Common Identity Articles

This article provides a step-by-step process for configuring the Genesys DX Product Authentication Service as SSO service provider.

  1. Login to https://auth.bold360.com/ and click Go to SSO Setup in the bottom left corner.
  2. Note: If you cannot see the Go to SSO Setup button, contact your support representative or the Genesys CX support.


    You are then navigated to the SSO setup webpage.
    NoteGeneral Settings and Domain are read-only fields, you cannot modify them.
  3. Click Sign-in configuration, and enable the SSO.

     
  4. Choose one of the two configuration methods.
    You can obtain the necessary details from your Identity Provider settings.

    Method 1: Manual Configuration


    Add your Verification Certificate when you are finished with manual configuration.

    When you add the Verification Certificate, remove the following tags:
    "-----BEGIN CERTIFICATE-----"
    "-----END CERTIFICATE-----"

    A Verification Certificate example with removed BEGIN and END tags: 


    Method 2: SAML IdP metadata URL

    Host your Identity Provider metadata XML file on a publicly accessible URL.


    Note: Since we cache this file for only 2 minutes, please ensure high availability of this file via the specified URL to avoid SSO login failures.

    Note: You can configure a SAML 2.0 based auth delegation with any ID provider that supports SAML 2.0 protocol.
    Please note that if you create users on your ID provider side, these users are not automatically synced in Bold360. You need to create Bold360 users in the Bold admin center as well.
    • The configuration is applied to each user whose email address belong to the configured domain.
    • The configuration is not account specific, multiple accounts can have users with email addresses with from the same domain.
    • An account can have users from other email domains as well.
       
  5. Once you have setup your configuration using a method of your choice, save your changes.

    Enter your email /username that uses the domain you have setup in your Identity Provider service and click Continue.
    You can see the following message on a successful login.


 

How to sign in to Bold360 (Agent Platform)

You can sign in to your Bold360 work environment either directly by going to the relevant sign-in page, or from the My Accounts page at https://myaccount.logmeininc.com.

Sign in from the Bold360 product page

You can access your work environments directly from any of the Bold360 product sign-in pages.

A Bold360 user can sign in to one work environment only at a time.

  1. Go to the sign-in page of the work environment that you want to use:

  2. Sign in with your email address and password.
  3. Depending on whether you have access to multiple Bold360 accounts or not, the following occurs:
    • If you have a single account, your Bold360 work environment is displayed.
    • If you have access to multiple accounts, you are redirected to the My Accounts page.

    Result: When you click the name of account that you want to work with, you are redirected to your Bold360 work environment.

  4. If you have access to multiple Bold360 work environments, select the one you want to work with on the Bold360 environment page.

  1. Depending on whether you have access to multiple Bold360 accounts or not, the following occurs:
    • If you have a single account, your Bold360 work environment is displayed.
    • If you have access to multiple accounts, you are redirected to the My Accounts page.

    Result: When you click the name of account that you want to work with, you are redirected to your Bold360 work environment.

Sign in using SSO

LogMeIn offers Enterprise Sign-In, which is a SAML-based single sign-on (SSO) option that allows users to log in to their LogMeIn product(s) using their company-issued username and password, which is the same credentials they use when accessing other systems and tools within the organization (e.g., corporate email, work-issued computers, etc.). This provides a simplified login experience for users while allowing them to securely authenticate with credentials they know.

You can set up SSO in the LogMeIn Organization Center. For more information, see Using the Organization Center and Is Enterprise Sign-In right for me?

How to sign in to the AI Console

You can log in from your account page or the My Accounts page.

From February, 2021, you can sign in to the AI Console either directly by going to the relevant sign-in page. To learn more about the new sign-in process, see About the new sign-in process in the Digital DX AI platform.

Sign in from the product page

You can access the AI Console directly from the product sign-in pages.

  1. Go to <account>.nanorep.co, where <account> is the name of your Digital DX account.

  2. Sign in with your email address and password. If desired, select the Keep me signed in option.
    Tip: The "Keep me signed in" feature allows the user to remain signed in to the AI Console as long as there is activity and the user has not cleared their web browser cache where they last signed in. After 30 days of no activity, the user will be prompted to sign in again.
  3. Depending on whether you have access to one or multiple accounts, the following happens:
    • If you have a single account, you are taken to the AI Console.
    • If you have access to multiple accounts, you are taken to an account selector page where you can select which account you want to log into.

