Using Azure Active Directory with LogMeIn Central
Integrate Azure Active Directory with LogMeIn Central for additional authentication.
Prerequisites:
- An Azure Active Directory Premium subscription.
- An active LogMeIn Central subscription.
Note: For more information using SAML with Azure Active Directory, see
Microsoft's
support site.
Configure your Azure Active Directory Account
- Log in to https://portal.azure.com.
- Navigate to . The Add an application menu is displayed.
- Select Non-gallery application. The Add your own application menu is displayed.
- Give the new application a name and click Add.
- Click .
-
Under
Basic SAML Configuration, set the
following values:
Identifier (Entity ID) https://accounts.logme.in Reply URL https://accounts.logme.in/federated/saml2.aspx?returnurl=https%3A%2F%2Fsecure.logmein.com%2Ffederated%2Floginsso.aspx - Click Save.
- Under SAML Signing Certificate, download the Certificate (Raw) and Federated Metadata XML.
Allow Data to be sent to LogMeIn
For more information, see Microsoft's
support site.
Note: The following claims are required by LogMeIn, but they are
usually part of the default Azure AD SAML configuration. The following claims
must be included in the User attributes and claims configuration.
- Log in to https://portal.azure.com.
- Navigate to .
- Click the previously configured application name. The Set up Single Sign-On with SAML menu is displayed.
- Next to User Attributes & Claims, click the edit icon.
-
Under Claim Name, the following information is required:
Name Description Full Schema Address Email The email address you registered with LogMeIn http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress Given name Your first/given name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname Surname Your surname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Provide information to LogMeIn
Provide the relevant information to LogMeIn and we make adjustments on your account. Contact your LogMeIn Account Manager to begin the SAML process.
-
Verify domain ownership.
You must prove ownership of your domain before Azure Active Directory can be activated for your account. There are two methods of verification: HTML upload and DNS record.
Option Procedure Verify domain ownership by HTML Upload - Create an html file named logmein-domain-confirmation.html to the website for your planned ADFS domain.
- In the logmein-domain-confirmation.html file, include a random string. Example: logmein-domain-confirmation jska7893279jkdhkkjdhask
- After you have created the logmein-domain-confirmation.html file containing the random string, email your LogMeIn Account Manager with the string and they will confirm the logmein-domain-confirmation.html is visible and contains the correct information.
Verify domain ownership by DNS record - Create a TXT for your domain's DNS entry with the value logmein-domain-confirmation.
- In the logmein-domain-confirmation.txt file, include a random string. Example: logmein-domain-confirmation jska7893279jkdhkkjdhask
- After you have created the logmein-domain-confirmation file containing the random string, email your LogMeIn Account Manager and they will confirm the logmein-domain-confirmation file is visible and contains the correct information.
Tip: If you do not have a LogMeIn Account Manager, you can contact support. -
From
https://portal.azure.com, the
Certificate (Raw) and
Federated Metadata XML must be given to
your LogMeIn Account Manager.
Tip: If you do not have a LogMeIn Account Manager, you can contact support.
Once your LogMeIn
representative has configured the SAML 2.0 connection using the information
provided, your users gain access to the appropriate LogMeIn account and
permissions via the IdP as the authentication source. It may take up to 30
minutes for the SSO service to be established for the first time.