Genesys DX

How to set up SAML 2.0 Single Sign-On via an Identity Provider

BoldChat provides Single Sign-On support based on SAML 2.0 protocol. It accepts SAML Assertions using the SAMLResponse parameter where the NameID of the authenticated user is a mandatory claim.

On the Identity Provider (IdP) side you must set up the connection with the following parameters:

Protocol type: SAML 2.0
Service type: AssertionConsumerService
Binding type: HTTP-POST
WantAssertionsSigned: True

Alternatively, you can set up the connection using the BoldChat metadata XML below that contains the required parameters.

Important: Change both instances of xxxxxxxxxx to your account ID. You can find your BoldChat SSO URL on the settings form. Change both instances of yyyyyyyyyy to the web client URL extended with the server set for your data residency region.

Data Center	URL
USA	web.boldchat.com
EU	web-eu.boldchat.com

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor entityID="https://yyyyyyyyyy/aid/xxxxxxxxxx/" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
  <SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
    <AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://yyyyyyyyyy/aid/xxxxxxxxxx/"/>
  </SPSSODescriptor>
</EntityDescriptor>

Go to Setup > General Account Settings > Single Sign-On and select the Main Setup tab.

Remember: You must configure SSO on the Identity Provider side first.

Click Test to check the authentication process.

You are redirected to the Identity Provider's URL in a popup. If you get back SAMLResponse from the ID Provider than its response will be presented on this setting form. If no SAMLResponse parameter returns or you simply misconfigured your URL, the popup window may stay open.

Important: The Identity Provider URL must be a common link that authenticates and redirects the user to the BoldChat SSO URL with SAMLResponse token, if the user have the necessary rights.

Result	Description
`SAMLResponse` is returned	The response is presented in the form. Note: Copy the public key for later use.
`SAMLResponse` is not returned	The popup may stay open. It is likely that you have simply misconfigured your URL.

Result

Description

SAMLResponse is returned

The response is presented in the form.

Note: Copy the public key for later use.

SAMLResponse is not returned

The popup may stay open.

It is likely that you have simply misconfigured your URL.

Check that NameID is a mandatory claim in the SAMLResponse token.
You must add this claim on the Identity Provider side to be a unique attribute of the authenticated user, for example their e-mail address. When you map an authenticated user later on, the NameID field must be the SSO Name ID on the operator field.
Under the Public Key Setup tab, paste the public key of your signed SAMLResponse token that you received in Step 2.

Save the public key.

Agent Workspace setup. To access Agent Workspace by SSO, use the following URL format:
- https://agent.boldchat.com/sso/account-id/ACCOUNTID (Replace ACCOUNTID with your account ID)
- https://agent.boldchat.com/sso/username/USERNAME (Replace USERNAME with your username)
Desktop Operator Client setup. You can use the desktop Operator Client in SSO mode with version 7.40 or newer. To configure the desktop Operator Client, do either of the following:
- Go to Start Menu > All Programs > SSO Mode.
- Use the following registry commands.
  
  SSO Launch Enabled Registry Script
```
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BoldChat-SSOAID"="xxxxxxxxxx"
"BoldChat-SSOENA"="True"
```
  SSO Launch Disabled Registry Script
```
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BoldChat-SSOENA"="False"
```

Web Client SSO setup. Once you have configured SSO on both sides, launch your WebClient SSO lookup mode with either of the following URLs:

URL	Description
https://yyyyyyyyyyy/aid/xxxxxxxxxx/	xxxxxxxxxx is your Account ID ; yyyyyyyyyy is the URL with server set
https://yyyyyyyyyyy/un/uuuuuuuuuu/	uuuuuuuuuu is any BoldChat username defined under your account; yyyyyyyyyy is the URL with server set

Check that parsing was successful to ensure that BoldChat servers understand the response as a SAML 2.0 Assertion Token.
Remember: First you must make sure that the SAMLResponse token is returned correctly.

Once parsing has completed successfully, you can check the following:

Issuer found: A required attribute in the SAML 2.0 protocol
IssueInstant: A required attribute that contains the issuer timestamp. It must be in UTC format by default. BoldChat accepts tokens within a valid time frame.
NameID: Required for mapping a BoldChat operator record with the authenticated user.
Public key: Required and must be stored in BoldChat settings as well for signature validation.

Set agent permissions: Create or edit a permission group

Use permission groups to set the features and folders your agents can access. An agent's permissions depend on the rights and restrictions set for the group to which they are assigned.

Create or edit a permission group, as follows:
1. In the Web Admin Center, go to Organization > Permission groups. The Permission Group Management page is displayed.
2. Select an existing permission group or click Create New.
Result: The New/Edit Permission Group page is displayed.

On the Account tab you can set the following permissions:

Option	Description
Access agent list in monitor view	Allow group members to view agents' workload in Monitor View.
Access Audit Log	Allow group members to view audit logs of the Admin Center on the General > Audit Log page. See View changes in the Admin Center.
Access Automatic Chat Distribution Settings	Allow group members to change settings on the Channel > Chat > Automatic Distribution page in the Admin Center. See How to automatically activate chats (Automatic Chat Distribution).
Access Automatic Email Distribution Settings	Allow group members to access the Channel > Email > Automatic Distribution page in the Admin Center. See Set up automatic distribution for email.
Access Automatic Messaging Distribution Settings	Allow group members to change settings on the Channel > Messaging > Automatic Distribution page in the Admin Center. See Set up automatic distribution for messaging.
Access Data Retention Settings	Allow group members to change settings on the General > Data Retention and General > Data Protection pages in the Web Admin Center. See Data Protection.
Access Login Control Settings	Allow group members to change settings on the General > Login Control page in the Web Admin Center.
Access Mobile Dashboard	Allow group members to log in to the Mobile Dashboard.
Change Another Agent's Status	Allow group members to change the availability of other agents in the Agent Workspace.
Change Website Data Validation Settings	Allow group members to change the website data validation settings when setting up a website on the Organization > Websites page in the Admin Center.
Edit Agent Workspace Settings	Allow group members to change the settings related to the functionality of the Agent Workspace.
General Account and Restrictions Settings	Allow group members to change the following account settings in the Web Admin Center: Invitation settings PIN invitation settings Regional settings General account restrictions Singe Sign On settings API key and trigger settings Geofluent auto-translation settings
Generate Chat Button HTML	Allow group members to generate chat button HTML when setting up a static or floating chat button on the Channels > Chat > Chat Buttons page. See Generate chat button HTML.
Generate Conversion Tracking HTML	Allow group members to generate conversion tracking HTML code when setting up conversion codes on the Customers > Conversion Codes page. See Set up conversion tracking.
Generate Customer Monitor HTML	Allow group members to generate Customer Monitoring HTML code when setting up a static or floating chat button on the Channels > Chat > Chat Buttons page.
Have Plugins Enabled	Not in use.
Modify Folders	Allow group members to modify folders for chat, email, messaging, and Canned Messages.
Replace Canned Messages	Allow group members to replace Canned Messages in the desktop client.
Setup Rules Engines	Allow group members to set up rules for managing incoming chats or visits on the following pages: Channels > Chat > Routing Rules Channels > Messaging > Routing Rules Channels > Email > Routing Rules See Manage incoming chats according to rules (Chat Rules Engine).
Use Email Signatures Setup	Allow group members to define email signatures when setting up an email account on the Channels > Email > Email Account page. To add a signature, select Outgoing email footer on the Format and content tab. See Set up an email account.
Use Personal Canned Messages	Allow group members to change settings on the Setup > My Canned Messages Setup page in the Digital DX Desktop Client.
View Assignment History	Allow group members to view the assignment history of work items both in their workspace and in Monitor View. See How to find customer and assignment history.
View Dashboard	Allow group members to log in to the Dashboard. See Monitoring your Organization (Dashboard).
View Workspace	Allow group members to log in to the Agent Workspace.
View/Undelete from Recycle Bin	Allow group members to manage the recycle bin by clicking View list of deleted items where available on Web Admin Center pages. See Data Retention Options.

Enterprise and Premier subscribers may see additional permissions.

On the Actions tab, set permissions controlling group members' use of specific features within the following major feature sets:
- ActiveAssists
- Chats
- Contacts
- Customers
- Emails
- Messaging
- Remote Access
- Reports
On the Setup tab, set permissions controlling group members' ability to set up entities in the following categories:
- ActiveAssist (cobrowse bookmarks)
- APIs (API settings, integration API triggers)
- Chats (chat buttons, Canned Messages, categories, custom fields, statuses, chat windows, floating chat buttons)
- Contacts (categories, custom fields, statuses)
- Customers (conversion codes)
- Emails (categories, custom fields, statuses, accounts, email redirects)
- General (agent statuses, agents, departments, integrations, knowledge bases, permission groups, salesforce connectors, spell checkers, websites)
- Invitations (auto-invite rulesets, custom chat invitations)
- Messaging (Canned Messages, categories, custom fields, SMS accounts, statuses)
- Tickets (categories, custom fields, statuses)
- Twitter (categories, custom fields, statuses, accounts)
Enterprise and Premier subscribers may see additional permissions.
On the Folders tab, set permissions controlling group members' ability to manage folders for the following:
- ActiveAssists
- Chats
- Contacts
- Customers
- Emails
- Messaging
- Reports
- Tickets
- Twitter
Enterprise and Premier subscribers may see additional permissions.
On the Departments tab, control group members' ability to see operators and departments outside of their own.
- Not Visible. Members can neither see nor transfer items to the department and its operators.
- Department Visible. Members can see and transfer items to the department, but not its operators.
- Operators Visible. Members can see and transfer items to the department and its operators.
To make the permission group default for all subsequently created agents, click Set as default on the Account settings tab.
Save your changes.

Remember: To assign an agent to permission groups, go to Organization > Agents > Agent Information.

What are best practices for using permission groups?

Digital DX offers two out-of-the-box permission groups. Our best practice recommendation is to review, and edit or add additional permission groups. Permission groups should be customized based on an organization's needs to allow different groups to setup what each user is allowed to do in Bold360 Agent. These can apply to agents or departments within an organization.

With as flexible as our permission settings are, the best approach is to think of different personas (agents, admins, supervisors, reporting analysts, content managers, and so on) and creating permissions that suit this persona. For example, you wouldn't want to give an agent access to setup and you wouldn't want reporting teams to be able to set themselves as available in the queues.

Our out-of-the-box permission groups (Administrator and Operator) are simply starting places, and we recommend reviewing and customizing them to fit your organization's needs. Create permission groups to prevent cherry picking of chats, emails, and so on by limiting visibility into the queue and specific folders, allow remote control/co-browse, create different groups with different abilities for different positions (agents, supervisors, team leads, managers, admins, developers), prevent transferring work items to individuals and only allow to do so at department level.

How to enable Single Sign-On through login controls

Single Sign-On (SSO) integration simplifies the sign-in process for Enterprise users by providing access to multiple products with a single login. This feature integrates with your current SSO technology and is easily accessible though the Operator Client, Agent Workspace, and Web Client.

Within the .NET or the Web Client, go to Setup > Login Control Settings > Setup.
Check the box next to Single Sign On Settings > Enable Single Sign On.
To see the edits and modifications you will need to make, click Help.
When finished making edits, click Save on the Single Sign-On Setup tab and then click Save on the Login Control Settings tab.

What about security in the Digital DX AI platform?

We work hard to ensure your security and recognize its importance:

Bold360 AI servers are hosted on Amazon's EC2 cloud, it is secured via AWS firewall services to insure that customer knowledge & data are safe.
Manage access to our servers is restricted to TLS cryptography.
Each of our customers is assigned a unique set of login credentials that only allows access to the customer's own cluster of data. All passwords are enforced for a strict complexity policy. Access to your data is only granted to privileged users in your organization and Bold360 AI privileged users.

Add increased security for Slim and Harmony widgets

To increase the level of security, Digital DX AI introduced Cross-origin resource sharing (CORS) policies to the APIs. This enhancement enables you to restrict your widgets and Support Centers to a single URL domain or a list of domains. If a malicious intruder copies your HTML snippet code and adds it to any other site, the widget or Support Center on that site will not work.

Until now, you could define the URL of a secure Support Center in the Main Site URL field on the Touchpoints > Support Center > Settings page. From now on, to set up a secure Support Center, do the following:

On the Touchpoints > Support Center > Settings page, copy your Support Center URL from the Main Site URL field.
Go to the Admin Center > Preferences page.
In the Allowed Origins field, paste your Support Center URL that you have copied from the Main Site URL field.
Add your main customer website URL to the list.
Save your changes.

For more information and to see more Bold360 certifications, please visit the LogMeIn Trust & Privacy Center.

How to import operator settings

From the main menu of the operator client, go to BoldChat > Settings > Import.
Result: You are warned that the app will restart. To accept, click OK.

Tip: After restart, active chats will be reconnected, but you may want to end all chats before using this feature.
Browse to the location of the settings file.
Result: By default, the file is named Settings.ocs and is located in the computer's Documents folder.
Restart the operator client when prompted to complete the update.

How to export operator settings

To backup or restore the settings of your operator client, or distribute settings to be shared with other operators, you may use the export/import feature.

From the main menu of the operator client, go to BoldChat > Settings > Export. >
Result: You are warned that the app will restart. To accept, click OK.

Tip: After restart, active chats will be reconnected, but you may want to end all chats before using this feature.
Choose a location and filename for the settings file.
Result: By default, the file will be named Settings.ocs and placed into the computer?s Documents folder.
Restart the operator client when prompted to complete the update.
Result:

How to define user permissions (Permission Groups)

Permission Groups allow you to define the features, functionality and folders an operator can access. Once you have created a Permission Group definition, you can then associate an operator with the group. An operator's permissions are dependent on the rights and restrictions set for the Permission Group. By default an Operator's permissions are set to unlimited.

From the main menu of the operator client, go to Setup > Account Setup.
Result: The Account Setup window is displayed.
On the left menu of the Account Setup window, click General > Permission Groups.
To adapt recommended permissions for common roles, choose a permission package and click Copy:
- Administrator
- Operator
Result: Edit the permissions as required.
To create a custom permission group, click New.
Result: The New Permission Group window is displayed.

On the Account tab you can set the following permissions:

Option	Description
Can Access Billing	Allow group members to view billing and other account information at my.boldchat.com.
Can Generate Chat Button HTML	Allow group members to generate chat button HTML from the Setup menu.
Can Generate Visitor Monitoring HTML	Allow group members to generate Visitor Monitoring HTML from the Setup menu.
Can Generate Conversion Tracking HTML	Allow group members to generate Conversion Tracking HTML from the Setup menu.
Can Setup Rules Engines	Allow group members to set up rules for managing incoming chats or visits at Setup > Rules
Can Modify Folders	Allow group members to create and edit folders for Chats, Visitors, Conversions, Reports, etc.
Can Access Chat ACD Settings	Allow group members to work with settings that automatically activate chats (Automatic Chat Distribution).
Can Log Off/Away Another Operator	Allow group members to change other operators' status.
Can Have Plugins Enabled
Can Replace Canned Messages
Can Use Personal Canned Messages	Allow group members to manage canned messages under Setup > My Canned Messages Setup
Can Access General Account Settings	Allow group members to change settings under Setup > General Account Settings
Can Access Login Control Settings	Allow group members to change settings under Setup > Login Control Settings
Can Access Data Retention Settings	Allow group members to change settings under Setup > Data Retention (Enterprise only)
Can View/Undelete from Recycle Bin	Allow group members to manage the BoldChat recycle bin under View > Recylce Bin

Enterprise and Premier subscribers may see additional permissions.

On the Actions tab, set permissions controlling group members' use of specific features within the following major feature sets:
- ActiveAssist
- Chats
- Reports
- Visitors
On the Setup tab, set permissions controlling group members' ability to set up entities in the following categories:
- ActiveAssist (cobrowse bookmarks)
- Chats (canned messages, categories, custom fields, chat buttons, etc.)
- General (departments, operators, permission groups, etc.)
- Invitations (auto-invite rulesets, custom chat invitations)
- Visitors (Conversion Codes)
Enterprise and Premier subscribers may see additional permissions.
On the Folders tab, set permissions controlling group members' ability to manage folders for the following:
- ActiveAssist
- Chats
- Reports
- Visitors
Enterprise and Premier subscribers may see additional permissions.
On the Departments tab, control group members' ability to see operators and departments outside of their own.
- Not Visible. Members can neither see nor transfer items to the department and its operators.
- Department Visible. Members can see and transfer items to the department, but not its operators.
- Operators Visible. Members can see and transfer items to the department and its operators.
Save your changes.

How to automatically log out inactive operators

You can set the desktop Operator Client to automatically log out operators after a specified period of inactivity. This helps ensure that your information is secure when the client is unattended.

By default, this feature is enabled.

Go to Setup > Login Control Settings.
Select Logout operator after being inactive for ... minutes.
Set the amount of time from 1 to 999 minutes before the operator is automatically logged out.

Data Retention Options

Enterprise subscribers can set BoldChat to automatically recycle or delete chat data.

Enterprise subscribers with proper permission settings can activate data retention at the following location: Setup > Data Retention

The ability to change data retention settings is disabled for all permission groups and must be explicitly enabled: Can Access Data Retention Settings. Use caution when granting permission to use this feature.