Sign in from the My Accounts page

You can access your work environments from the LogMeIn My Accounts page.
  1. Sign in to your LogMeIn account at https://myaccount.logmeininc.com.

    Your LogMeIn products are displayed.

  2. Select Launch Bold360 on the Bold360 product card.
  3. If you have access to multiple Bold360 work environments, select Bold360 AI on the Select a Bold360 environment page.
    Note: If you have access to a single work environment, you do not see this page.

  4. Depending on whether you have access to one or multiple Bold360 AI accounts, the following happens:
    • If you have a single account, you are taken to Bold360 AI.
    • If you have access to multiple accounts, you are taken to an account selector page where you can select which account you want to log into.

Why didn't I get my "Reset Password" email?

Did you try resetting your password, but never received the "Reset Your Password" email? There are a few things that might have caused this.

The email might be in your spam folder or have been blocked.

In some cases, the spam filtering system on your email client might have misidentified the automated "Reset Your Password" email as being spam. It's also possible that your company's servers might have blocked your email due to security firewalls.

What to do next:

  • Check the "Spam" folder in your email inbox.
  • Contact your company's IT department and ask them to allow our domain names so that these emails are not automatically blocked.
    • customerService@s.logmein.com
    • *s.logmein.com
    • @care.gotomeeting.com
    • @care.gotomypc.com
    • @care.gotoassist.com
    • @care.gotraining.com
    • @care.gotowebinar.com

You might have entered the wrong email address.

When you enter an email address on the Reset Password page at https://authentication.logmeininc.com/pwdrecovery, the confirmation page is displayed regardless of whether you entered the right email address or not. To protect your account's security, we cannot confirm whether or not the email address you entered is registered with our system.

What to do next:

  • Try using another email address that the account might have been created under.
  • Contact your account admin to confirm the email address that is used for your account.

You might not have an account.

If you never signed up for a free trial or a paid account, then you do not have an email address registered with LogMeIn.

Still need help?

Contact Customer Care by clicking a contact option at the bottom of this article to have a support representative help you identify which email address is actually associated with your account.

Change Your Email Address

About email changes

For most accounts, you can change the email address that you use to sign in to your LogMeIn account and/or add a "Recovery" email address to use as a backup in case you ever lose access to your "Primary" email address.

If you are part of a corporate account that has been set up to use Enterprise Sign-In (SSO), you will need to use your company email address and password to sign in. If the use of Enterprise Sign-In is enforced (i.e., not optional) in your account, your ability to make account changes will be limited (as shown below). Learn more about Enterprise Sign-In (SSO).

Email changes for most accounts

  1. Sign in to the My Account page at https://myaccount.logmeininc.com.
  2. Click Sign In & Security in the left navigation.
  3. In the Email Address section, click Edit.
  4. Under Primary email, enter your desired email address. This will be the email address you use to log in to your account.
  5. Under Recovery email, enter an email address (must be different from your primary email address) that you would like to use to be sent a password reset email, as a backup measure in case you lose access to your primary email address. If the field is left blank (displayed as "None set," as shown below), the password reset email will be sent to your primary email address.
  6. Click Save when finished.

    Save Changes to Editing Email Address

Email changes for enforced Enterprise Sign-In only accounts

Please note that you cannot set a Recovery email address for an account that is required to use Enterprise Sign-In as the only login method.

  1. Sign in to the My Account page at https://myaccount.logmeininc.com.
  2. Select Sign In & Security in the left navigation.
  3. In the Email Address section, click Edit.
  4. Under Primary email, make your desired changes to the email username.
  5. Use the drop-down menu to select your desired email domain (only domains validated by your company will be listed).
  6. Click Save when finished.

Change Your Display Language

You can change your language settings after logging in to your LogMeIn account. This setting will change the default language that your web account is displayed in, as well as the default language for the desktop app (if applicable).

  1. Sign in to the My Account page at https://myaccount.logmeininc.com.
  2. Select Personal Info in the left navigation.
  3. In the "Preferred language" field, use the drop-down menu to select your desired language.
  4. Click Save when finished.

