIn products and services on every platform.

You must add LogMeIn CLS as an application in Okta to allow a trust relationship to be established between your network and LogMeIn.

  1. Log into your Okta account.
  2. Click Admin in the upper right corner to open the administrative options.
  3. On the Applications tab, click Add Application.
  4. Click Create New App.

    The Create a New Application Integration dialog is displayed.

  5. Select SAML 2.0 and click Create.
  6. Input all data in the App Settings wizard as shown in the table below.
    FieldInput or Action
    App NameEnter a unique name for LogMeIn CLS
    App logo

    Upload a logo for the LogMeIn CLS application (optional)

  7. Click Finish.

    The SAML Settings screen is displayed.

  8. Input all data in the (A) SAML Settings wizard as shown in the table below. If not specified, leave the other configuration fields empty.
    FieldInput
    Single sign on URL

    https://accounts.logme.in/federated/saml2.aspx?returnurl=https%3A%2F%2Fsecure.logmein.com%2Ffederated%2Floginsso.aspx

    Note: Leave the Use this for Recipient URL… checkbox selected.
    Audience URI (SP Entity ID)https://accounts.logme.in
    Note: Must be unique across all applications.
    Name ID formatEmailAddress
    Application usernameOkta username

Configure CLS attributes

A unique identifier attribute must be configured. The identifier represents the shared identifier between the Identity Provider (IdP) and LogMeIn, allowing users to access LogMeIn services.

Note: The identifier can include any string value.
  1. Add the following attributes under Attribute Statements by clicking Add Another. Leave the Name format option Unspecified.
    NameValue
    Email${user.email}
    FirstName${user.firstName}
    LastName${user.lastName}
  2. Click Next.
  3. Select This is an internal application that we created.
  4. Click Finish.

    The Sign On tab is displayed.

Provide information to LogMeIn

Once the IdP configuration is complete, you must provide the information listed in this section to your LogMeIn representative.

Note: If you do not have an account representative, please send details to domain-verification@LogMeIn.com.
  1. On the Sign On screen, click View Setup Instructions.
  2. Download the following pieces of information and send them to your LogMeIn representative.
    InformationInstructions
    CertificateClick Download certificate under step 3.
    Note: The X.509 certificate is used to encrypt and sign SAML 2.0 assertions.
    IDP MetadataSave the content under Optional.
    Note: The metadata document describes the endpoint addresses for communication.

    Once your LogMeIn representative has configured the SAML 2.0 connection using the information provided, your users gain access to the appropriate LogMeIn account and permissions via the IdP as the authentication source. It may take up to 30 minutes for the SSO service to be established for the first time.

ProductLogMeIn Central

Is this article helpful?

 

   



Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255

 

Close X