You can choose to automatically move chat sessions to the Recycle Bin or to permanently delete the chat session data. In either case, this is done after the chat has been closed for the specified number of days.

Permanent deletion

When you choose to permanently delete chat session data, the data is permanently removed from the system without passing through the Recycle Bin.
This data cannot be recovered.

Recycle Bin

When you move chats to the Recycle Bin, they are not immediately permanently deleted: Instead operators are prevented from seeing the data in their BoldChat Client interface.
Chats in the Recycle Bin can be recovered (Operator Client > View > Recycle Bin)
Or you can set up an automatic purging of the Recycle Bin after items have been in the bin for a specified period of time (Operator Client > View > Recycle Bin > Setup).
Once items are purged from the Recycle Bin, they are similarly permanently deleted and cannot be recovered.

Delete partial data

The main chat session record can be retained for historical reference and reporting, while other data associated with the chat session is deleted.
For example, you can delete the chat transcript data (messages exchanged between the chat visitor and operator), but leave the rest of the chat record information for historical reference and/or reporting.
Partial data deletion results in permanent deletion with no recovery option
This feature can also be used in conjunction with the complete record deletion option. For example, you could setup to permanently delete the chat transcript data after 90 days, and then permanently delete (or recycle) the complete chat records after 180 days.
Additional details are provided in the context-sensitive help in the desktop Operator Client interface

How to protect visitor data (Data Obfuscation)

Data obfuscation, or also known as data masking, is a security feature that allows you to replace potentially sensitive data with generic characters to ensure that sensitive information is safe. You can set data (for example, credit card numbers, social security or personal ID numbers, telephone numbers) to be replaced by generic characters either in real-time or once the chat has ended.

This feature is part of the Custom Chat Window definition process. A chat window definition controls the look and feel and advanced behavior of the interface that is opened when a visitor clicks an associated button or link.

Using the BoldChat Operator Client, create a new custom chat window, as follows:
1. From the main menu of the BoldChat Operator Client, go to Setup > Account Setup. The Account Setup window is displayed.
2. On the left menu of the Account Setup window, click Chats > Custom Chat Windows > New
Result: The New Custom Chat Window is displayed.

On the Chat Messages tab, select Conceal Sensitive Information.

Option	Description
When to Conceal	Select When the chat closes to allow data to be seen during chat, but then hidden after close. Select Immediately, but the operator assigned... to allow only the assigned operator to see the information. Select Immediately, and no one... to hide the information from everyone.
What to Conceal	Select All numeric strings to conceal all recognized number sequences, such as credit card, social security and phone numbers. Select Only credit card formats to mask user input that conforms to standard credit card number formats. When this feature is in use, a credit card number such as 12345-12345-12345 is stored as xxxxx-xxxxx-xxxxx. Numbers grouped as follows are considered credit card numbers: 3-4-4-2 4-4-3-2 4-4-4-4 4-6-4 4-6-5 Note: Currently, the following numbers are concealed as they are considered to be credit card numbers: 13 digits starting with 4,5, or 6 14 digits starting with 3,5, or 6 15 digits starting with 1,2,3,5,6, or 8 16 digits starting with 2,3,4,5,6,8, or 9 17 digits starting with 3,5,6, or 8 18 digits starting with 3,5,6, or 8 19 digits starting with 3,5,6, or 8

Option

Description

When to Conceal

Select When the chat closes to allow data to be seen during chat, but then hidden after close.
Select Immediately, but the operator assigned... to allow only the assigned operator to see the information.
Select Immediately, and no one... to hide the information from everyone.

What to Conceal

Select All numeric strings to conceal all recognized number sequences, such as credit card, social security and phone numbers.
Select Only credit card formats to mask user input that conforms to standard credit card number formats. When this feature is in use, a credit card number such as 12345-12345-12345 is stored as xxxxx-xxxxx-xxxxx.
Numbers grouped as follows are considered credit card numbers:
- 3-4-4-2
- 4-4-3-2
- 4-4-4-4
- 4-6-4
- 4-6-5

Note: Currently, the following numbers are concealed as they are considered to be credit card numbers:

13 digits starting with 4,5, or 6
14 digits starting with 3,5, or 6
15 digits starting with 1,2,3,5,6, or 8
16 digits starting with 2,3,4,5,6,8, or 9
17 digits starting with 3,5,6, or 8
18 digits starting with 3,5,6, or 8
19 digits starting with 3,5,6, or 8

Save your changes.

Remember: To implement a chat window, you must associate it with a chat button definition.

How to exclude visitors based on IP address

Set visitor IP addresses that should always be blocked by Visitor Monitoring and Chat Button HTML, one IP address per line.

From the main menu of the operator client, go to Setup > General Account Settings.
Result: The General Account Settings window is displayed.
On the Extra Security tab, enter IP addresses to be blocked.
Tip: You can also use wildcards. For example: 123.123.123.*
Save your changes.

About BoldChat Permissions

The exact features you can use and actions you can take in the BoldChat app may depend on permissions granted by a BoldChat administrator or by your BoldChat subscription.

Check with a BoldChat administrator if you experience permission-related problems.

Data Residency Options

Many organizations face challenges meeting strict cross-border data privacy and residency requirements. BoldChat helps you face these challenges by giving you control over where your data resides.

Beginning Oct 29, 2016, all new customers signing up for a BoldChat account can choose a data residency region where their Service Data will be stored, hosted, and replicated (that is, the information you submit, transmit, collect, post, store, or produce while using the BoldChat service). Your Service Data will remain in your selected region without unwanted transfer*. Existing customers will continue to have data residency in the USA; migration is not currently an option. Please get in touch with us if you have an existing account that requires modification for alternative approaches.

Important: When requesting a product trial, by default your account is created with the data residency location preference set as USA. Please let us know if you need to use a different region.

Note: *To the extent you utilize any third party or internal services or providers that are not set to the same data residency restriction and in anyway interface with BoldChat or its Service Data, LogMeIn bears no responsibility for information processed through those third party services or by third party providers outside of the designated geographic region.

Current data residency regions

United States (US)
European Union (EU)

Feature Specific Considerations

Video Chat. Your data residency choice applies to all Service Data associated with the Video Chat feature.

Table 1. Video Server Locations
Location	Video Server Locations
US	US, Singapore
EU	EU

Email. Emails sent/stored from our servers use your selected data residency region. However, to ensure compliance, you should also verify the location of your own email provider as specified in your IMAP or POP URL settings (for example, a Microsoft Exchange server used by your organization or a corporate gmail account) since once emails leave our systems they get routed via your email servers and BoldChat does not control their path or final destination. If you have any questions, please contact your email provider.

Third-party Integrations. When using third-party services integrated with BoldChat, appropriate controls should be put on data leaving/being stored outside of BoldChat to ensure compliance with your data residency requirements, since they are outside of the scope of this option.

APIs. Workflow, Integrations, Data Extraction and Provisioning APIs are available for accounts in all data residency regions. Integrations must use the API endpoint corresponding to the data region in which your account is hosted. For more information, see Bold360 and BoldChat Developer Center.

SSO Integration. SSO is available in all data residency regions. For details regarding setup, see How to set up SAML 2.0 Single Sign-On via an Identity Provider.

Known Limitation

The SMS service is currently offered via gateways located in the US only

View changes in the Web Admin Center

The audit log allows you to view who changed the settings of the Web Admin Center and when those changes were made. Changes made in the AI Console or Desktop Client are not included.

You must have Account settings > Access Audit Log permission to see the audit logs.

In the Web Admin Center, go to General > Audit Log.
At the top of the page click the date picker to select the period of time when you want to see the changes.
Every event in the audit log shows the page where changes occurred. The most recent event is listed on top.
Click an event to see its details on the information panel on the right.
The information panel displays the status of settings before and after they were changed.
To go to the page or setup item where changes occurred, click the name of the page at the top of the information panel.

Why can't I log in to the Bold360 Agent platform?

The following questions answer those problems that may occur when you can't sign in to your Bold360 Agent account.

Can't sign in to your Bold360 AI account?

Have a look at our Bold360 ai support site for information.

Why didn't I get an email when I tried to reset my password?

If you reset your password but did not receive an email from Bold, please check the following:

Type your username or email address in the Reset your Password window:
- If you have not yet registered your email address as your new username, type your current username
- If you have registered your email address as your new username, type your email address. By now, most users sign in with their email address.
If the issue still occurs, check your spam folder.
If you still don?t receive an email, make sure your Email settings can accept emails from noreply@logmein.com.
If the issue persists, either ask your administrator to re-send an invitation, which will allow you to set up a new password, or contact our Support team or your Customer Experience Manager.

What are the requirements for creating a new password?

Must be at least eight characters long
Must have a digit, an upper case character, and a lower case character
Cannot have the same character repeating four times in a row
Cannot contain your user name or the account name
Cannot reuse your last five passwords

Why am I not receiving an invitation or verification email?

When your administrator assigns a new email address to you, your must set up access via an email invitation. Similarly, when you change your username to an email address, you have to verify your new email address via a verification email. When you don't receive such emails, do the following:

Make sure your spam folder does not contain an email from us.
If you still don?t receive an email, make sure your Email settings can accept emails from noreply@logmein.com and support@bold360.com.
If the issue persists, either ask your administrator to re-send an invitation, which will allow you to set up a new password, or contact our Support team or your Customer Experience Manager.

As an administrator, can I resend an invitation for my users?

Yes, you can. When your user cannot find the invitation email, you can resend an invite.

Important: You can resend an invitation email only if the user has not accepted the invitation yet.

In the Bold360 Admin Center, go to Organization > Agents.
Click the name of the agent to who you want to resend an invitation.
On the Agent Information tab, select Resend user invitation.
Save your changes.

This will send an email to your selected user who will be prompted to change their password.

What if I can sign in but have no access to a Bold account?

If an email invitation was already sent to you (automatically when creating new user; when changing your email address; or when resending an invitation), make sure that you set up your Bold access through this invitation email. These invitations are always sent from support@bold360.com.
If you are an existing Bold user and your username has not been changed since LogMeIn started migrating Bold users to the common login platform, make sure you set up your Bold access by doing the following:
1. Sign in with your former Bold username and password.
2. During the sign-in process, switch your username to your email address.

What if I can sign in, but immediately and automatically signed out?

Make sure you are not signed in to Bold360 in another browser or browser tab. If you are, close that browser (tab) and try again.

As an administrator, how do I reset passwords for my agents?

You don't. As LogMeIn moves to the new common identity platform, each user will be uniquely identified by their email address. Users of LogMeIn products will be able to easily move between different LogMeIn products using the same email-address and password. Therefore, the email and password of each user are owned by the user itself and can?t be controlled by the administrator of a Bold account.

However, the administrator of a Bold account can always remove or modify each user's permissions. For example, users can be blocked from accessing a specific account or can get different permissions to ensure the security and ownership of the administrators of their accounts.

Do I need my agents to have a valid email address?

Yes. Since each user of LogMeIn products is identified by their email address, that email address must be valid and accessible. Email addresses in your Bold360 account can be either a work email (recommended) or a personal email. These emails will not receive any sensitive information regarding your Bold360 account.

What if none of the above helps?

As a last resort, your administrator can create a new user account for you. Make sure that you provide the proper email address to your admin, because you will receive an invitation email to that address and you will also use that email address to sign in to Bold360.

Data Protection

For more convenient handling of GDPR requests, you can schedule customer data deletion and data export to XML directly from the Web Admin Center. This allows administrators to manually select customers and remove their sensitive data from the Digital DX system.

Note: The ability to change data protection settings is disabled for all permission groups and must be explicitly enabled by selecting the Account Settings > Access Data Retention Settings permission.

In the Web Admin Center, go to General > Data Protection.

Type a customer ID or email address into the field at the top of the page. You have the following options:

Option	Description
Schedule deletion and export	The selected customers' data will be first exported and then permanently deleted. This data cannot be recovered. The download link to the exported data is valid for 14 days or until manually deleted.
Schedule export only	The selected customers' data will only be exported to XML, but not removed from the system. The download link to the exported data does not expire, but can be manually deleted.

Important: Scheduling is not immediate; deletion and export occurs automatically once a day.

Add an Agent to your account

This is where you add all users: agents, supervisors, and administrators. For each user you add, you will set their name, email and give them ability to chat. Agents operate in the Bold360 Agent Workspace that you can access at agent.bold360.com.

Note: This article is part of a Quick Start Guide to help you implement your Bold360 environment from scratch.

To see the below steps in action, view our tutorial:

In the Web Admin Center, go to Organization > Agents.
On the Agent Management tab, click Create New.

Fill in the most important agent details:

Tip: Hold your mouse over the info buttons for details about the fields.

Option	Description
Email address	The agent's email address, which is used for the following: Sign in to Bold360 Reset a forgotten password Receive transcripts and other messages from Bold360 Email addresses must be unique in Bold360.
Agent name	The agent's proper name. Customers do not see this name.
Chat name	The agent's name as seen by customers. Typically, the agent's first name.
User name	This name appears in reports. Customers do not see this name.
Agent availability for chats and emails	Ensure Chats is selected.
Permission group	Either Administrator or Operator depending on the user?s role. As you become more comfortable with your deployment, you may want to customize these existing permission groups or add new permission groups. See Set agent permissions: Create or edit a permission group. Note: You will always want to have at least one user designated as Administrator in order to have full access to Bold360 Admin Center.

Go to the Images and Greetings tab. Under Initial Greeting for Chat > Default, select welcome.
Save your changes.

Need more info? There?s a section about agent management in our Help Center.

Next article: Create your first department

Bold360 account and billing inquiries

You can check your billing information at https://selfserviceportal.purchase.logmein.com. Click on your account name to view information regarding your subscriptions, payment method, invoice history, and billing address.

To view information related to your LogMeIn account, sign in to the My Accounts page. This page is relevant for those customers only, who have subscribed to multiple LogMeIn products. You can find more information on how to use the My Accounts page here.

If you have further questions related to your Bold360 account, including billing inquiries, please contact your Bold360 Customer Success Manager or click Open Ticket below.

How to assign an agent to a department

Assign an agent to departments as part of your chat distribution strategy. An agent can be in multiple departments.

Departments can also be associated with a specific language to help route chats to agents with appropriate language skills.

Create or edit an agent, as follows:
1. In the Web Admin Center, go to Organization > Agents.
2. On the Agent Management page, select an existing agent or click Create New.
Result: The New/Edit Agent page is displayed.
On the Departments tab, scroll to the lower part of the page and click each department to which the agent should be assigned.
At the top of the page, set each department's priority for the agent.
When using Automatic Distribution (AD) and the Urgency is the same for multiple items in the queue, agents receive their next item from their highest priority department.
Save your changes.

How to assign an agent to a permission group

An agent's permissions are unlimited by default, but can be controlled by adding the agent to a Permission Group. An agent can be assigned to one permission group at a time.

Create or edit an agent, as follows:
1. In the Web Admin Center, go to Organization > Agents.
2. On the Agent Management page, select an existing agent or click Create New.
Result: The New/Edit Agent page is displayed.
At the bottom of the Agent Information tab, choose a Permission Group.
Result: To make the selected permission group the default for subsequently created users, click Set as default.
Save your changes.

Validating Chats, Visits and Conversions (Data Validation)

Set Digital DX to validate all chats, visits and conversions. Use this feature to ensure that incoming chats originate from the website associated with the chat button and that chat and visit parameters provided by the customer cannot be viewed or modified by any third party. When customer monitoring and/or conversion tracking is enabled, this feature also ensures that the visit/conversion data originates from the website with the monitoring/conversion HTML code.

Setup

Data validation is set for a Digital DX Website. Even if you have a single webpage only where you want to display a chat window, you must create a Digital DX website.

Fastpath: In the Web Admin Center, go to Organization > Websites > Data Validation

When enabled and required, all chat, visit, or conversion data must be validated as originating from your server before reaching an agent.

Data Validation Methods:

PGP: The data passed to Digital DX can be PGP encrypted using our public key and signed with your private key to completely hide the parameters passed into chat
HMAC-SHA512: The customer can be disallowed from tampering with the data passed to Digital DX by generating a hash of the data using a private hashing key

Both methods rely on a new parameter in the HTML: SecureParameters. This replaces custom variable parameters such as VisitRef, VisitInfo, etc. Any visit, chat or conversion related data when validation is enabled that are not passed into the SecureParameters variable will be ignored by the server. Additionally, if security fails, the chat, visit or conversion will fail as well.

For browsers with JavaScript disabled, Digital DX loads an image inside the noscript tag to register the visit/conversion. In this case, use the parameter secured to pass the secured parameters.