    Save Changes to Personal Info

How to set up my Identity Provider for SSO

 Important: Please note that this setup refers to the current authentication method in place that is currently in the process of transitioning to the new Genesys DX authentication. Your organization's SSO configuration will need to be updated if you set this method up or currently have it configured. Additional details about the changes to the Genesys DX Authentication service is available at in this article: Configuring the Genesys DX Product Authentication Service as SSO service.

There are several Identity Providers that you can use, and all are slightly different when it comes to setup. The following example describes setting up Google G Suite as your Identity Provider.
  1. Login at admin.google.com and go to Apps > SAML Apps.
  2. Click on the yellow + sign in the bottom right.
  3. Select Setup my own custom app.
  4. Copy the SSO URL, Entity ID, and download the Certificate / IDP metadata file that you will use later.
  5. Click Next.
  6. On the Service Provider Details page, type the following:

  7. Skip Attribute Mapping and click Finish.
Once created, select the app and click On for everyone.

Setting up your Service Provider using the LogMeIn Organization Center

The Organization Center provides you with the ability to set up automated provisioning using the Active Directory Connector and/or Enterprise Sign-In (single sign-on) for your users. An organization is created when you verify ownership of one or more valid and unexpired domain(s) by registering the domain(s) with LogMeIn. Once your domain ownership has been verified, your organization is automatically created. This allows you to manage sign-in options for user identities that match your verified email domain(s). Domains within your organization are wholly-owned email domains that your admins can verify either through your web service or DNS server. For example, in the email Joe@main.com, "main.com" is the email domain. Verifying the initial domain automatically creates your organization.
Note: Before you get started, you must have a LogMeIn product, such as Digital DX.
  1. Setup your first domain by going to https://organization.logmeininc.com/.
  2. Log in using an existing LogMeIn account set up under the same domain you wish to add to your organization.
  3. Verify that you own the domain that you logged in with: you are provided two methods for setting up domain validation, each of which uses a unique verification code to complete the verification.
  4. Copy the verification value to your clipboard.
    Note: The verification screen will display until the domain is verified. If it takes you longer than 10 days to verify the domain, the system will automatically generate new verification codes for your domain the next time you visit the Organization Center.
  5. Paste the verification code into the DNS record or a text file for upload to one of the locations. Depending on which of the verification methods you choose, you have the following options:
    • Option 1 - Add a DNS record to your domain zone file

      To use the DNS method, place a DNS record at the level of the email domain within your DNS zone. Typically, users are verifying a ?root? or ?second level? domain such as ?main.com?. In this case, the record looks as follows:

      @ IN TXT "logmein-verification-code=668e156b-f5d3-430e-9944-f1d4385d043e"

      or

      main.com. IN TXT "logmein-verification-code=668e156b-f5d3-430e-9944-f1d4385d043e"

      If you need a third-level domain (or subdomain), such as ?mail.example.com?, the record must be placed at that subdomain:

      mail.main.com. IN TXT "logmein-verification-code=668e156b-f5d3-430e-9944-f1d4385d043e"

    • Option 2 - Upload a web server file to the specified website

      Upload a text file to your web server root, which contains a verification string. There should not be any whitespace or other characters in the text file besides what is defined.

      • Location: http://<yourdomain>/logmein-verification-code.txt
      • Contents: logmein-verification-code=668e156b-f5d3-430e-9944-f1d4385d043e

      Once you have added the DNS record or text file, return to the domain status screen and click Verify. Next time you sign in, you will see that the domain is verified.

      Once your base domain is verified, your organization is created with your account as the organization admin. The user who completes domain verification will automatically become an organization admin, but this user is not required to have a LogMeIn product admin role and additional users can be setup under the Users tab. You can also add more domains to verify, or delete any domains you no longer need.

  6. After setting up an organization, you must finalize the trust relationship between your company and LogMeIn to enable Enterprise Sign-In (SSO) for your users:
    1. In the Organization Center, go to the Identity Provider tab.
    2. From the How would you like to configure your SAML IDP drop-down list, select Manual.
      Note: The Automatic option will not work with G Suite since they do not offer a Metadata URL.
    3. Finish your setup with the details that you have defined in Step 5 above:
  7. Save your changes.
You can now login with your Company ID using Single Sign-On.