Note: When using a Digital DX AI-enabled chat widget, you can set the domain manually as follows:

_bcvma.push(["setDomain", "s3.amazonaws.com"]);

PGP Encryption

Passed parameters should be URL-form encoded into a single string (for example, VisitName=Robert%20Smith&VisitEmail=r.smith%40gmail.com&ChatWindowID=123456). This is what you will PGP encrypt, sign and pass as the SecureParameters variable. The final string passed in as the SecureParameters variable will look like this:

"-----BEGIN PGP MESSAGE-----\nVersion: BCPG v1.50\n\nhQEMA9/66abKVXSZAQf/UT+3OtVApwD0H+Fv2S5bXqMfkvHEQgbvXLwMiLPRy2gs\nv3L4EbMGMoIjt8Leg1D/M8bgbovYEs546LwXdAcOQt/n4c2+9WB8mph9lDW4+z9U\n5eWwwDjatrF8yKvpVM+g0+y8SEtuuBr2xrNfXBaCXRSyEN/88tl7drvIjzAg5lUV\nuPMtDvLnE9bAhu02FQx04Dc0lKGDROPlXCp/6tW6rXRmdvZfPRe4GDCzkHoZVOGR\nByNMD1swSIWC60IL5so4wWvmOqgP/fU57W2QNz7wmF9RtSG+L8zdhYX0BKdQAOVL\nKzhRtoMbBpNcT1m0prFhw40sfGDcVnPLJhD4RvLv79LBpwE2HeW3LNm6ZH45ou1A\nmIzik8ZGExDVLY4N9tax6goP1tYXTOq2Zc/XuwIQHhXMdEZaxeLppsjt1cOym/BV\n/2y8uPO8DPQa4jTXDPOsmLJpzAJMnk3EhMMaDDzOIS32i8IyY2sYPgd651ifXrO7\n38zCnPC6zMByBuwqvoT5xlELYE0KFRvm7fmYhYK2KHQrazneESRX0TnLrI3k6mSR\ndK/MSLVb5v6aNY6f/RySADE/XqhEJ8DVXRyN8Qum+vtl1PMGOothaFemT4bZbZ+8\nw7PKCZSFWqKcEZyk1eJl02V8u1VgmYkaya2vvLGFqTGxSVk6jALrPcIyCxW7z1XV\nVSwdraDtqMyJ6aAOkUEF5qidyupoajpyjxWRsaM5Al/VJOjR6u97fu9aSNtGNW73\nmmpqBh2MwbPvO5wWTadN3VLRowlkzNWIX0pdKvdA69fQ4NlGLra9bmH0ofjQuCl9\nNTRAqn5pbyb8aCyWtxMTtgxZwgNsdWMg0yYMLV+HdH3zVT6Bc+lExzOl5rxOXxbz\nQxj3Bqil615AQP2JIi4A6FQ0+Om1xNtm+t6eIFAR3GDYjaw+GgBv+r4mdXRfz/6I\nOQysntG1rMgCHjXg6B2y46PAp2tdVptJVcUhyz93m99MBT3nKtUmmb5sVHJRnmIg\nQjQv+3SKjVnMwncHveNXosBBeem2Vdrb+lVbI3eQ0XD/fEi43oQdl8hSNuqfw1jy\nDz4Gi2EaYyaDqrRMS6nEMaOujfD6zcPpbR8MSbmQTvmi5eOWPQZhopXrN2ogxtea\n5jUabllMN5PxGkXWBAhWG1hUVkYH8SMucQ==\n=/htM\n-----END PGP MESSAGE-----"

Important: When using a Digital DX AI-enabled chat window, the ChatKey is pre-populated by the system. In this case, an Unsecured=ChatKey parameter must be used.

You can provide your public signing key on the New/Edit Website window. Digital DX uses it to generate a new server key in the back-end for encrypting the data and providing you a public key for encrypting the data.

The server-side generated keys are 2048-bit, and we recommend you use the same key size for your signing key.

For your first test, you can encrypt your data and pass it into the website setup data verification area. The server will decrypt it, verify the signature, and return the plain-text data or any error messages encountered.

HMAC-SHA512 Hashing

The most secure method of validating chats is the full PGP encryption. However, for ease of implementation, we also support the HMAC-SHA512 hashing algorithm.

The parameters you want to pass should be URL-form encoded into a single string (for example, VisitName=Robert%20Smith&VisitEmail=r.smith%40gmail.com&ChatWindowID=123456&Unsecured=ChatKey). The private hashing key will be concatenated in front of this value, and then hashed using the HMAC-SHA512 algorithm. The hashed value should then be hex-encoded and appended to the front of the SecureParameters variable. The final string passed in as the SecureParameters variable will look like this:

"1939D964B68EBFA61DE8C0B45D0C3C4836169C87DAB362116474A3B67B113B65F0172D3FA3191EC3525DA3E50B11A09B00B0A2869A1585EF148420347DE17A9EVisitName=Robert%20Smith&VisitEmail=r.smith%40gmail.com&ChatWindowID=123456&Unsecured=ChatKey"

Important: When using a Digital DX AI-enabled chat window, the ChatKey is pre-populated by the system. In this case, an Unsecured=ChatKey parameter must be used.

On the New/Edit Website window, you can create and delete the private hashing keys used to validate the customer data.

For your first test, you can hash the key and data to append the data to the hash and pass it to the data verification area of the New/Edit Website window. The server will parse out and verify the hash, returning plain-text data or any error messages.

Parameters

Once validation is enabled, you can use both original parameter names ("vr", "vn", etc.) and human-readable versions:

Friendly Name	Original	Meaning
URL	url	The current page of the customer (also the chat launch url when a chat is launched)
ReferrerURL	referrer	The referring page of the customer
VisitName	vn	The name of the customer
VisitRef	vr	A reference value for the customer
VisitInfo	vi	An information value for the customer
VisitEmail	ve	The email address of the customer
VisitPhone	vp	The phone number of the customer
CustomURL	curl	The custom URL for the chat
VisitorIcon	vicon	The chat icon for the customer
OperatorIcon	oicon	The default chat icon for the agent
LastName	ln	The last name of the customer
FirstName	vn	The first name of the customer (synonymous with VisitName)
InitialQuestion	iq	The initial question for the customer in chat
ConversionRef	cr	The conversion reference value for the conversion (must be unique per conversion code)
ConversionInfo	ci	An information value for the conversion
ConversionAmount	ca	The amount of the conversion (should be a number simply as 1000.15 for one thousand and fifteen one hundredths)
LanguageCode	lc	The language code for the chat
customField_[name]		Value of the custom field with the given name

Additional fields that require validation:

Friendly Name	Original	Meaning
ChatButtonID	cbdid	The ID of the chat button used to launch the request (which will additionally set the department and chat window if not overridden with another parameter) Important: To show the proper chat window, you must either define the ChatWindowID (or ChatButtonID) parameter as a secure parameter, or the cwdid (or cbdid) parameter as an unsecured one. Otherwise, your chat will be displayed in a default chat window. The default window does not support bot chats.
FloatingChatButtonID	cbdid	The ID of the floating chat button used to launch the request (synonymous with ChatButtonID)
ChatWindowID	cwdid	The ID of the chat window to show to the customer in chat Important: To show the proper chat window, you must either define the ChatWindowID (or ChatButtonID) parameter as a secure parameter, or the cwdid (or cbdid) parameter as an unsecured one. Otherwise, your chat will be displayed in a default chat window. The default window does not support bot chats.
DepartmentID	rdid	The ID of the department to which the chat should be assigned
OperatorID	roid	The ID of the agent to whom the chat should be assigned
ConversionCodeID	ccid	The ID of the conversion code
InvitationID	idid	The ID of the associated Auto-Invite Ruleset

Finally, there are several validation-related fields for enhancing chat functionality once the chat is validated:

Friendly Name	Original	Meaning
Type	type	The type of the request to enforce. Chat, visit, or conversion. Recommended on all requests.
Expiration	expires	The time when the request should no longer be considered valid. Recommended on all requests. Counted in milliseconds from midnight 1970-01-01 UTC. Note: The expiration should allow for a realistic duration of a session, and not too short.
ChatKey	ck	A unique identifier for this chat request. Repeated chat launches with this key will fail. Recommended on all chat-type requests. Note: Assign this parameter to a session ID or similar to allow for launching more than a single validated chat during a session. When using a Digital DX AI-enabled chat window, the ChatKey value is pre-populated by the system. This parameter must be listed as a value in the Unsecured parameter.
VisitorKey	vk	A unique identifier for this customer. If an agent blocks the chat, it blocks any chat/customer with this VisitorKey from re-launching chat.
Unsecured	unsecured	An `&` separated list of parameter names. These parameters when not present in the validated data can be pulled from the query string of the request normally and/or changed/populated without server validation. For example: `VisitName&InitialQuestion&VisitPhone` (note the `&` must be URI encoded to `%26` when it is part of the secure parameter string.) Important: When using a Digital DX AI-enabled chat window, the ChatKey is pre-populated by the system. In this case, an Unsecured=ChatKey parameter must be used.

API Parameters

If you are using the chat API, the following parameters are required when the chat is created:

Friendly Name	Original	Meaning
APIKey	APIKey	The API key being used. This must match the API key passed in through the authentication header.
Data	Data	Pre-populated data passed into the chat. (Note: Individual fields must be listed in the 'Unsecured' parameter to not require validation.)

Error Messages

Improper setup can result in the following errors:

Chat Not Validated: You have not passed in the required validation. Either there is no validation or the Type parameter has been set incorrectly (for example, you use the type visit to launch a chat).
Error Validating Chat: You tried to validate the chat, but the hash/encryption process was unable to either decrypt or verify the information.
Validated chat launch has expired: You are passing in an Expiration timestamp that is in the past. Make sure of the following: Confirm that your server's clock is accurate; Confirm that you are passing in the time dynamically at chat launch; Confirm that you are providing a sufficient buffer so chats can't be launched after they expire.
Validated chat launch has already been used: You are passing in a ChatKey value that has already been used to launch a chat. Confirm that the chat key is unique per potential chat launch or is being dynamically generated at chat launch.

If customer monitoring or conversion tracking is not being generated correctly, use the verification area of the New/Edit Website window to verify that the data has not expired and that type is set correctly.

How to add a Digital DX agent

Add an agent to your account. Set their name, email and password; define services they can use and choose languages they can support.

In the Web Admin Center, click Organization > Agents.
On the Agent Management page, click Create New.

Name the agent:

Option	Description
Agent name	The agent's proper name. Customers do not see this name.
Chat name	The agent's name as seen by customers.
User name	This name appears in reports.
Initials	Up to three characters. For Bold360 Plus accounts using Twitter, this uniquely identifies tweets.

Set email information and related options:

Option	Description
Email address	The agent's email address, which is used for the following: Sign in to Digital DX Reset a forgotten password Receive transcripts and other messages from Digital DX Email addresses must be unique in Digital DX.
Resend user invitation	Only available when you edit an existing agent. Select this option to resend an invitation email to the user. This is particularly useful when the user either cannot find the original invitation email or wants to reset their password.
Receive own transcripts	Email the agent a transcript after each of their own chats.
Receive emails with tips and tricks	Email the agent regular tips and tricks.

Set the user's Agent Name.
This is an internal name of the user, which is used, for example, in reports. Customers do not see this name.
Set the channels that the agent can handle.
- Chat
- Email
- Messaging
Select and prioritize Languages that the agent speaks.
If you select multiple languages for an agent then the following determines which language is used in a chat session:
- The language that matches the customer's language
- The language for which auto translation to the customer's language is available
- If an agent transfers a chat to a department or the whole organization then the agent with the highest customer language skill is selected
Save your changes.

How to force an agent to change their password

Force an agent to change their password upon next login.

Create or edit an agent, as follows:
1. In the Web Admin Center, go to Organization > Agents.
2. On the Agent Management page, select an existing agent or click Create New.
Result: The New/Edit Agent page is displayed.
On the Login and Security tab, select Force password change on next login.
Save your changes.

Changes are applied to your entire account.

How to set agent hours

You can set unique business hours per agent.

Create or edit an agent, as follows:
1. In the Web Admin Center, go to Organization > Agents.
2. On the Agent Management page, select an existing agent or click Create New.
Result: The New/Edit Agent page is displayed.
On the Agent Hours tab, select Set hours of availability for this agent.
Set the agent's time zone.
Set the agent's hours, as follows:
1. Click Add business hours to display the settings pane.
2. Set the hours.
Result: At any time outside the range, the agent's status is set to Away.
To prevent the agent from manually setting their status to Available outside their hours of availability, select Prevent manual override.
Save your changes.

How to enable chat recovery and recapture for an agent

Allow an agent to use the recovery and recapture feature.

When agents are unavailable, customers may nonetheless click on a chat button without making real-time contact with an agent. When an agent becomes available, Bold360 can proactively inform them that a customer who wanted to chat is still on the site (this is called recovery) or is filling out a form (this is called recapture). The agent can then choose to invite the customer to chat.

Create or edit an agent, as follows:
1. In the Web Admin Center, go to Organization > Agents.
2. On the Agent Management page, select an existing agent or click Create New.
Result: The New/Edit Agent page is displayed.
On the Advanced Settings tab, select Enable chat recovery/recapture.
Save your changes.

How to create agent statuses

Create custom agent statuses to extend your options beyond the standard Available and Away.

Create or edit an agent status, as follows:
1. In the Web Admin Center, click Organization > Custom Agent Status. The Custom Agent Status page is displayed.
2. Select an existing status or click Create New.
Result: The New/Edit Custom Agent Status page is displayed.
Enable and name your custom status.
Under Channels, activate the status per channel, as required.
Under Effect on Agent, choose whether agents are Available or Away when in this status.
When Maximum time allowed in this status is enabled, the agent's status is automatically set to the status selected from the menu after the defined amount of minutes.
To prevent users from manually applying this status, clear the box for Allow agents to change into or out of this status.
When disabled, the status can only be altered via an API call or when the time expires for Maximum time allowed in this status.
Save your changes.

The new agent status becomes available for agents working the selected channels.

Note: Although you can delete custom agent statuses, you cannot remove the default ones.

What are best practices for creating custom agent stauses?

We recommend creating custom Away statuses, such as lunch, meeting, and coffee break. This allows you to report on how long agents spend time in specific statuses rather than simply 'Available' and 'Away'.

Automatically log out, disable, or delete agents

In the Web Admin Center, go to General > Login Controls.

Under Agent Control, choose your settings:

Option	Description
Idle agents	Any inactive agent is logged out from the Agent Workspace after the defined number of minutes. Agents are active in the Agent Workspace when they press a key, or move or click the mouse. Note: Idle agents are not logged out during Remote Control.
Inactive agents	Any agent who does not log in to their account for the defined number of days is prevented from logging in to Digital DX.
Disabled agents	Any agent who has been disabled (according to the Inactive agents setting) is deleted after the defined number of days.

Save your changes.

Changes are applied to your entire account.

How to restrict customers and agents based on IP address

Gain control over who is able to chat with your organization.

The IP address restriction only applies to the Desktop Client. The Web Admin Center is still accessible from the IP addresses set under Restrictions.

In the Web Admin Center, go to Global Settings > Restrictions.
Result: The Restrictions page is displayed.

Choose your settings.

Option	Description
All HTML must be associated with a Website definition	Prevent visits from buttons lacking a website association or to require website validation.
Visit IP Ignore List	Add URLs that will not be monitored by the chat button HTML code. That is, customer information will not be collected for visits from listed URLs.
Extra Security	List customer IPs to be blocked from Chats (wildcards are allowed): Enter customer IP addresses to be blocked from engaging in chat. List agent IPs where login is allowed (wildcards are allowed): Enter agent IP addresses who are allowed to log in to the Agent Workspace, Admin Center, Dashboard, and Reports. Tip: You can define IP ranges and use wildcards. For example: 123.123.123.*

Save your changes.

Changes are applied to your entire account.

Force agents to regularly change their password

Set a password policy that forces agents to set a new password regularly and according to requirements.

In the Web Admin Center, go to General > Login Controls.

Under Credentials, choose your settings:

Option	Description
Force password change every X days	All agents are prompted to change their password after the defined number of days.
New password must not match previous	Agents must create a password that does not match this number of their previous passwords.

Save your changes.

Changes are applied to your entire account.

How to set up SAML 2.0 Single Sign-On in the Admin Center

Digital DX provides Single Sign-On support based on SAML 2.0 protocol. It accepts SAML Assertions using the SAMLResponse parameter where the NameID of the authenticated user is a mandatory claim.

On the Identity Provider (IdP) side you must set up the connection with the following parameters:

Protocol type: SAML 2.0
Service type: AssertionConsumerService
Binding type: HTTP-POST
WantAssertionsSigned: True

Alternatively, you can set up the connection using the Digital DX metadata XML below that contains the required parameters.

Important: Change both instances of xxxxxxxxxx to your account ID. You can find your Bold360 SSO URL on the settings form. Change both instances of yyyyyyyyyy to the web client URL extended with the server set for your data residency region.

Data Center	URL
USA	web.boldchat.com
EU	web-eu.boldchat.com

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor entityID="https://yyyyyyyyyy/aid/xxxxxxxxxx/" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
  <SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
    <AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://yyyyyyyyyy/aid/xxxxxxxxxx/"/>
  </SPSSODescriptor>
</EntityDescriptor>

In the Web Admin Center, go to General > Single Sign On.

Remember: You must configure SSO on the Identity Provider side first.

Click Test to check the authentication process.

You are redirected to the Identity Provider's URL in a pop-up window. If you get back SAMLResponse from the ID Provider then its response will be presented on this setting form. If no SAMLResponse parameter returns or you simply misconfigured your URL, the pop-up window may stay open.

Important: The Identity Provider URL must be a common link that authenticates and redirects the user to the Digital DX SSO URL with SAMLResponse token, if the user have the necessary rights.