Sign in to Digital DX with SSO

Once your admin set up Enterprise Sign-In (Single Sign-On), you can sign in to your LogMeIn products from your Identity Provider page with your password or your Company ID.

Note: To enforce Enterprise Sign-In (SSO) as the only login method for your users, please contact support.
  1. Go to your product sign-in page, or https://auth.bold360.com and enter your validated company email address.
  2. On the Password page, click Sign in with Company ID.

    You are redirected to your Identity Provider's sign in page. Enter your company credentials, then proceed to sign in.

  3. Depending on where you signed in in Step 1 above, you are now logged in to your LogMeIn product website or the My Account page.

Why can't I log in to the Bold360 Agent platform?

The following questions answer those problems that may occur when you can't sign in to your Bold360 Agent account.

Can't sign in to your Bold360 AI account?

Have a look at our Bold360 ai support site for information.

Why didn't I get an email when I tried to reset my password?

If you reset your password but did not receive an email from Bold, please check the following:

  1. Type your username or email address in the Reset your Password window:
    • If you have not yet registered your email address as your new username, type your current username
    • If you have registered your email address as your new username, type your email address. By now, most users sign in with their email address.

  2. If the issue still occurs, check your spam folder.
  3. If you still don?t receive an email, make sure your Email settings can accept emails from noreply@logmein.com.
  4. If the issue persists, either ask your administrator to re-send an invitation, which will allow you to set up a new password, or contact our Support team or your Customer Experience Manager.

What are the requirements for creating a new password?

  • Must be at least eight characters long
  • Must have a digit, an upper case character, and a lower case character
  • Cannot have the same character repeating four times in a row
  • Cannot contain your user name or the account name
  • Cannot reuse your last five passwords

Why am I not receiving an invitation or verification email?

When your administrator assigns a new email address to you, your must set up access via an email invitation. Similarly, when you change your username to an email address, you have to verify your new email address via a verification email. When you don't receive such emails, do the following:

  1. Make sure your spam folder does not contain an email from us.
  2. If you still don?t receive an email, make sure your Email settings can accept emails from noreply@logmein.com and support@bold360.com.
  3. If the issue persists, either ask your administrator to re-send an invitation, which will allow you to set up a new password, or contact our Support team or your Customer Experience Manager.

As an administrator, can I resend an invitation for my users?

Yes, you can. When your user cannot find the invitation email, you can resend an invite.

Important: You can resend an invitation email only if the user has not accepted the invitation yet.
  1. In the Bold360 Admin Center, go to Organization > Agents.
  2. Click the name of the agent to who you want to resend an invitation.
  3. On the Agent Information tab, select Resend user invitation.
  4. Save your changes.

This will send an email to your selected user who will be prompted to change their password.

What if I can sign in but have no access to a Bold account?

  • If an email invitation was already sent to you (automatically when creating new user; when changing your email address; or when resending an invitation), make sure that you set up your Bold access through this invitation email. These invitations are always sent from support@bold360.com.
  • If you are an existing Bold user and your username has not been changed since LogMeIn started migrating Bold users to the common login platform, make sure you set up your Bold access by doing the following:
    1. Sign in with your former Bold username and password.
    2. During the sign-in process, switch your username to your email address.

What if I can sign in, but immediately and automatically signed out?

Make sure you are not signed in to Bold360 in another browser or browser tab. If you are, close that browser (tab) and try again.

As an administrator, how do I reset passwords for my agents?

You don't. As LogMeIn moves to the new common identity platform, each user will be uniquely identified by their email address. Users of LogMeIn products will be able to easily move between different LogMeIn products using the same email-address and password. Therefore, the email and password of each user are owned by the user itself and can?t be controlled by the administrator of a Bold account.

However, the administrator of a Bold account can always remove or modify each user's permissions. For example, users can be blocked from accessing a specific account or can get different permissions to ensure the security and ownership of the administrators of their accounts.

Do I need my agents to have a valid email address?

Yes. Since each user of LogMeIn products is identified by their email address, that email address must be valid and accessible. Email addresses in your Bold360 account can be either a work email (recommended) or a personal email. These emails will not receive any sensitive information regarding your Bold360 account.

What if none of the above helps?