Result	Description
`SAMLResponse` is returned	The response is presented in the form. Note: Copy the public key for later use.
`SAMLResponse` is not returned	The pop-up window may stay open. It is likely that you have simply misconfigured your URL.

Result

Description

SAMLResponse is returned

The response is presented in the form.

Note: Copy the public key for later use.

SAMLResponse is not returned

The pop-up window may stay open.

It is likely that you have simply misconfigured your URL.

Check that NameID is a mandatory claim in the SAMLResponse token.
You must add this claim on the Identity Provider side to be a unique attribute of the authenticated user, for example their e-mail address. When you map an authenticated user later on, the NameID field must be the SSO Name ID on the operator field.
In the Public Key field, paste the public key of your signed SAMLResponse token that you received in Step 2.
Save the public key.
Result: To work with SSO, use the following URL format:
- To access Agent Workspace:
  - https://agent.bold360.com/sso/account-id/ACCOUNTID (Replace ACCOUNTID with your account ID)
  - https://agent.bold360.com/sso/username/USERNAME (Replace USERNAME with your username)
- To access reports:
  
  https://reports.boldchat.com/aid/ACCOUNTID (Replace ACCOUNTID with your account ID)
- To access Dashboard:
  
  https://dashboard.boldchat.com/aid/ACCOUNTID (Replace ACCOUNTID with your account ID)
Check that parsing was successful to ensure that Digital DX servers understand the response as a SAML 2.0 Assertion Token.
Remember: First you must make sure that the SAMLResponse token is returned correctly.

Once parsing has completed successfully, you can check the following:

Issuer found: A required attribute in the SAML 2.0 protocol
IssueInstant: A required attribute that contains the issuer timestamp. It must be in UTC format by default. Digital DX accepts tokens within a valid time frame.
NameID: Required for mapping an agent record with the authenticated user.
Public key: Required and must be stored in Digital DX settings as well for signature validation.

How to enable Single Sign-On

Before you enable single sign-on, make sure all Digital DX users have SSO IDs assigned on the Organization > Agents page of the Web Admin Center,

In the Web Admin Center, go to General > Single Sign On.
Select one of the following login methods:
- Standard: Users can log in with their standard credentials
- Standard + SSO: Users can log in with either their credentials or by using SSO authentication
- SSO only: Users can log in using SSO authentication only
Enter the URL and Public Key of your ID Provider to the respective fields.
Click Test to make sure that your single sign-on setup works properly.
Save your changes.

How to force agents to use Single Sign-On

You can force agents to log in with their Single Sign-On ID only.

In the Web Admin Center, go to General > Single Sign On.
Select SSO Login Required.
Save your changes.

How to set customer greetings

Set a greeting message for your customers when they start chatting with an agent.

Create a canned message that you want to use as a welcome message. See Canned messages for agents.
Create or edit an agent, as follows:
1. In the Web Admin Center, go to Organization > Agents.
2. On the Agent Management page, select an existing agent or click Create New.
Result: The New/Edit Agent page is displayed.
On the Images and Greetings tab under Initial Greeting for Chat, select the message that you want your customers to see when an agent clicks Quick Accept.
Note: You can also set an Initial Greeting for Messaging that you can use with the various messaging services.
Optionally, under Conditional, select the conditions of displaying your chat greeting.
You can set up conditions based on either languages or websites.
- Languages - define greetings for the languages that customers can select on the pre-chat form. This way, for example, you can define separate chat greetings for your English, German, and Spanish customers.
- Websites - define custom greetings for each of your websites that you set up in Organization > Websites.
Save your changes.

Why does initial greeting have an 'Invalid item' option?

This additional option warns you that the initial greeting originally set for the agent is no longer available. This may occur, when the Canned Message that was previously set as a greeting is deleted by an admin. In this case, you should select another initial greeting for your agent.

Configuring Single Sign-On

Single Sign-On (SSO) integration simplifies the sign-in process by providing access to multiple products with a single login. This feature integrates with your current SSO technology and is easily accessible though the Agent Workspace.

Important: You can also set up SSO in the LogMeIn Organization Center as described in How to set up my Identity Provider for SSO.

Note: This feature is only available for Bold360 Plus subscribers and Bold360 AI platform accounts.

How do I disable a user?

When you disable a user, they won't be able to log in to Bold360 AI, but the user's data won't be deleted.

In the Bold360 AI platform, go to Admin Center > Users and select the user you want to disable.
Clear the Active option.
Click Save.

Disable Specific Users from Answering Tickets

In the Bold360 AI platform, go to Admin Center > Users and select the user you want to resttrict.
Under Advanced Credentials, setInbox: to none.

Agent - Role Overview

The agent role provides access to Bold360 AI in a way that the user can perform tasks related to ticketing.

An Agent can do the following:

Answer tickets by writing new responses
Answer tickets using existing responses
Suggest ticket answers to be added to the online Knowledge Base

An Agent cannot do the following:

Publish new answers to the Knowledge Base
Answer "Unanswered Questions"
Add new answers to the Knowledge Base
View analytics, updates or settings

This is how agents answer tickets in Bold360 AI:

Log in to Bold360 AI at <account>.nanorep.co.
Go to Ticketing > Open Tickets.
The Tickets screen is displayed.

Note: You can hover your mouse pointer over a ticket to see a preview of its contents.
Click on a ticket. The Edit Ticket page is displayed.
You can enter keywords or phrases in the Search for quick answers box in the Choose an existing answer tab. If there are existing answers in the knowledge base, which could provide a suitable response to the ticket, they will be displayed.
Click the response that best answers the ticket.
This displays the response in the form of an email to be sent to the customer, which you can edit as necessary.
If no answers exist which could provide a suitable response to the ticket, click the Write Answer tab and write a suitable answer.
- If this answer could help other customers, select the Add to Suggestions checkbox.
- If the answer is very specific to one single customer, and could not possibly provide assistance to anyone else, select the No, it's personal checkbox.
In the Ticket Status field, select Closed.
Note: If the question has been partially answered but still requires further attention, select Open in this field.
Click Send.

How do I add a user?

Add users to provide people in your organization access to Bold360 AI and specify roles and privileges to control what they can do in the system.

You need modify permission for Users to complete these steps.

In the AI Console, go to Admin Center > Users.
Choose (Add new user).
Specify a username, enter the user's email address and provide the user's real name.
Important: Make sure the email address you provide is valid and unique to this user in the system.
Select a user role.
- Account Manager: Can control any aspect of the Bold360 AI account, that is, access the analytics, answer tickets, manage the knowledge base. You can't change the advanced credentials for an account manager.
- Account Watcher: Provides read-only privileges, that is, the user can only review the knowledge base and the analytics, but they can't answer tickets.
- Agent: Can only answer tickets, can't review the analytics.
- Knowledge Base Manager: Can edit the knowledge base, manage users and review the analytics.
  Note: See How to choose a role for a user? for more information about these roles.
Select Add/Update to add the new user.
Optional: In the list of users, find and select the user you just created.
Optional: You can create user groups to further control what users have access to.
See What are user groups? to learn more.

Optional: Expand the Advanced Credentials and adjust the settings as required.

Name	Options
Users	Modify: The user can change the credentials of other users. View : The user can view the credentials of other users, but can't modify those. None: The user doesn't have access to the Users menu.
Analytics	Modify: The user can run, export, and save reports. View: The user can run and export reports, but can't create new saved reports. None: The user doesn't have access to the Analytics menu. Note: The Analytics section also includes the touchpoints and the voices sections.
Inbox	Modify: The user can access the ticketing system and answer tickets. View: The user can only view tickets, but can't answer them. None: The user doesn't have access to the Ticketing menu.
Chat	Modify: The user can modify the options on the Chat pages of the Bold360 AI platform. View: The user can only view the chat settings, but can't modify them. None: The user doesn't have access to the Chat pages of the Bold360 AI platform.
Knowledge-Base	Modify: The user can create, modify, and delete articles in the Knowledge menu of the Bold360 AI platform. View: The user can view articles, but can't create, modify, or delete content in the Knowledge menu. None: The user doesn't have access to the Knowledge menu.
Publishing Center	Modify: The user can create, modify, and delete content on theKnowledge > Suggested Content page. View: The user can view the content on the Knowledge > Suggested Content page, but can't create, modify, or delete any content. None: The user does not have access to the Knowledge > Suggested Content page.
Settings	Modify: The user can modify the options on the Admin Center pages of the Bold360 AI platform such as context, account health, or ticketing rules. View: The user can only view the account settings, but can't modify them. None: The user doesn't have access to the Admin Center pages of the Bold360 AI platform.
Voices	Modify: The user can delete voices. View: The user can assign voices and mute/unmute voices. None: The user can access Search Optimizer and can open items assigned to them.

How do I set user group permissions?

With user group permissions you can restrict user's access to a certain knowledge base or subset of a knowledge base.

Users' credentials can be restricted to specific knowledge bases, as described below, and also used to apply ticket management policies. Ticketing permissions can limit or allow access to tickets (viewing and taking tickets) that define the group. Groups are separated from one another by the level of tickets' access limitations the members in the group have; whether they can view all tickets, certain tickets and so on.

A group must have one of the following ticketing permissions:

View all tickets: no special permissions are enforced.
View and take selected labels: users can view some labels and take tickets using the 'Take tickets' button
Take selected labels: users cannot view any tickets, but can still take tickets using the 'Take tickets' button.
Only see assigned items: users cannot view, nor take any tickets. They can only handle tickets that are assigned to them by someone else.

For example: If we look at the example; the Support group. We wanted all tickets labeled as Support to be viewed and taken by Dan, Roy, and David, our support agents. As you can see, by choosing the View and take selected labels, we determine this permission type. The members of the Support group will be able to access My Inbox (ticket assigned especially to them) and also access tickets in the "Support label" and take them. If they had the Take selected labels permission type, they could only take tickets in the Support label (by clicking the take tickets button), but not be able to view them. We still need to choose the label Support to set the ticket assignments abilities. Once the group is created, our agents, (Dan, Roy, and David) will be associated with the Support group. These steps are described below.

Take Options

The first three options allow the agent to take tickets. If an agent can take tickets, a new button, Take tickets appear on his My Tickets page. When clicked, this button assigns the agent some tickets from the pool of unassigned tickets according to his permission labels. This also enables agents to get tickets from a certain group without viewing tickets in the group and therefore explains the "Take selected labels" option. Once choosing one of the first three options, you'll have to define two additional options:

How many tickets are taken each time Take tickets is pressed;
Maximum number of tickets assigned to the user before he can take more. For example, users take tickets [ 5 ] at a time, if they have less than [ 50 ] tickets assigned.

Note: if an agent belongs to more than one group and the groups contain different 'take' permissions, the user's de facto permissions will be the highest one.

How to choose a role for a user?

User roles control what the users have access to and can do in Bold360 AI.

There are several roles that together contribute to the daily running and maintenance of your Bold360 AI implementation.

The Knowledge Base Manager

The Knowledge Base Manager holds an extremely important role in the Back Office, as they are responsible for ensuring that the Knowledge Base is kept up-to-date and optimized with the most effective and relevant information, which guarantees the smooth running of the Bold360 AI system and effective customer service. The Knowledge Base Manager performs their tasks in the Knowledge Base, Search Optimizer 2.0 and the Publish Answers sections. These tasks include searching for unanswered questions (articles) and ensuring that they are given an accurate and appropriate answer, as well as writing new answers, editing existing answers, merging existing answers, adding phrasings to the database and adding synonyms.

The Account Manager

The Account Manager is responsible for monitoring the day-to-day running of the Bold360 AI application of your site, ensuring that everything runs smoothly and that customers are happy with the responses they receive via the Bold360 AI interface. Account Managers have full access to the entire Bold360 AI back office, and can perform all tasks. Many of these tasks fall under the direct responsibility of either the Agent or the Knowledge Base Specialist, with the Account Manager monitoring the situation, and acting in a supervisory role.

The Account Watcher

The Account Watcher observes and monitors the activity of your site. Read-Only privileges. Can only review the knowledge-base and the analytics. Cannot answer tickets.

Users in Account Watcher role who also have write permission can create draft articles but cannot publish those, which essentially makes them content managers. Due to this change, existing users in Account Watcher role will not be able to publish articles.

The Agent

The Agent can answer tickets by writing new responses or using existing responses, and can suggest ticket answers to be added to the online Knowledge Base. However, the Agent cannot publish new answers to the Knowledge Base, answer "Unanswered Questions", add new answers to the Knowledge Base or view analytics, updates and settings.

Account Manager - Role Overview

The account manager role provides full access to Bold360 AI.

The Account Manager is responsible for monitoring the day-to-day running of the Bold360 AI application of your site, ensuring that everything runs smoothly and that customers are happy with the responses they receive via the Bold360 AI interface. Account Managers have full access to the entire Bold360 AI back office, and can perform all tasks. Many of these tasks fall under the direct responsibility of either the Agent or the Knowledge Base Specialist, with the Account Manager monitoring the situation, and acting in a supervisory role.

Add users

You can add new users to the back office. During the adding procedure, you will define their role, as either Agent, Knowledge Base Specialist, Account Watcher, or as another Account Manager.

To add new users:

From the Bold360 AI dashboard, go to Admin Center > Users.
Click the Add New User icon. The Add New User dialog is displayed, incorporating descriptions of each type of user.
Complete the fields and select the appropriate role, as required.
Click Update.

Add user groups

To add new user groups:

Note: If you have many users, and different Knowledge Bases within your system, you can create separate groups of users.

From the Bold360 AI dashboard, go to Admin Center > Users.
Click the Groups icon.
Click the Create Group link.
Give the group a name, and specify the values in the remaining parameters as required.
Click Save.

Manage tickets

You must ensure that all tickets are handled. Tickets need to have agents assigned to them. This can be done according to a number of methods; by the Agents themselves, if they have the correct privileges, or group permissions, or you can assign tickets to Agents.

To assign agents to handle new tickets:

From the Bold360 AI dashboard, navigate to the Tickets tab.
In the drop-down list, select New Tickets. The new and unassigned tickets are displayed.
Select the checkbox next to a ticket, and click the Assign button. A list of agents is displayed.
Click the name of the required agent to immediately assign them to the ticket.

Handle Open Tickets

Open tickets can be new tickets or tickets that require further investigation.

In the AI Console, go to Ticketing > Open Tickets.
You see a comprehensive list of all tickets that have not yet been closed, including tickets which require follow-up.
Select a ticket to work with.

Publish answers

When new answers are created, or existing answers are enhanced, they need to be published to the Knowledge Base. This is primarily one of the responsibilities of the Knowledge Base Specialist, but you also have permission to do this.

Optimize the Knowledge Base search

The knowledge base is the most crucial element of Bold360 AI. It comprises all the information that your customers could potentially require, encompassing all questions asked and answers provided.

Search Optimizer is a tool that enables you to ensure that the knowledge base fulfills its potential, and contains the most relevant and applicable information possible. By using Search Optimizer, you can fine tune and enhance your knowledge base, as it contains the most recent questions handled by the system, and you can see how each was handled; whether it was answered automatically, if the answer was indeed accurate and whether the question was escalated.

Optimizing the knowledge base is primarily the responsibility of the knowledge base specialist. The Account Manager is also responsible for ensuring that the knowledge base is continually optimized, but in a more supervisory role.

To optimize the knowledge base using Search Optimizer comprises the following:

All unanswered questions must be properly answered.
All escalated questions must be reviewed and provided with an accurate answer.
Note: Some escalated questions may also be unanswered questions.
New and improved answers should be published to knowledge base.

SLA (Service Level Agreement) tracking

If you are using the generic Bold360 AI ticketing system, you also have SLA tracking capabilities. As the Account Manager, you are responsible for configuring, tracking and maintaining Service Level Agreements (SLAs) with your company's customers. You are able to define response and resolution times, as well as set the hours of business for your customer support mechanism.

To access the SLA Tracking options, from the Bold360 AI dashboard, navigate to Settings > SLA Tracking.

Checking "Analytics"

One of the most important aspects of the position of Account Manager is to analyze the data received from the site, in order to stay on top of customer needs. Bold360 AI enables you to view analytics of a variety of elements of the site data, presented according to various periods of time (which are easily specified and adjusted).

To view the analytical information:

From the Bold360 AIdashboard, go to Analytics.
Each tab within this section of the application offers a different type of data analysis. The topics covered by Bold360 AI data analytics are:
- Return on investment (ROI)
- Conversions
- SLA
- Traffic
- Knowledge Base
- Search Log

You also have the option to create data analysis charts according to your own specific requirements in the Custom Charts option, according to traffic, usage, knowledge base size and usage, and users.

How to disable a specific user account

As an Administrator, you can disable Digital DX user account. This is useful when, for example, an agent leaves your organization.

In the Web Admin Center, go to Organization > Agents.
Click the name of the user that you want to disable.
On the Login and Security tab, click Disable Login.
Save your changes.

How to unblock a user account

User accounts will be blocked when users enter incorrect passwords too many times. Administrators can unblock these agents in the Admin Center.

In the Web Admin Center, go to Organization > Agents.
Click the name of the user that you want to unblock.
On the Login and Security tab, click Unblock.
Note: This option is only available for blocked users.
Save your changes.

What are the user privileges in the AI Console?

There are four different user privileges in the AI Console:

1. Account Manager: Can control any aspect of your AI account (i.e Access the analytics, answer tickets, manage the knowledge-base).