As a last resort, your administrator can create a new user account for you. Make sure that you provide the proper email address to your admin, because you will receive an invitation email to that address and you will also use that email address to sign in to Bold360.

Configuring Single Sign-On

Single Sign-On (SSO) integration simplifies the sign-in process by providing access to multiple products with a single login. This feature integrates with your current SSO technology and is easily accessible though the Agent Workspace.

Important: You can also set up SSO in the LogMeIn Organization Center as described in How to set up my Identity Provider for SSO.
Note: This feature is only available for Bold360 Plus subscribers and Bold360 AI platform accounts.

How to log in with SSO to the AI Console

Users of the AI Console can log in with their corporate credentials using single sign-on (SSO), which provides a new layer of security. Once SSO is configured, each user in the account can log in by clicking the Use Single Sign-On (SSO) link at the bottom of the login page.

To set up SSO login for an account, do the following:

  1. As an administrator user log into the AI Console and go to Settings > SAML Settings.
  2. Select Enable authentication for this account.
  3. Paste the content of the metadata file that you received from your Identity Provider into the SAML Meta Data XML field.
    Note: the AI Console supports SAML 2.0.
  4. Optional: Select Force SSO Login to disable the standard login method.
    Important: When you enable the Force SSO Login option, all passwords for your account will be deleted. Users can no longer log in to the AI Console with their email and password.
  5. Save your changes.

Depending on your account's SSO configuration, the AI Console login page now displays the following options:

  • Login: when SSO is not available, you can log in with your username and password.
  • Use Single Sign-On (SSO): when SSO is the only option to log in to your account. This is the only option when Forced SSO login is enabled.
  • Both of the above login options: when SSO authentication is not exclusively enabled for the account, that is, Forced SSO login is disabled. In this case, users can decide how to log in to the AI Console:

How do I reset a password?

The following questions answer those problems that may occur when you do not receive an email verification upon creating a new user or verifying the email address of an existing one:

As an operator, how do I reset my password?

  1. Type your username or email address in the Reset your Password window:
    • If you have not yet registered your email address as your new username, type your current username
    • If you have registered your email address as your new username, type your email address

  2. If the issue still occurs, check your spam folder.
  3. If you still don?t receive an email, make sure your Email settings can accept emails from noreply@logmein.com.
  4. If the issue persists, contact our Support team or your Customer Experience Manager.

What are the requirements for creating a new password?

  • Must be at least eight characters long
  • Must have a digit, an upper case character, and a lower case character
  • Cannot have the same character repeating four times in a row
  • Cannot contain your user name or the account name
  • Cannot reuse your last five passwords

As an administrator, how do I reset passwords for my operators?

You don't. As LogMeIn moves to the new common identity platform, each user will be uniquely identified by their email address. Users of LogMeIn products will be able to easily move between different LogMeIn products using the same username and password. Therefore, the email and password of each user are owned by the user itself and can?t be controlled by the administrator of a Bold account.

However, the administrator of a Bold account can always remove or modify each user's permissions. For example, users can be blocked from accessing a specific account or can get different permissions to ensure the security and ownership of the administrators of their accounts.

Do I need my operators to have a valid email address?

Yes. Since each user of LogMeIn products is identified by their email address, that email address must be valid and accessible. Email addresses in your BoldChat account can be either a work email (recommended) or a personal email. These emails will not receive any sensitive information regarding your BoldChat account.

Why didn't I get a verification or invitation email?

The following questions answer those problems that may occur when you do not receive an email verification upon creating a new user or verifying the email address of an existing one:

Why didn't I get an email when I tried to reset my password?

If you reset your password but did not receive an email from Bold, please check the following:

  1. Type your username or email address in the Reset your Password window:
    • If you have not yet registered your email address as your new username, type your current username
    • If you have registered your email address as your new username, type your email address

  2. If the issue still occurs, check your spam folder.
  3. If you still don?t receive an email, make sure your Email settings can accept emails from noreply@logmein.com.
  4. If the issue persists, contact our Support team or your Customer Experience Manager.

Why am I not receiving an invitation or verification email?

When your administrator assigns a new email address to you, your must set up access via an email invitation. Similarly, when you change your username to an email address, you have to verify your new email address via a verification email. When you don't receive such emails, do the following:

  1. Make sure your spam folder does not contain an email from us.
  2. If you still don?t receive an email, make sure your Email settings can accept emails from noreply@logmein.com and support@boldChat.com.
  3. If the issue persists, either ask your administrator to re-send an invitation, which will allow you to set up a new password, or contact our Support team or your Customer Experience Manager.

How to sign in to BoldChat?

With the coming of the new sign-in process on March 16, 2020, depending on the version of your BoldChat Operator client, you will have the following options to sign in to the client:

Note: To check the current version of your Operator client, go to the Help > About menu.

For more information on these changes, see About the new sign-in process in BoldChat.

To sign in with your email address and password, do the following (for clients running version 15.2.6 or later):

  1. Start the BoldChat Operator client.
  2. Sign in with your email address and password.

  3. If you have access to multiple accounts, select the account that you want to work with.

    Result: The Operator Client opens.

What if I can login but have no access to a Bold account?

If an email invitation was already sent to you (automatically when creating new user; when changing an your email address; or when resending an invitation), make sure that you set up your Bold access through this invitation email. These invitations are always sent from support@BoldChat.com.

If you are an existing Bold user and your username has not been changed since LogMeIn started migrating Bold users to the common login platform in March 2020, make sure you set up your Bold access by doing the following:

  1. Sign in with your former Bold username and password.
  2. During the sign-in process, switch your username to your email address.

How to switch account

Users with multiple accounts can switch between accounts without signing out of BoldChat.

  1. Sign in to the BoldChat Operator Client.
  2. In the BoldChat menu, click Switch Account.

    You are redirected to the account selector page, where you can choose another account to sign in to.

For more information about the account selector page, see How to sign in to BoldChat?

About the new sign-in process for the Desktop Client

In a nutshell

  • If you use the latest Desktop Client(version 15.2.6 or later) or you already use the client in SSO mode, you have nothing to do. To check the current version of your Operator client, go to Help > About.
    Important: We highly recommend that you upgrade to the latest Operator client version by January 27, 2020. See How to update your Desktop Client.
  • If you want to use your older client version, which supports Single Sign-On (available from version 7.4), then follow the instructions in How to start the Desktop Client in SSO mode.
    Note: You must set up SSO mode on every Desktop Client.
  • If you use a Desktop Client version prior to 7.4, you must upgrade to the latest client version. Contact your Customer Success Manager for help.

Overview of the new sign-in process

LogMeIn migrates all customers to use a unique email address to sign in to all LogMeIn products, including all versions of Digital DX. This change modernizes our sign in process and simplifies it for users: you no longer have a separate username and email address. Having a common identity across LogMeIn products makes it easier for you to use our suite of solutions.

With the coming of the new sign-in process, Desktop Client users may have to verify their email address and their password policy will also change. Operators and admins will have the following experience when they sign in:

If you also have access to multiple accounts, you will have to select that after signing in to the Desktop Client. Operators and admins will see the following window when they select a Digital DX account to work with:

Important: By January 31, 2020 your IT team must allowlist these URLs to allow access to http://authentication.logmeininc.com and auth.bold360.com. For more information, see Allowlisting and Digital DX.

How does your current password policy change?

You will no longer have the option to customize your organization's password policy. If you still want to enforce a password policy, as an admin, you must enable it for your account and then each user must agree to the policy before signing in to the Desktop Client.

Starting March 16, 2020, accounts who previously enforced password policies will adopt the following configuration:

  • Users must change passwords every 90 days
  • Users cannot reuse their last five passwords

Users will be locked after three unsuccessful sign-in attempts for five minutes. After 25 unsuccessful attempts, users will be "hard locked" and will be able to unlock their accounts only by resetting their passwords. As additional protection, LogMeIn uses risk-based authentication to protect against sophisticated password attacks.

Your existing password policy that you can set on the Setup > Login Control Settings page in the Desktop Client will change to default in the following cases:

  • You have selected Apply password policy to all users on the Future Login Setup page
  • You have enabled Disallow reusing password for X generations on the Setup > Login Control Settings page
  • You have enabled Force change of password every X days on the Setup > Login Control Settings page

Who should verify their email address?