2. Account Watcher: Read-Only privileges. Can only review the Knowledge Base and the analytics. Cannot answer tickets.

3. Agent: Can only answer tickets. Cannot review the analytics.

4. Knowledge-Base Manager: Can edit the Knowledge Base and manage users. Can manage your reps activity and review the analytics.

For more information about each of these roles, read How to choose a role for a user?

Users can get custom privileges under Advanced Credentials. For more information, see How do i add a new user?

How to log in with SSO to the AI Console

Users of the AI Console can log in with their corporate credentials using single sign-on (SSO), which provides a new layer of security. Once SSO is configured, each user in the account can log in by clicking the Use Single Sign-On (SSO) link at the bottom of the login page.

To set up SSO login for an account, do the following:

As an administrator user log into the AI Console and go to Settings > SAML Settings.
Select Enable authentication for this account.
Paste the content of the metadata file that you received from your Identity Provider into the SAML Meta Data XML field.
Note: the AI Console supports SAML 2.0.
Optional: Select Force SSO Login to disable the standard login method.
Important: When you enable the Force SSO Login option, all passwords for your account will be deleted. Users can no longer log in to the AI Console with their email and password.
Save your changes.

Depending on your account's SSO configuration, the AI Console login page now displays the following options:

Login: when SSO is not available, you can log in with your username and password.
Use Single Sign-On (SSO): when SSO is the only option to log in to your account. This is the only option when Forced SSO login is enabled.
Both of the above login options: when SSO authentication is not exclusively enabled for the account, that is, Forced SSO login is disabled. In this case, users can decide how to log in to the AI Console:

About the new sign-in process in the Digital DX AI platform

About the new sign-in process in the Digital DX platform

Use your email address instead of your username to log into the AI Console.

Overview of the new sign-in process

LogMeIn migrates all customers to use a unique email address to sign in to all LogMeIn products, including the AI Console. This change modernizes our sign-in process and simplifies it for users: you no longer have a separate username and email address. Having a common identity across LogMeIn products makes it easier for you to use our suite of solutions.

With the coming of the new sign-in process, users of the AI Console may have to verify their email address. The password policy will also be affected.

Important: Your IT team must allow access to authentication.logmeininc.com and auth.bold360.com. For more information, see Allowlists and the Bold360 AI platform.

Who is impacted by this change?

Every user who signs in to the AI Console with a username at <account>.nanorep.co.

For users who sign in through an SSO provider, the experience will stay as it used to be.

Who should verify their email address?

From February, 2021, users of the AI Console may have to provide their email address and go through a short email verification process when signing in for the first time.

Account Managers can save time for users by reviewing user email addresses to make sure they are valid and up to date. Users of multiple LogMeIn products with different passwords will also need to create a new single password for all products.

What if I or my users have access to multiple accounts?

For users who have access to multiple accounts, the Account Manager must make sure they have the same email address for every account. Once the user has the same email provided for every account and the user has set up the same password for all their accounts, they will see an account selector upon sign-in.

As an Account Manager, how do I resend an invitation?

As an Account Manager, you can resend the email invitation to the Digital DX AI account. To do so, proceed as follows:

In the AI Console, go to Admin Center > Users.
Select the user you want to resend the invitation to.
Choose Resend Invitation next to the user's email address.

As an Account Manager, how do I reset passwords for my users?

You don't. The email and password of each user are owned by the user themselves and Account Managers cannot control them. You can however remove or modify each user's permissions as needed.

How does the password policy change?

Starting February, 2021, you will no longer have the option to customize the password policy in Digital DX AI. The password policy will be disabled for all accounts by default.

If you still want to enforce a password policy, as an admin, you must enable it for your account and then each user must agree to the policy before signing in to the AI Console.

The password policy has the following configuration:

Users must change passwords every 90 days
Users cannot reuse their last five passwords
Password must be at least eight characters long
Password must contain a number, an uppercase character, and a lowercase character
Password cannot have the same character repeating four times in a row
Password cannot contain the user's name or the account name

Users will be locked for five minutes after three unsuccessful sign-in attempts. After 25 unsuccessful attempts, users will be "hard locked" and will be able to unlock their account only by resetting their password. As additional protection, LogMeIn uses risk-based authentication to protect against sophisticated password attacks.

How to authenticate on Digital DX AI APIs

If you used username and password to authenticate on Digital DX AI APIs, you will now have to create an API key for authentication. For more information see How to create an API key.

How to make changes in the AI Console

When an Account Manager (administrator) adds a new user, or modifies an existing one, the user profile requires a unique email address for that user, that is, an email address can't be associated with more than one user in the system. The email address must also be valid to ensure that the user can receive verification and password reset emails.

For users who have access to multiple accounts, the administrator must make sure they have the same valid email address for every account. Once the user has the same email provided for every account, they will see an account selector page upon sign-in.

Note: We recommend that administrators visit the AI Console and review the email addresses in the system for all users.

For more information, contact your Customer Success Manager.

How to start the BoldChat Operator client in SSO mode

You must set up SSO mode on every BoldChat Operator client running versions between 7.4 and 15.2.

Important: We highly recommend that you upgrade your BoldChat Operator client to the latest version. For more information, see How to update your BoldChat Operator client.

Open the Windows Start menu and type SSO Mode, then press Enter.
If you cannot find SSO Mode, go to the folder in your computer where the Operator client is installed, and type operatorclient.exe /ssosetup.

The Operator client is installed in the c:\Program Files (x86)\BoldChat folder by default.
In the Account ID field, type your account ID.
If you want to sign in without using SSO mode, type your region ID, which is as follows:
- 1 for US customers
- 2 for EU customers
Make sure that SSO Login Mode is enabled.
Click OK.
Sign in to the BoldChat Operator client with your credentials.

How to sign in to BoldChat?

With the coming of the new sign-in process on March 16, 2020, depending on the version of your BoldChat Operator client, you will have the following options to sign in to the client:

Note: To check the current version of your Operator client, go to the Help > About menu.

If you use the latest client, you can sign in with your email address and password as described below.
If you use a client version earlier than version 15.2.6, you can either update your client to the latest version or start the client in SSO mode.
If you use an Operator client version prior to 7.4, you must download and install the latest client version. See How to update your BoldChat Operator client.

For more information on these changes, see About the new sign-in process in BoldChat.

To sign in with your email address and password, do the following (for clients running version 15.2.6 or later):

Start the BoldChat Operator client.
Sign in with your email address and password.
If you have access to multiple accounts, select the account that you want to work with.

Result: The Operator Client opens.

Why didn't I get a verification or invitation email?

The following questions answer those problems that may occur when you do not receive an email verification upon creating a new user or verifying the email address of an existing one:

Why didn't I get an email when I tried to reset my password?

If you reset your password but did not receive an email from Bold, please check the following:

Type your username or email address in the Reset your Password window:
- If you have not yet registered your email address as your new username, type your current username
- If you have registered your email address as your new username, type your email address
If the issue still occurs, check your spam folder.
If you still don?t receive an email, make sure your Email settings can accept emails from noreply@logmein.com.
If the issue persists, contact our Support team or your Customer Experience Manager.

Why am I not receiving an invitation or verification email?

Make sure your spam folder does not contain an email from us.
If you still don?t receive an email, make sure your Email settings can accept emails from noreply@logmein.com and support@boldChat.com.
If the issue persists, either ask your administrator to re-send an invitation, which will allow you to set up a new password, or contact our Support team or your Customer Experience Manager.

How do I reset a password?

The following questions answer those problems that may occur when you do not receive an email verification upon creating a new user or verifying the email address of an existing one:

As an operator, how do I reset my password?

Type your username or email address in the Reset your Password window:
- If you have not yet registered your email address as your new username, type your current username
- If you have registered your email address as your new username, type your email address
If the issue still occurs, check your spam folder.
If you still don?t receive an email, make sure your Email settings can accept emails from noreply@logmein.com.
If the issue persists, contact our Support team or your Customer Experience Manager.

What are the requirements for creating a new password?

Must be at least eight characters long
Must have a digit, an upper case character, and a lower case character
Cannot have the same character repeating four times in a row
Cannot contain your user name or the account name
Cannot reuse your last five passwords

As an administrator, how do I reset passwords for my operators?

You don't. As LogMeIn moves to the new common identity platform, each user will be uniquely identified by their email address. Users of LogMeIn products will be able to easily move between different LogMeIn products using the same username and password. Therefore, the email and password of each user are owned by the user itself and can?t be controlled by the administrator of a Bold account.

Do I need my operators to have a valid email address?

Yes. Since each user of LogMeIn products is identified by their email address, that email address must be valid and accessible. Email addresses in your BoldChat account can be either a work email (recommended) or a personal email. These emails will not receive any sensitive information regarding your BoldChat account.

What if I can login but have no access to a Bold account?

If an email invitation was already sent to you (automatically when creating new user; when changing an your email address; or when resending an invitation), make sure that you set up your Bold access through this invitation email. These invitations are always sent from support@BoldChat.com.

If you are an existing Bold user and your username has not been changed since LogMeIn started migrating Bold users to the common login platform in March 2020, make sure you set up your Bold access by doing the following:

Sign in with your former Bold username and password.
During the sign-in process, switch your username to your email address.

How to switch account

Users with multiple accounts can switch between accounts without signing out of BoldChat.

Sign in to the BoldChat Operator Client.
In the BoldChat menu, click Switch Account.
You are redirected to the account selector page, where you can choose another account to sign in to.

For more information about the account selector page, see How to sign in to BoldChat?

About the new sign-in process for the Desktop Client

In a nutshell

If you use the latest Desktop Client(version 15.2.6 or later) or you already use the client in SSO mode, you have nothing to do. To check the current version of your Operator client, go to Help > About.
Important: We highly recommend that you upgrade to the latest Operator client version by January 27, 2020. See How to update your Desktop Client.
If you want to use your older client version, which supports Single Sign-On (available from version 7.4), then follow the instructions in How to start the Desktop Client in SSO mode.
Note: You must set up SSO mode on every Desktop Client.
If you use a Desktop Client version prior to 7.4, you must upgrade to the latest client version. Contact your Customer Success Manager for help.

Overview of the new sign-in process

LogMeIn migrates all customers to use a unique email address to sign in to all LogMeIn products, including all versions of Digital DX. This change modernizes our sign in process and simplifies it for users: you no longer have a separate username and email address. Having a common identity across LogMeIn products makes it easier for you to use our suite of solutions.

With the coming of the new sign-in process, Desktop Client users may have to verify their email address and their password policy will also change. Operators and admins will have the following experience when they sign in:

If you also have access to multiple accounts, you will have to select that after signing in to the Desktop Client. Operators and admins will see the following window when they select a Digital DX account to work with:

Important: By January 31, 2020 your IT team must allowlist these URLs to allow access to http://authentication.logmeininc.com and auth.bold360.com. For more information, see Allowlisting and Digital DX.

How does your current password policy change?

You will no longer have the option to customize your organization's password policy. If you still want to enforce a password policy, as an admin, you must enable it for your account and then each user must agree to the policy before signing in to the Desktop Client.

Starting March 16, 2020, accounts who previously enforced password policies will adopt the following configuration:

Users must change passwords every 90 days
Users cannot reuse their last five passwords

Users will be locked after three unsuccessful sign-in attempts for five minutes. After 25 unsuccessful attempts, users will be "hard locked" and will be able to unlock their accounts only by resetting their passwords. As additional protection, LogMeIn uses risk-based authentication to protect against sophisticated password attacks.

Your existing password policy that you can set on the Setup > Login Control Settings page in the Desktop Client will change to default in the following cases:

You have selected Apply password policy to all users on the Future Login Setup page
You have enabled Disallow reusing password for X generations on the Setup > Login Control Settings page
You have enabled Force change of password every X days on the Setup > Login Control Settings page

Who should verify their email address?

From March 16, 2020, Digital DX users may have to provide their email address and go through a short email verification process when signing in for the first time. An administrator can save time for users by setting up user email addresses, in which case users can skip the email verification. After setting up user emails, select the Force email that I set up for my users option on the Setup > Future Login Setup page in the Desktop Client.

After setting up an email address, users can sign in with their email address.

Note: You may have the option to postpone switching to your email address to sign in by clicking the I'll do this later link. To support operators and their administrators during this busy time, you can do so by May 31, 2020.

To set up user emails with the API, see How to set up user emails with the API?

Where to make changes in the Desktop Client

You can make email and password policy-related changes on the Setup > Future Login Setup page in the Desktop Client:

Force email that I set up for my users: After an admin sets up unique email addresses for all Digital DX users, select this option to force using those pre-defined emails to sign in. Users will not have to verify their emails.
Password policy changes: Select this option to apply LogMeIn's common password policy on all Digital DX users starting March 16, 2020. This means forcing users to change their passwords every 90 days and not reusing their last five passwords.

Identity and Access Management Provider Support

Many companies provide identity and access management (IAM) services for our LogMeIn products. The specific services they offer will vary depending on the company, as shown below. Some offer single-sign on only, others offer automated user provisioning only, and some offer both. In addition, some Identity Providers allow you to also sign in from the Identity Provider's website in addition to our own Login page.

Below you'll see a breakdown of which services are offered by which companies, so that you can decide which is the best option for your company's needs.

Identity Provider (IdP)	IdP Flow	SP Flow	Configuration	Additional Info
Active Directory Federated Services (ADFS) v2.0 \| v3.0	x	x	Publishes its metadata at a public URL for consumption. Can consume a SAML SP's metadata from a metadata URL.	May not support a default RelayState for use in the IdP-Initiated flow. Supports the forceAuthn flag. Validates signature on AuthnRequest.
NOTE: Links in this table access the Identity Provider site. Search for the LogMeIn product of choice in the site.
Azure AD		x	Publishes its metadata at a public URL for consumption. Does not support consuming a SAML SP's metadata from a metadata URL.	Does not support the forceAuthn flag, errors if encountered. Does not validate signature on AuthnRequest.
RSA		x
Okta	x	x	Publishes its metadata at a public URL for consumption. Does not support consuming a SAML SP's metadata from a metadata URL.	Supports forceAuthn flag. Does not validate signature on AuthnRequest.
OneLogin	x	x	Publishes its metadata at a public URL for consumption. Does not support consuming a SAML SP's metadata from a metadata URL.	Does not support the forceAuthn flag, errors if encountered. Does not validate signature on AuthnRequest.
SecureAuth Version 6.0-7.5 Version 8.0 Version 8.1	x	x	Does not publish its metadata at a public URL for consumption. Does not support consuming a SAML SP's metadata from a metadata URL.	Supports forceAuthn flag. Validates signature on AuthnRequest.

What user actions can I control with permissions?

When you define a permission group, you can select what actions users can take in Agent Workspace.

ActiveAssists

These permissions are not in use in Agent Workspace, only in the BoldChat Operator Client.

Chats

Control what your agents can do during chat.

Permission	Description
ActiveAssist - Cobrowse	Agent can start a co-browse session during chat. See How to start a co-browse session.
ActiveAssist - Screen Share	Agent can initiate screen sharing where customers can share their screen.
Answer	Agent can answer chats. Without this permission, they can only view chats.
Assign Other	Agent can transfer (assign) chat items to other agents in Monitor View.
Assign Own	Agents can transfer (assign) chat items to themselves in Monitor View. See How to transfer a chat.
Block customer IP	Agent can block the customer's IP address during chat. See How to block customers during chat.
Can see others' post-chat survey	Agent can view other agents' post-chat survey results.
Can Send Files to Customer	Agent can send file to customer during chat. See How to accept a chat.
Can Use Auto-Translation	Agent can use auto-translation during chat. See Set up auto-translation.
Custom Wrap-Up: Edit after chat close	Agent can edit their own chat wrap-up fields even after the chat is closed.
Custom Wrap-Up: Edit before chat close	Agent can edit their own chat wrap-up fields before the chat is closed.
Custom Wrap-Up: Edit chats assigned to me	Agent can edit the wrap-up fields of their own chats.
Custom Wrap-Up: Edit chats assigned to others	Agent can edit the chat wrap-up fields of other agents.
Delete	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.
Discussions	Agent can discuss a customer's issue with another agent during chat. See How to discuss a customer's issue with another agent.
Email	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.
End Other	Agent can end other agents' chats.
End Own	Agent can only end their own chats.
Flag	Agent can flag a chat with the flag icon either in the chat panel or in Monitor View. See How to accept a chat.
Grid View Column Chooser	Agent can select which columns should be displayed in Monitor View. See How to monitor the chats of your organization.
Grid View: Active Chats	Agent can view chats of all agents in Monitor View.
Grid View: Deleted Chats	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.
Grid View: Flagged Chats	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.
Grid View: Inactive Chats	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.
Grid View: My Active Chats	Agents can view only their own chats in Monitor View.
Grid View: My Inactive Chats	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.
Grid View: Unread Chats	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.
Integrations	Agents can use integrations in Agent Workspace. See Provide a link to a custom integration.
Join	Agent can join another agent's chat session. See How to join a chat during an internal discussion.
Move	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.
Performance Indicators	Agent can view performance indicators in Agent Workspace. See Where to find agent stats in the Agent Workspace.
Print	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.
Relate	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.
Salesforce	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.
Search	Agent can search chat items in Agent Workspace. See How to search your work items.
Search KB	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.
Suggest response as Smart Advisor article	Agent can suggest a response as a new article in the knowledge base that is set in Channels > Chat > Chat Windows in the Bold360 Admin Center.
Undelete	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.
Unflag	Agent can remove a flag from a chat either in the chat panel or in Monitor View.

Contacts

These permissions are not in use in Agent Workspace, only in the BoldChat Operator Client.

Emails

Control what your agents can do with email threads.

Permission	Description
Accept	Agent can answer incoming emails.
Assign None	Agent cannot transfer emails to other agents.
Assign Other	Agent can transfer (assign) emails to other agents in Monitor View and in the email panel.
Assign Own	Agents can transfer (assign) their own emails to in the email panel.
Close Other	Agent can close other agents' email threads.
Close Own	Agent can close their own email threads.
Delete	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.
Discussions	Agent can discuss a customer's issue with another agent. See How to discuss a customer's email with another agent.
Flag	Agent can flag an email thread with the flag icon either in the chat panel or in Monitor View.
Forward	Agent can forward an email thread.
Grid View Column Chooser	Agent can select which columns should be displayed in Monitor View. See How to monitor the emails of your organization.
Grid View: All Email Threads	Agent can view email threads of all agents in Monitor View.
Grid View: Closed Email Threads	Agent can view closed email threads of all agents in Monitor View.
Grid View: Deleted Email Threads	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.
Grid View: Flagged Email Threads	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.
Grid View: Open Email Threads	Agent can see all open email threads in Monitor View.
Grid View: Unread Email Threads	Agent can see unread emails in Monitor View.
Move	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.
Open Other	Agent can open other agent's email threads.
Open Own	Agent can open their own email threads only.
Print	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.
Redirect	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.
Relate	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.
Reply	Agent can reply to email threads.
Salesforce	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.
Search	Agent can search for email threads.
Search KB	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.
Send	Agent can send emails.
Undelete	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.
Unflag	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.

Messaging

Control what your agents can do while answering Facebook, text, and Messaging Apps (async) messages.

td class="entry cellrowborder" s

What do I do if I forgot my password?

The Forgot password? option on the AI Console sign-in page enables you to reset your password.

From February, 2021, here's how you can reset your password when you try to sign in with your email address:

On the sign-in page, enter your email to the Email field and choose Next.
Select Forgot password.

Result: You are taken to the Reset Password page.
Choose Reset password.
Result: You'll receive an email to the email address associated with your user.
Check your inbox and select Create a password in the password recovery email from LogMeIn.
On the Reset Password page, enter a new password for your account.
Confirm your password and choose Reset Password.

Set Up a Custom Enterprise Sign-In Configuration

One of the options for implementing Enterprise Sign-In (single sign-on) is to set up a custom configuration using the Identity Provider tab within the Organization Center. This is most commonly used by companies that use a third-party provider that doesn't offer a pre-configured single sign-on package, or that need a custom SAML Identity Provider.

LogMeIn offers Enterprise Sign-In, which is a SAML-based single sign-on (SSO) option that allows users to log in to their LogMeIn product(s) using their company-issued username and password, which is the same credentials they use when accessing other systems and tools within the organization (e.g., corporate email, work-issued computers, etc.). This provides a simplified login experience for users while allowing them to securely authenticate with credentials they know.

The Identity Provider tab within the Organization Center supports various configurations. IT Administrators can configure automatically using a metadata URL or uploading a SAML metadata file, or configure manually with sign-in and sign-out URLs, an identity provider ID and an uploaded verification certificate.

General Identity Provider Setup Overview

A trust-relationship between two relying parties has been established when each party has acquired the necessary metadata about the partner for execution of a SAML Single Sign-On. At each relying party, the configuration information can be input dynamically or manually, depending on the interface offered by the IdP.

When introducing the LogMeIn SAML Service's metadata at the IdP, you may be given an option to add a new Service Provider via metadata. In this case, you can simply populate the metadata URL field with:

https://authentication.logmeininc.com/saml/sp

In the event your IdP requires manual input of information, you'll need to manually enter the parts of the metadata. Depending on your IdP, it may ask for different pieces of information or call these fields different things. To start, here are some of the configuration values that should be entered if your IdP asks for them. Then, depending on your IdP's support for s feature called RelayState, there will be additional values to input.

EntityID ? The LogMeIn SAML Service's entityID is the metadata url. The IdP may sometimes refer to it as the IssuerID or the AppID. (https://authentication.logmeininc.com/saml/sp).
Audience ? This is the EntityID of the GoTo SAML Service. An IdP may refer to it as the Audience Restriction. This should be set to: https://authentication.logmeininc.com/saml/sp.
Single Logout URL ? The destination of a logout request or logout response from the IdP: https://authentication.logmeininc.com/saml/SingleLogout.
NameID format ? The type of the subject identifier to be returned in the Assertion. The LogMeIn SAML Service expects: EmailAddress

When accessing products through an IdP-initiated sign in, some IdPs support a feature known as "RelayState", which allows you to drop users directly into the specific LogMeIn product on which you want them to land. To configure this, the following fields, if requested by your IdP configuration should be set accordingly. Some IdPs refer to these fields by different names. Where possible, we have included alternative names that some IdPs use for these fields.

Assertion Consumer Service URL ? The URL where authentication responses (containing assertions) are returned to. The IdP may also refer to this as the ACS URL, the Post Back URL, the Reply URL, or the Single Sign On URL.
Recipient
Destination

If your IdP supports the RelayState feature, all of the above fields (where requested by your IdP - not all IdPs will ask for all fields) should be populated with: https://authentication.logmeininc.com/saml/acs.

You can then set a per-product RelayState to allow routing to different products from your IdP application catalog. Below are the RelayState values to set for LogMeIn products:

Digital DX: https://launch.bold360.com/

If your IdP does not support the RelayState feature, there will be no RelayState value to set. Instead, set the ACS values above (ACS URL, Recipient, Destination) to the following values per product

Digital DX: https://authentication.logmeininc.com/saml/launch.bold360.com/acs

During manual configuration of the LogMeIn SAML Service at the IdP, you may be presented with some additional options. Here is a list of potential options you may be presented and what you should set them to.

Sign assertion or response
- Activate this option, the LogMeIn SAML service requires the IdP's signature on the response.
Encrypt assertion or response
- Deactivate this option, currently the SAML service is not processing encrypted assertions.
Include SAML Conditions
- Activate this option, it's required by the SAML Web SSO profile. This is a SecureAuth option.
SubjectConfirmationData Not Before
- Deactivate this option, required by the SAML Web SSO profile. This is a SecureAuth option.
SAML Response InResponseTo
- Activate this option. This is a SecureAuth option.

What if I forgot my password?

You can reset your password when you sign in with your email address.

On the sign-in page, type your email address to the Email field and click Next.
Click Forgot password.
Click Reset password. You'll receive an email to the email address that you have entered.
Check your inbox and click Create a password in the password recovery email from LogMeIn.
On the next page, make sure the email address that you want to use to sign in to Digital DX is correct.
To use a different email address in the future to sign in to Digital DX, change the email address that the system provided.
Click Reset your password.
If you have the option to change your email address, you must go through a short verification process.
Note: This option may not be available to you.

What are the password requirements?

Users must change passwords every 90 days
Users cannot reuse their last five passwords
Password must be at least eight characters long
Password must contain a digit, an upper case character, and a lower case character
Password cannot have the same character repeating four times in a row
Password cannot contain the user's name or the account name

How do I verify my login?

Some Digital DX users may be prompted to complete additional verification steps when they log in to access their LogMeIn account. Once you have verified your login and signed in, you can manage trusted devices for your account, which will no longer require this verification process.

Why am I being asked to verify?

The security of your Digital DX account is our highest priority. If we detect unusual activity or a login attempt from an unidentified yet suspicious location, we want to verify that it's really you logging in to access your account.

Can I turn this off for my account?

This is a built-in security feature that exists to help protect your account, and therefore it cannot be disabled. However, once a user verifies their account and successfully logs in, they can add their specific device as a trusted device to their user account profile to prevent verification checks from that device in the future.

Verify your login for unverified locations

After logging in to Digital DX, you are prompted with a message that instructs you to verify your email address.
An email notification is sent to the inbox of your Digital DX account email address. Go to your inbox and copy the code from the "Email verification" message.
Note: The verification code is valid for 10 minutes.
Paste the code in the "Verification code" field, then click Continue.
Once verified, you are logged in to your Digital DX account.

Verify your login for unidentified locations (deemed suspicious)

If you are actively logged in to your account via the Web App and a login attempt is made from an unidentified location, you are immediately logged out of your account and your account will remain locked until you reset your password to unlock it, as follows:

Once you are automatically logged out, a message is displayed, "We've detected a suspicious sign-in to your account. To prevent unauthorized activity and keep your account safe, set a new password" to inform you why your account is locked. Reset your password to gain access to your account again.

What if I can't access the inbox where the email was sent?

You may have Digital DX user accounts that use generic email addresses that are not linked to an active inbox.

Please contact support by scrolling to the bottom of this article and selecting an available contact option for further assistance.

I haven't received the verification email. What should I do?

If you have a valid email address with an active inbox and have not received the verification email:

Please be aware that it may take up to 10 minutes to reach your inbox
Check your spam filters ? the email will be sent from customerservice@s.logmein.com

Still not receiving it? Please contact Customer Care (by clicking a contact option at the bottom of this article) for further assistance.

I've verified my login. Will I have to go through this verification process for future sign ins?

Once you have verified and signed in, you can manage devices that can access your account by granting trust, which will no longer require email verification for future sign ins from your trusted devices. Learn how to manage trusted devices.

How do I sign in using single sign-on?

Once your admin has completed all of the steps for setting up Enterprise Sign-In (single sign-on), you can sign in to your LogMeIn product and get redirected to your Identity Provider page to finish signing in automatically or by using your Company ID.

Are you interested in enforcing the use of Enterprise Sign-In (SSO) as the only login method for your users?

Please contact support by scrolling to the bottom of this article and selecting an available contact option for further assistance.

On the Digital DX sign in screen or on the My Account page at https://myaccount.logmeininc.com, enter your validated company email address.
Note: If you are not automatically redirected, click My Company ID, then enter your email address and click Continue.
You are redirected to your Identity Provider's sign in page. Enter your company credentials, then proceed to sign in.
You are now signed in to your LogMeIn product website or the My Account page, depending on where you signed in during Step #1 above.

Connect Your Social or Other Account for Sign-In

About signing in using social or other accounts

For most accounts, you can choose to sign in through a social or other account provider using LastPass, Google, Facebook, LinkedIn, Microsoft, or Apple. This ensures that while you are logged into the social provider on your device, you can access your Digital DX account instantly with no additional login credentials necessary. You can choose to sign in this way at any time.

If you are part of a corporate account that has been set up to use Enterprise Sign-In (SSO), you will need to use your company email address and password to sign in. If the use of Enterprise Sign-In is enforced (i.e., not optional) in your account, your ability to make account changes will be limited (as shown below). Learn more about Enterprise Sign-In (SSO).

Note: For information about signing in as a user with an Enterprise Sign-In account, please see How do I log in using single sign-on?

How to connect your social or other accounts for sign-in

You can connect your LastPass, Facebook, Google, LinkedIn, Microsoft, or Apple account as follows:

Sign in to the My Account page at https://myaccount.logmeininc.com.
Select Sign In & Security in the left navigation.
Click the Connect to < provider > hyperlink for your desired account.
Result: You are sent to your social/other account sign-in provider to view and accept the terms.
Sign in with your social/other account email address and password to verify and allow access.
Note: If you navigate back to the Sign In & Security page, your social/other account will be displayed as "Connected" next to the account provider.

Result: You have connected your selected social/other account provider and are now signed in to your LogMeIn account.

Sign in using your social or other account

Once your social or other account is connected on the Sign In & Security page (and you are also logged to your account provider on your device), you can sign in to your Bold360 account immediately by selecting your desired account provider from the "Sign in with..." option at the bottom of the sign-in screen.

Note: Only the social/other accounts you have connected will be displayed (aside from the other sign-in options you are already enabled to use).

Disconnect your social or other account

You can disconnect your social or other account at any time as follows:

Sign in to the My Account page at https://myaccount.logmeininc.com.
Select Sign In & Security in the left navigation.
Click the Disconnect hyperlink below your desired social/other account.
Result: A confirmation message displays indicating your social/other account was successfully disconnected.

About connecting social or other accounts for enforced Enterprise Sign-In only accounts

If Enterprise Sign-In (SSO) is strictly enforced for your account, you are unable to connect a social account as a login method. Please contact your company administrator for more information.

Set Up Enterprise Sign-In using ADFS 3.0

Your organization can easily manage thousands of users and their product access while also delivering single sign-on (SSO). SSO ensures your users can access their LogMeIn products using the same identity provider as for their other enterprise applications and environments. These capabilities are called Enterprise Sign-In.

This document covers configuration of your Active Directory Federation Services (ADFS) to support single sign-on authentication to LogMeIn products. Prior to implementing, however, be sure to read more about Enterprise Sign-In and complete the initial setup steps.

ADFS 3.0 is an enhanced version of ADFS 2.0. It is a downloadable component for Windows Server 2012 R2. One large advantage of 3.0 is that Microsoft's Internet Information Services (IIS) Server is included in the deployment rather than a separate install. The enhancements vary the installation and configuration somewhat compared to its predecessor.

This article covers how to install and configure ADFS, and to set ADFS up in a SAML trust relationship with Enterprise Sign-In. In this trust relationship, ADFS is the Identity Provider and LogMeIn is the Service Provider. On completion, LogMeIn will be able to use ADFS to authenticate users into products like GoToMeeting using the SAML assertions served by ADFS. Users will be able to initiate authentications from the Service Provider side or the Identity Provider side.

Requirements

Among the prerequisites for ADFS 3.0 are:

A publicly trusted certificate to authenticate ADFS to its clients. The ADFS service name will be assumed from the subject name of the certificate so it's important that the subject name of the certificate be assigned accordingly.
ADFS server will need to be a member of an Active Directory domain and a domain administrator account will be needed for the ADFS configuration.
A DNS entry will be needed to resolve the ADFS hostname by its client

A complete and detailed list of the requirements can be reviewed in the Microsoft ADFS 3.0 overview.

Installation

Start the installation of ADFS 3.0 by going to Administrative Tools > Server Manager > Add roles and features.
Under the Select installation type page, select Role-based or feature-based installation, then click Next.
On the Select destination server page, select the server on which to install the ADFS service, then click Next.
On the Select server roles page, select Active Directory Federation Services, then click Next.
On Select features, unless there are some additional features that you want to install, leave the defaults and click Next.
Review the information on the Active Directory Domain Services page, then click Next.
Initiate the installation on the Confirm installation selections page.

Configuration

In your Notifications, you will have a notification alerting you that you have a Post-deployment Configuration? task remaining. Open it and click on the link to initiate the Setup Wizard.
In the Welcome page, select Create the first federation server in a new federation server farm (unless there is an existing farm that you are adding this ADFS server too).
On the Connect to ADFS page, select the domain admin account to perform this configuration.
In Specify Service Properties, specify the SSL Certificate created from the prerequisites. Set the Federation Service Name and Federation Service Display Name.
In Specify Service Account, select the account that ADFS will use.
In the Specify Configuration Database select the database to use.
Review the information in Pre-requisite Checks and click Configure.

Establish Trust Relationship

Each party (ADFS and LogMeIn ) will need to be configured to trust the other party. Therefore, the trust relationship configuration is a two step process.

Step #1: Configure ADFS to trust SAML

Go to Administrative Tools > ADFS Management.
In ADFS Management, use the Action drop-down menu and select Add Relying Party Trust. This will initiate the Add Relying Party Trust Wizard.
On the Select Data Source page of the wizard, select Import data about the relying party published online or on a local area network.
In the text box below the selected option, paste the metadata URL: https://authentication.logmeininc.com/saml/sp.
Click Next.
Skip the Configure Multi-factor Authentication Now? page.
On the Choose Issuance Authorization Rules screen, select Permit all users to access this relying party (unless another option is desired).
Proceed through the rest of the prompts to complete this side of the trust relationship.

Add 2 claim rules

Click on the new endpoint entry, and click Edit Claim Rules in the right navigation.
Select the Issuance Transform Rules tab, then click Add Rule.
Use the drop-down menu and select Send LDAP Attributes as Claims, then click Next.
Use the following settings for the rule:
- Claim rule name: AD Email
- Attribute store: Active Directory
- LDAP Attribute: E-mail-Addresses
- Outgoing Claim Type: E-mail Address
Click Finish.
Click Add Rule again.
Use the drop-down menu and select Transform an Incoming Claim menu, then click Next.
Use the following settings:
- Claim rule name: Name ID
- Incoming claim type: E-Mail Address
- Outgoing claim type: Name ID
- Outgoing name ID Format: Email
Select Pass through all claim values.
Click Finish.
Right click on the new relying party trust in the Relying Party Trusts folder and select Properties.
Under Advanced, select SHA-1 and click OK.
To prevent ADFS from sending encrypted assertions by default, open a Windows Power Shell command prompt and run the following command:
set-ADFSRelyingPartyTrust ?TargetName "< relyingPartyTrustDisplayName >" ?EncryptClaims $False

Step #2 Configure LogMeIn to trust ADFS

Navigate to the Organization Center at https://organization.logmeininc.com and use the Identity Provider webform.
ADFS publishes its metadata to a standard URL by default: (https://< hostname >/federationmetadata/2007-06/federationmetadata.xml).
- If this URL is publicly available on the Internet: Click the Identity Provider tab in the Organization Center, select the Automatic configuration option, then paste the URL in the text field and click Save when finished.
- If the metadata URL is not publicly available, then collect the single-sign-on URL and a certificate (for signature validation) from ADFS and submit them using the Manual configuration option in the Identity Provider tab in the Organization Center.
To collect the necessary items, do the following:
1. To collect the single sign-on service URL, open the ADFS Management window and select the Endpoints folder to display a list of the ADFS endpoints. Look for the SAML 2.0/WS-Federation type endpoint and copy the URL from its properties. Alternatively, if you have access to the standard metadata URL, display the contents of the URL in a web browser and look for the single-sign-on URL in the XML content.
2. To collect the certificate for signature validation, open the ADFS Management Console and select the Certificates folder to display the certificates. Look for the Token-signing certificate, then right click on it and select View Certificate. Select the Details tab, and then the Copy to File option. Using Certificate export wizard, select the Base-64 Encoded X.509 (.cer). Assign a name to the file to complete the export of the certificate into a file.
Enter the single sign-on service URL and the certificate text into their respective fields into the Organization Center and click Save.

Test the configuration

To test Identity Provider-Initiated Sign-On, go to your custom IdP URL (example: https://adfs.< my domain.com >/adfs/ls/< IdP Initiated sign on > = https://adfs.mydomain.com/adfs/ls/IdpInitiatedSignOn.aspx). You should see the relying party identifier in a combobox under ?Sign in to one to the following sites?.
To test Relying Party-Initiated Sign-on, see instructions for How do I log in using single sign-on?

How do I manage my trusted devices?

The security of your Digitial DX account is our highest priority. For this reason, you can view all of the devices and locations where your user account is actively signed in and when it was last accessed.

You can review each device listed and choose to set familiar devices as trusted, or revoke trust and/or report devices that you don't recognize. Please note that the current device listed is the one you are using while you are logged in and reviewing your devices.

Trust a device

When reviewing your devices, you should only trust those that are familiar and that you fully recognize.

Sign in to the My Account page at https://myaccount.logmeininc.com.
Select Sign In & Security in the left navigation.
Under Devices, click Review all devices.
For your desired device, click the Options icon then select I trust this device.
When prompted, click Continue to acknowledge that this device will not be prompted for email verification upon sign in if a security risk is detected.
Your device now displays with a Trusted status and the date it was flagged as trusted.

Revoke trust or report an unrecognized device

For a device listed that you do not recognize, or an already trusted device that needs to have trust revoked (e.g., the device was replaced), you can report the device and will be immediately prompted to reset your account password as a security measure.

Sign in to the My Account page at https://myaccount.logmeininc.com.
Select Sign In & Security in the left navigation.
Under Devices, click Review all devices.
Note: You cannot report your current device as unrecognized or revoke trust for it.
For your desired device, click the Options icon then select I don't recognize this device.
On the Unrecognized Device screen, the location, date and time, device info, and IP address of the last login activity is displayed. If it is unfamiliar or you want to revoke trust, click Report & Sign Out.
A confirmation window appears indicating that your device was reported, and a password reset email has been sent to your account email address. Check your inbox and click on the link to create a new password.

Using the Organization Center

The Organization Center provides you with the ability to set up Enterprise Sign-In (single sign-on) for your users. An organization is created when you verify ownership of one or more valid and unexpired domain(s) by registering the domain(s) with LogMeIn. Once your domain ownership has been verified, your organization is automatically created. This allows you to manage sign-in options for user identities that match your verified email domain(s).

To set up single sign-on (SSO), you must set up an organization using the steps below.

Before you get started...

You are required to have a LogMeIn product account in order to proceed.

Step #1: Set up your first domain

To get started, set up your initial domain, which will match the email domain of your users when they sign in to their Digital DX account.

Step #2: Add more organization users (optional)

If desired, you can add more organization admins who will be able to manage the Organization Center. Additional admins can assist in adding domains, users, and configuring your Identity Provider if you plan on setting up Enterprise Sign-In.

Step #3: Set up Enterprise Sign-In (SSO)

Now that you have created your organization, you can proceed to set up Enterprise Sign-In (SSO).

Why can't I log in to my account?

From February 2021, users of the AI Console need to use their email address to sign in. Users may have to go through a short email verification process when signing in for the first time. See About the new sign-in process in the AI Console for more information about the new sign-in process.

Change Your Time Zone

You can change your time zone settings after you have logged in to your LogMeIn account.

Sign in to the My Account page at https://myaccount.logmeininc.com.
Select Personal Info in the left navigation.
In the "Time zone" field, use the drop-down menu to select your desired time zone.
Click Save when finished.

Adding a TXT Record to a DNS Server

In order to define a domain organization with LogMeIn , you need to validate your company's ownership of specific email domains. One option is to add a text record to your domain's DNS settings. LogMeIn can then query the server and receive confirmation back of your ownership. Alternately, you can upload a plain-text file to your web server root containing a verification string. For more information, please see Set Up Domains in the Organization Center.

A TXT record contains information specifically intended for sources outside your domain. The text can be either human- or machine-readable and can be used for a variety of purposes including verifying domain ownership, authorizing senders with SPF, adding digital email signatures, and preventing outgoing spam.

Note: If you have multiple domains to verify, you will need to add a text record for each domain.

Identify your domain host

If you do not know who is hosting your domain, there is a simple method for finding out. The following example uses the online utility site Whois.

Open https://www.whois.com/.
Click Whois and enter the domain name.
Click Search.
In the results, locate the name server for the site (e.g., CDCSERVICES.com). This is the domain host.

Add a TXT record

The method to add a text record to your domain will vary with hosts. The generic steps to add a text record to your domain are listed below.

Sign in to your domain's account at your domain host.
Locate the page for updating your domain's DNS records. The page may be called DNS Management, Name Server Management, or Advanced Settings.
Locate the TXT records for your domain on this page.
Add a TXT record for the domain and for each subdomain (see "Use Cases" below).
Save your changes and wait until they take effect, which can range from a few minutes to up to 72 hours.
You can verify that the change has taken place by opening a command line and entering one of the following commands below (based on your operating system):
- For Unix and Linux systems:
  $ dig TXT main.com
- For Windows systems:
  c:\ > nslookup -type=TXT main.com
The response will display on its own line (not appended to another), and will look something like:
main.com. 3600 IN TXT "logmein-verification-code=976afe6f-8039-40e4-95a5-261b462c9a36"

Use cases

Domain verification for domain main.com using 2 different methods (shown below).


Answer	Agent can answer incoming messages.
Assign Other	Agent can transfer (assign) messages to other agents in Monitor View and from the chat panel.
Assign Own	Agents can transfer (assign) their own messages from the chat panel.
Block Number	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.
Call Number	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.
Delete	This permission is not in use in Agent Workspace, only in the BoldChat Operator Client.
End Other	Agent can end other agents' messages.
End Own

Name	TTL*	Type	Value / Answer / Destination
@	3600	IN TXT	"logmein-verification-code=976afe6f-8039-40e4-95a5-261b462c9a36?
main.com	3600	IN TXT	"logmein-verification-code=976afe6f-8039-40e4-95a5-261b462c9a36?

Subdomain verification for mail.main.com.

Name	TTL*	Type	Value / Answer / Destination
mail.main.com	3600	IN TXT	`?logmein-verification-code=976afe6f-8039-40e4-95a5-261b462c9a36?`

Note: * TTL - Time To Live - is the number of seconds before changes to the TXT record go into effect.

Set Up an Identity Provider

An Identity Provider (IdP) is a trusted online service or website that creates and maintains user identity information within a distributed network while also acting as a means of authentication for these users to access services.

This will allow users in your validated email domains to be authenticated for sign-on through your Identity Provider. Once you have set up an organization, the next step is to finalize the trust relationship between your company and LogMeIn to enable Enterprise Sign-In (SSO) for your users.

If you have not already established an Identity Provider, you can set up one of the following:

Implement the Microsoft Active Directory Federation Services (AD FS)

Active Directory Federation Services is a feature of the Windows Server operating system that extends user's Windows sign-on access to other applications outside the corporate network. You can configure AD FS to work as an Identity Provider for LogMeIn's products. Learn how to configure AD FS 2.0 or AD FS 3.0.
Use a third-party Identity and Access Management Provider that provides single sign-on

Many third-party Identity and Access Management partners offer single-sign on as part of their feature set, including:
- Azure AD ? In this tutorial, GoToMeeting is used as the sample product. Alternatively, you can follow the steps to set up a custom Enterprise Sign-In (SSO) configuration.
- Okta
- OneLogin
- Active Directory Federated Services (ADFS) v2.0 | v3.0
- RSA
- SecureAuth version 6.0-7.5 | version 8.0 | version 8.1
Set up a custom configuration using the Organization Center

You can use the Identity Provider tab in the Organization Center to set up a custom SAML configuration. Learn how to set up a custom Enterprise Sign-In (SSO) configuration.

Next Steps

You will need to add your Identity Provider to the Organization Center to indicate where you want your users to go to sign in to their assigned LogMeIn products.

Change Your Password

For most accounts, once you are logged in to your LogMeIn account, you can change the password that you use to sign in. If you have forgotten your password, you can also reset it here.

About password changes for enforced Enterprise Sign-In only accounts

If Enterprise Sign-In (SSO) is strictly enforced for your account, you are unable to change your account password. Please contact your company administrator for more information about password changes.

Password changes for most accounts

Sign in to the My Account page at https://myaccount.logmeininc.com.
Select Sign In & Security in the left navigation.
In the Password section, click Edit.
Under Current password, fill in your current account password.
Under New password and Confirm new password, fill in your desired password. Please note, these fields must include a minimum of 8 characters and include letters & numbers.
Note: If you want to view the password you are typing, click the View icon at the end of any of the password fields, as shown below.
Click Save when finished.

About password changes for enforced Enterprise Sign-In only accounts

Add Your Identity Provider to the Organization Center

The Identity Provider tab within the Organization Center lets you configure your Identity Provider (IdP) relationship to establish Enterprise Sign-In (SSO) for your organization's users. Whichever single sign-on configuration method you choose, you must finalize the relationship with LogMeIn using the Identity Provider tab to complete the setup.

You can set up this configuration either automatically or manually ? you cannot do both. If you save one after the other, the last save is accepted.

Add Your Identity Provider Automatically

The easiest and most robust way to configure SSO is to use a link to your Identity Provider's metadata file if they provide one. The metadata contains additional information that the IdP can use to make the transaction more secure. In addition, since the metadata file is generated, the method is less prone to typographical errors.

Log in to the Organization Center at https://organization.logmeininc.com.
Click the Identity Provider tab.
Select Automatic from the drop-down menu.
Enter the Metadata URL for your Identity Provider.
Click Save.
The metadata file is uploaded and configures the relationships correctly.

Once your IdP has been added, you are all set! You can now sign in with your Company ID using single sign-on.

Add Your Identity Provider Manually

Not all IdPs support a metadata implementation. To set up a manually configured IdP relationship, you enter key data that will get built into the SAML assertions.

Log in to the Organization Center at https://organization.logmeininc.com.
Click the Identity Provider tab.
Select Manual using the drop-down menu.
Enter the data provided by your Identity Provider:
- Sign-in page URL ? The IdP?s landing page for authentication requests, which is the full Identity Provider URL path. It must begin with https://.
- Sign-in binding ? Select Redirect or POST.
- Sign-out page URL ? This is the URL where the user is redirected upon log-out.
- Sign-out binding ? Select Redirect or POST.
- Identity Provider Entity ID ? Location of the globally unique name for your IdP as a SAML entity.
- Verification certificate ? The IdP?s public certificate used to verify incoming responses from the IdP. You can add it in either of the following ways:
1. Copy and paste the text of the certificate. It is required that the field starts with -----BEGIN CERTIFICATE----- and ends with -----END CERTIFICATE-----.
2. Click Upload certificate to import the certificate from a saved location.
When finished, click Save.
The configuration is stored in the LogMeIn account service.

Once your IdP has been added, you are all set! You can now sign in with your Company ID using single sign-on.

Set Up Enterprise Sign-In (single sign-on)

Before you get started...

You are required to have a LogMeIn product account in order to proceed, but this user is not required to have a LogMeIn product admin role.

Step #1: Set up an organization

Create your organization by verifying at least 1 domain used by your company.

Step #2: Configure your Identity Provider

Configure an Identity Provider (IdP) from one of our single sign-on options, if you have not already set one up. If you have already set one up, you can proceed to Step #3.

Step #3: Add your Identity Provider to the Organization Center

Add your configured Identity Provider to the Organization Center to indicate where you want your users to go to sign in to their assigned LogMeIn products.

Step #4: Test your Enterprise Sign-In environment

Step #5: Inform your users they can log in using their company login credentials

You're all set! Once Enterprise Sign-In is set up, your users will receive a Welcome email that contains their Company ID (username) that they can now use to sign in to their account. When your users log in to their account via Enterprise Sign-In, their account status will be displayed as Enabled in the Admin Center.

(Optional) Step #6: Request to enforce Enterprise Sign-In

If you have set up Enterprise Sign-In and are interested in enforcing it as the only login method available when your users access their LogMeIn product account, please contact Customer Care by scrolling to the bottom of this article and selecting a contact option. Don't worry ? once Enterprise Sign-In has been enforced in your account, your users' active sessions remain unaffected ? they will just be prompted to use their company credentials upon their next login.

Set Up Enterprise Sign-In Using ADFS 2.0

ADFS 2.0 is a downloadable component for Windows Server 2008 and 2008 R2. It is simple to deploy, but there are several configuration steps that need specific strings, certificates, URLs, etc. ADFS 3.0 is also supported for Enterprise Sign-In. ADFS 3.0 has several improvements, the largest of which is that Microsoft's Internet Information Services (IIS) Server is included in the deployment rather than a separate install.

Note: You may skip to Step #4 (listed below) if you already have ADFS 2.0 deployed.

Step #1: Federation services certificate

Each ADFS deployment is identified by a DNS name (e.g., ?adfs.mydomain.com). You will need a Certificate issued to this Subject Name before you begin. This identifier is an externally visible name, so make sure you pick something suitable to represent your company to partners. Also, don?t use this name as a server host name as well ? it will cause trouble with Service Principal Names (SPN) registration if you do.

There are many methods to generate certificates. The easiest, if you have a Certificate Authority in your Domain, is to use the IIS 7 management console:

Open Web Server (IIS) management snap-in.
Select the server node in the navigation tree, then Server Certificates option.
Select Create Domain Certificate.
Enter your Federation Service Name in Common Name (e.g., adfs.mydomain.com ).
Select your Active Directory Certificate Authority.
Enter a ?Friendly Name? for the Certificate (any identifier will do).
Note: If you didn?t use the IIS console to generate the certificate, make sure the certificate is bound to the IIS service in the servers where you?ll be installing ADFS before proceeding.

Step #2: Create a domain user account

ADFS servers require that you create a domain user account to run its services (no specific groups are required).

Step #3: Install your first ADFS server

Download ADFS 2.0 and run the installer. Make sure you run the installer as a Domain Admin ? it will create SPNs and other containers in AD.
In Server Role, select Federation Server.
Check Start the ADFS 2.0 Management snap-in when this wizard closes at the end of the Setup Wizard.
In ADFS Management snap-in, click Create new Federation Service.
Select New Federation Server farm.
Select the Certificate you?ve created in the previous step.
Select the Domain user you?ve created in previous steps.

Step #4: Configure your relying party

In this step you will tell ADFS the kind of SAML tokens that the system accepts.

Set up the trust relationship, as follows:

In ADFS 2.0 MMC, select Trust Relationships> Relying Party Trusts in the navigation tree.
Select Add Relying Party Trust and click Start.
Under Select Data Source, select Import data about the relying party published online or on a local area network.
In the text box below the selected option, paste the metadata URL: https://authentication.logmeininc.com/saml/sp.
Click OK to acknowledge that some metadata that AD FS 2.0 does not understand will be skipped.
On the Specify Display Name page, type LogMeInTrust, and click Next.
On the Choose Issuance Authorization Rules screen, select Permit all users to access this relying party (unless another option is desired).
Proceed through the rest of the prompts to complete this side of the trust relationship.

Add 2 claim rules

Click on the new endpoint entry, and click Edit Claim Rules in the right navigation.
Select the Issuance Transform Rules tab, then select Add Rule.
Use the drop-down menu to select Send LDAP Attributes as Claims, then click Next.
Use the following settings for the rule:
- Claim rule name ? AD Email
- Attribute store ? Active Directory
- LDAP Attribute ? E-mail-Addresses
- Outgoing Claim Type ? E-mail Address
Click Finish.
Click Add Rule again.
Use the drop-down menu to select Transform an Incoming Claim, then click Next.
Use the following settings for the rule:
- Claim rule name ? Name ID
- Incoming claim type ? E-Mail Address
- Outgoing claim type ? Name ID
- Outgoing name ID Format ? Email
Select Pass through all claim values.
Click Finish.

Complete the configuration

Right-click on the new relying party trust in the Relying Party Trusts folder and select Properties.
Under Advanced, select SHA-1, then click OK.
To prevent ADFS from sending encrypted assertions by default, open a Windows Power Shell command prompt and run the following command:

set-ADFSRelyingPartyTrust ?TargetName"< relyingPartyTrustDisplayName >" ?EncryptClaims $False

Step #5: Configure trust

The last configuration step is to accept the SAML tokens generated by your new AD FS service.

Use the ?Identity Provider? section in the Organization Center to add the needed details.
For ADFS 2.0, select ?Automatic? configuration and enter the following URL ? replacing ?server? with the externally accessible hostname of your ADFS server: https://server/FederationMetadata/2007-06/FederationMetadata.xml

Step #6: Test single server configuration

At this point you should be able to test the configuration. You must create a DNS entry for the AD FS service identity, pointing to the AD FS server you?ve just configured, or a network load balancer if you?re using one.

To test Identity Provider-Initiated Sign-On, go to your custom IdP URL (example: https://adfs.< my domain.com >/adfs/ls/< IdP Initiated sign on > = https://adfs.mydomain.com/adfs/ls/IdpInitiatedSignOn.aspx). You should see the relying party identifier in a combobox under ?Sign in to one to the following sites?.
To test Relying Party-Initiated Sign-on, see instructions for How do I log in using single sign-on?

I forgot my password, how do I reset it?

Remembering all of your passwords is hard. Luckily, resetting your password is easy!

If you can't remember your password, you can reset it using your email address.

Go to the Forgot password? page at https://authentication.logmeininc.com/pwdrecovery/.
Enter your login email address and click Reset Password.
Soon you?ll receive a Forgot Your Password email. Click the link inside to create a new password.
1. If desired, check the box for the Sign out of all sessions option to ensure your account is not being accessed from any other device.
Result: You have successfully reset your password.

If you didn't get the password reset email, please see Why didn't I get my "Reset Password" email? for more information. Additionally, you can learn more about managing trusted devices.

Change Your Profile Picture

You can change your profile picture that is displayed within your LogMeIn account at any time.

Sign in to the My Account page at https://myaccount.logmeininc.com.
Select Personal Info in the left navigation.
Click Change your profile photo below your avatar.
Click and drag a photo in the "Drop photo here" area, or click choose a photo and select your desired photo from your local computer, then click Open.
Note: For best results, use a .png or .jpg file smaller than 2 MB.
Once uploaded, use the following tools to achieve your desired photo position:
- (a) Click on the photo and drag to reposition
- (b) Rotate the photo 90? left
- (c) Rotate the photo 90? right
- (d) Use the slider to zoom in or out of the photo
Once finished, click Done, or click Choose a different photo to select a new photo.
If you decide that you would like to change your uploaded profile picture back to the default avatar, go to Change your profile photo > Reset to default photo.

Set Up Domains in the Organization Center

The first step you take in creating an organization is to create the initial domain. Domains within your organization are wholly-owned email domains that your admins can verify either through your web service or DNS server. For example, in the email Joe@main.com, "main.com" is the email domain. Verifying the initial domain automatically creates your organization. The user who completes domain verification will automatically become an organization admin, but this user is not required to have a LogMeIn product admin role. You can also add more domains to verify, or delete any domains you no longer need listed.

Organization Center Email Domains tab

Add Your First Domain to the Organization Center

Once you start the verification process for a domain, you have ten (10) days to complete the verification. If this period lapses, the domain is set to Expired, but you have the option to simply restart the process using new verification codes. Once you have verified a domain, you cannot delete it from your organization, though it can be deleted prior to being verified or after it has expired.

Log in to the Organization Center at https://organization.logmeininc.com.
The first screen will ask that you verify that you own the domain for the account with which you are logged in currently. You are provided two methods for setting up domain validation, each of which uses a unique verification code to complete the verification. Copy the verification value to your clipboard.
Note: The verification screen will display until the domain is verified. If it takes you longer than 10 days to verify the domain, the system will automatically generate new verification codes for your domain the next time you visit the Organization Center.
Paste the verification code into the DNS record or a text file for upload to one of the locations, depending on which of the verification methods you choose:
- Method 1: Add a DNS record to your domain zone file. To use the DNS method, you place a DNS record at the level of the email domain within your DNS zone. Typically, users are verifying a ?root? or ?second level? domain such as ?main.com?. In this case, the record would resemble:
  
  @ IN TXT ?logmein-verification-code=668e156b-f5d3-430e-9944-f1d4385d043e?
  
  OR
  
  main.com. IN TXT ?logmein-verification-code=668e156b-f5d3-430e-9944-f1d4385d043e?
  
  If you require a third-level domain (or subdomain) such as ?mail.example.com? the record must be placed at that subdomain, such as:
  
  mail.main.com. IN TXT ?logmein-verification-code=668e156b-f5d3-430e-9944-f1d4385d043e?
  
  For more detailed documentation, see Add a TXT DNS record.
- Method 2: Upload a web server file to the specified website.Upload a plain-text file to your web server root containing a verification string. There should not be any whitespace or other characters in the text file besides those given.
  - Location: http://< yourdomain >/logmein-verification-code.txt
  - Contents: logmein-verification-code=668e156b-f5d3-430e-9944-f1d4385d043e
Once you have added the DNS record or text file, return to the domain status screen and click Verify.
You will see the domain verified the next time you log in to the Organization Center.

Once your base domain is verified, your organization has been created with your account as the organization admin. You can continue configuring your organization setup, or begin setting up Enterprise Sign-In (single sign-on):

Add more domains (if desired)
Set up an Identity Provider to enable single sign-on
Add or delete organization users and admins
Set up Enterprise Sign-In (SSO)

Add More Domains to the Organization Center

Most companies will only need the first domain they add. You only need to add additional domains if users within your company sign in using other email domains but the same Identity Provider.

Log in to the Organization Center at https://organization.logmeininc.com.
Click the Email Domains tab, then click Add a domain.
Enter the email domain and click Next.
Repeat the steps detailed in Add your first domain to the Organization Center.
Note: During the period of verification, the Email Domains tab displays the status of each domain.

Delete a Domain from the Organization Center

The option to delete a domain is only available while the domain is not yet verified or has expired. Once a domain is verified it cannot be deleted from your organization.

Log in to the Organization Center at https://organization.logmeininc.com.
Click the Email Domains tab.
Check the box next to your desired domain name.
Click Delete domain.
When prompted, click Yes, Delete.

Manage Organization Users

The Users tab in the Organization Center provides access to your organization users. Each user has one of the following roles:

Admin (Read & Write) ? Individuals who can log in to the Organization Center and manage all settings. They may or may not be LogMeIn account holders themselves.
Admin (Ready Only) ? Individuals who can log in to the Organization Center and view settings, but not modify them. They may or may not be LogMeIn account holders themselves.
User ? Individuals with LogMeIn accounts who use Enterprise Sign-In, but do not need Organization Center access.

You can add, delete, and update organization users. If the user already has an account ID (an account for GoToMeeting, for instance), you must still add them to the organization. They can then authenticate through its IdP, and because their ID is a company ID, they can no longer change their own email address. If they do not have a product account login, they are provisioned with one but it is not associated with a specific product unless you have set up your system to do this through a user provisioning service.

Add users to the Organization Center

Users are defined by name, email, locale, and role. The filter option above the Role column allows you to search for any text string in the emails or names of users.

Log in to the Organization Center at https://organization.logmeininc.com.
Select the Users tab.
Click Add.
Enter the new user data:
- The user email domain must be one of your verified organization domains.
- Available locales display in a drop-down.
- Role relates to the Organization Center. No role is appropriate for most users: they have no access to the Organization Center. A read-only role allows a user into the Center with full access to view the data, but with no ability to create or edit data. Read-write access enables full admin access to the Center.
Click Save when finished.
Note: Organization Admins can edit their own first name, last name, and email, but not their role, and they cannot delete themselves.

Delete users from the Organization Center

Delete removes the user from the organization. Delete also removes the user?s account ID, and therefore any product access as well all product data such as their meeting history, future scheduled meetings, etc. You could alternatively remove product access from the user in the Admin Center to revoke access while retaining the data.

Log in to the Organization Center at https://organization.logmeininc.com.
Select the Users tab.
Note: The filter option above the Role column allows you to search for any text string in the emails or names of users.
Check the box next to your desired user, then click Delete.
When prompted, click Delete to confirm.

Why can't I access my account?

There are a few reasons why you can't log in and access your account. See below for troubleshooting tips.

You might be entering the wrong password.

If you're positive that you're using the right email address, it's possible that you are entering the wrong password.

Try resetting your password.
Try typing the password somewhere else where it is visible (such as Notepad or a Word Document), then copy/paste into the password field once you are positive that there are no typos.
Make sure your keyboard's Caps Lock or Num Lock isn't on.

You might be entering the wrong email address.

When you enter an email address on the Reset Password page, the Password Recovery service will show you the confirmation page regardless of whether you entered the right email address or not. To protect your account's security, we cannot confirm whether or not the email address you entered is registered with our system.

Try using another email address that the account might have been created under.
Contact Customer Care (by clicking a contact option at the bottom of this article) to have them help you identify which email address is actually associated with your account by verifying all required billing information (if applicable) or via email verification.
- New accounts may initially work since you are automatically logged in, but you may later find that you cannot log in because there was a typo in the email address used at sign up. Customer Care can verify the correct email address was used.
- If additional users have been allowed to access the account, they may have changed the login information on the account, including both the password and email. Customer Care may be able to find the account by the associated credit card number on file if no account is found.

You might not have an account.

Your account might be suspended or deleted.

It's possible that all products were removed from your account, or your account has been deleted by an administrator on the account. For either scenario, you will encounter a message, "You currently don't have any products" when you are redirected to the My Account page at https://myaccount.logmeininc.com.

Check your email inbox for a notification from customerservice@s.logmein.com indicating that your administrator has removed privileges from your account.
Note: It is possible to have an administrator account with no products assigned in order to access and use the LogMeIn Admin Center. In this case, you would encounter the same message above.
Contact Customer Care (by clicking a contact option at the bottom of this article) to have them verify whether your account is active.

Check your email inbox for a notification from customerservice@s.logmein.com indicating that your administrator has removed privileges from your account.
Note: It is possible to have an administrator account with no products assigned in order to access and use the LogMeIn Admin Center. In this case, you would encounter the same message above.

How do I access my products?

You can access any of your assigned products in either of the following ways:

Click any of the hyperlinks within your desired product pane.
Select your user account drop-down menu in the upper-right navigation, then select your desired product.

Change Your Display Name

You can change your display name setting, which will update the name that is displayed within your account (such as in the web account or your desktop app name).

Sign in to the My Account page at https://myaccount.logmeininc.com.
Select Personal Info in the left navigation.
In the "Name" field, fill in your desired display name.
Click Save when finished.

Announcements

Join the DX Community!

Meet fellow DX pros, ask questions, and learn best practices.

Join the DX Community

Featured

Set up an email account

Configure Digital DX to receive, track, and manage emails.

Create or edit an email account, as follows:
1. In the Web Admin Center, go to Channels > Email > Email Accounts. The Email Accounts window is displayed.
  Note: To verify that an email account is set up properly, click Test next to an account.
2. Select an existing account or click Create New. The New/Edit Email Account page is displayed.
Select Enable email to activate the email account.

Enter basic account settings on the General tab:

Option	Description
Configuration Name	Name the account for internal reference.
Sender Email Address	To use when sending email.
Friendly Sender Name	Used as the From Email Name when sending emails via this account. For example: Support Team, Jane Doe.
Email client	Select the email client you are using: MS Office 365 / Gmail / Other. The MS Office 365 and Gmail options don't only support the recommended OAuth 2.0 authentication, the Other option supports any client with basic authentication.

Select the email client that you use to communicate over email.
Note: In the Digital DX Desktop Client, you cannot select email client.

Depending on your email client, you have the following options:

Option	Description
User Name	User name of the email server. For example, in the email address support@acme.com, the user name is support.
Password	The password associated with the user name for the POP3 server. Only available when you select Other for email client type.
Server/Port	Enter the host name or IP address and port of your mail server. If your email address is support@acme.com, then your mail server host name is normally mail.acme.com or just acme.com. All inbound emails are retrieved from this POP3 server.
Secure Connection (SSL)	To use a secure connection to your mail server, check Secure Connection (SSL) and enter the Port to be used for the connection. Check with your service provider as required.
Type	Choose your server type: POP3 or IMAP. Note: POP3 is unavailable for Microsoft Office 365 users.
Leave copy of messages on server	Store copies of emails on your POP3 server to facilitate download to Outlook or any other mail client.
Folder	Click Refresh folder list and then select the folder in your email account that you want to use for email communication with your customers.
Tenant ID	You Microsoft Tenant ID that you can find in the Azure AD admin center. (in the Directory ID field on the Properties page). Only available for Microsoft Office 365 users.
Client ID	Microsoft Office 365 users find it in the Overview page of the Azure AD admin center Gmail users find it on the APIs & Services > Credentials page Google Cloud Platform
Client Secret	Your client secret that you can find right next to your client ID. Only available for Microsoft Office 365 and Gmail users.
Outgoing server	Select SMTP server to set up an SMTP server for outgoing email.

Optional: (Optional) Enter additional settings on the Distribution - Organization tab:

Option	Description
Department	Associate a Department with the email account. The Department can be used to override account-level automatic distribution settings and to determine which agents can be assigned emails by the automatic distribution system.
Maintain email thread ownership on new mails	Preserve the Owner (agent) field of each email thread.
Append email thread ID to subject	Append the Email Thread ID to the subject of replies. This make it easier to keep track of conversations with customers.
Append email thread ID to subject	Append the Email Thread ID to the subject of replies. This make it easier to keep track of conversations with customers.
Auto-bcc	Specify an email address that is included in the BCC field of all outbound emails from the agent.

Optional: (Optional) Enter additional settings on the Format and content tab:

Option	Description
Encoding	Encoding for outgoing and incoming messages.
Format	Choose to show incoming email as either plain text or HTML.
Canned messages for emails	Select canned message folders that agents can use with email.
Email Footer	Enable and design a footer that is appended to all emails sent from this email account.

Save your changes.
For Gmail and MS O365 integrations, go to the recently added email account on the Email Account view and select the Authorize option.
Complete the steps in the dialog that appears. Once the authentication is complete, the status of the email channel changes to Ready.

Welcome to the Genesys DX Support Center

Users & Security Articles

How to sign in to Bold360 (Agent Platform)

How to sign in to Bold360 (Agent Platform)

Sign in from the Bold360 product page

Sign in using SSO

How to sign in to the AI Console

How to sign in to the AI Console

Sign in from the product page

Sign in from the My Accounts page

Block customers from sending emails to agents

Block customers from sending emails to agents

Why didn't I get my "Reset Password" email?

Why didn't I get my "Reset Password" email?

The email might be in your spam folder or have been blocked.

What to do next:

You might have entered the wrong email address.

What to do next:

You might not have an account.

Still need help?

Change Your Email Address

Change Your Email Address

About email changes

Email changes for most accounts

Email changes for enforced Enterprise Sign-In only accounts

How to define a content management workflow

How to define a content management workflow

What workflow statuses are available?

How to define an approval process

How to limit a content manager's access to a subset of a knowledge base

How to limit a content manager's access to a subset of a knowledge base

How to limit a content manager's access to knowledge bases

How to limit a content manager's access to knowledge bases

Knowledge Base Manager - Role Overview

Knowledge Base Manager - Role Overview

Optimize the Knowledge Base

Write and publish answers

Change Your Display Language

Change Your Display Language

How to set up my Identity Provider for SSO

How to set up my Identity Provider for SSO

Setting up your Service Provider using the LogMeIn Organization Center

Sign in to Digital DX with SSO

ICO Cookie Compliance

How to configure Single Sign-On through operator configuration settings

How to configure Single Sign-On through operator configuration settings

How to set up SAML 2.0 Single Sign-On via an Identity Provider

How to set up SAML 2.0 Single Sign-On via an Identity Provider

Set agent permissions: Create or edit a permission group

Set agent permissions: Create or edit a permission group

What are best practices for using permission groups?

How to enable Single Sign-On through login controls

How to enable Single Sign-On through login controls

What about security in the Digital DX AI platform?

What about security in the Digital DX AI platform?

Add increased security for Slim and Harmony widgets

How to import operator settings

How to import operator settings

How to export operator settings

How to export operator settings

How to define user permissions (Permission Groups)

How to define user permissions (Permission Groups)

How to automatically log out inactive operators

How to automatically log out inactive operators

Data Retention Options

Data Retention Options

How to protect visitor data (Data Obfuscation)

How to protect visitor data (Data Obfuscation)

How to exclude visitors based on IP address

How to exclude visitors based on IP address

About BoldChat Permissions

About BoldChat Permissions

Data Residency Options

Data Residency Options

Current data residency regions

Feature Specific Considerations

View changes in the Web Admin Center

Why can't I log in to the Bold360 Agent platform?

Why can't I log in to the Bold360 Agent platform?

Why didn't I get an email when I tried to reset my password?

Welcome to the Genesys
DX Support Center