From March 16, 2020, Digital DX users may have to provide their email address and go through a short email verification process when signing in for the first time. An administrator can save time for users by setting up user email addresses, in which case users can skip the email verification. After setting up user emails, select the Force email that I set up for my users option on the Setup > Future Login Setup page in the Desktop Client.

After setting up an email address, users can sign in with their email address.

Note: You may have the option to postpone switching to your email address to sign in by clicking the I'll do this later link. To support operators and their administrators during this busy time, you can do so by May 31, 2020.

To set up user emails with the API, see How to set up user emails with the API?

Where to make changes in the Desktop Client

You can make email and password policy-related changes on the Setup > Future Login Setup page in the Desktop Client:

Force email that I set up for my users
After an admin sets up unique email addresses for all Digital DX users, select this option to force using those pre-defined emails to sign in. Users will not have to verify their emails.
Password policy changes
Select this option to apply LogMeIn's common password policy on all Digital DX users starting March 16, 2020. This means forcing users to change their passwords every 90 days and not reusing their last five passwords.

Identity and Access Management Provider Support

Many companies provide identity and access management (IAM) services for our LogMeIn products. The specific services they offer will vary depending on the company, as shown below. Some offer single-sign on only, others offer automated user provisioning only, and some offer both. In addition, some Identity Providers allow you to also sign in from the Identity Provider's website in addition to our own Login page.

Below you'll see a breakdown of which services are offered by which companies, so that you can decide which is the best option for your company's needs.

Identity Provider (IdP) IdP Flow SP Flow Configuration Additional Info
Active Directory Federated Services (ADFS) v2.0v3.0 x x Publishes its metadata at a public URL for consumption. Can consume a SAML SP's metadata from a metadata URL. May not support a default RelayState for use in the IdP-Initiated flow. Supports the forceAuthn flag. Validates signature on AuthnRequest.
NOTE: Links in this table access the Identity Provider site. Search for the LogMeIn product of choice in the site.
Azure AD   x Publishes its metadata at a public URL for consumption. Does not support consuming a SAML SP's metadata from a metadata URL. Does not support the forceAuthn flag, errors if encountered. Does not validate signature on AuthnRequest.
RSA   x    
Okta x x Publishes its metadata at a public URL for consumption. Does not support consuming a SAML SP's metadata from a metadata URL. Supports forceAuthn flag. Does not validate signature on AuthnRequest.
OneLogin x x Publishes its metadata at a public URL for consumption. Does not support consuming a SAML SP's metadata from a metadata URL. Does not support the forceAuthn flag, errors if encountered. Does not validate signature on AuthnRequest.
SecureAuth x x Does not publish its metadata at a public URL for consumption. Does not support consuming a SAML SP's metadata from a metadata URL. Supports forceAuthn flag. Validates signature on AuthnRequest.

What do I do if I forgot my password?

The Forgot password? option on the AI Console sign-in page enables you to reset your password.

From February, 2021, here's how you can reset your password when you try to sign in with your email address:

  1. On the sign-in page, enter your email to the Email field and choose Next.
  2. Select Forgot password.

    Result: You are taken to the Reset Password page.

  3. Choose Reset password.

    Result: You'll receive an email to the email address associated with your user.

  4. Check your inbox and select Create a password in the password recovery email from LogMeIn.
  5. On the Reset Password page, enter a new password for your account.
  6. Confirm your password and choose Reset Password.

Set Up a Custom Enterprise Sign-In Configuration

One of the options for implementing Enterprise Sign-In (single sign-on) is to set up a custom configuration using the Identity Provider tab within the Organization Center. This is most commonly used by companies that use a third-party provider that doesn't offer a pre-configured single sign-on package, or that need a custom SAML Identity Provider.

LogMeIn offers Enterprise Sign-In, which is a SAML-based single sign-on (SSO) option that allows users to log in to their LogMeIn product(s) using their company-issued username and password, which is the same credentials they use when accessing other systems and tools within the organization (e.g., corporate email, work-issued computers, etc.). This provides a simplified login experience for users while allowing them to securely authenticate with credentials they know.

The Identity Provider tab within the Organization Center supports various configurations. IT Administrators can configure automatically using a metadata URL or uploading a SAML metadata file, or configure manually with sign-in and sign-out URLs, an identity provider ID and an uploaded verification certificate.

General Identity Provider Setup Overview

A trust-relationship between two relying parties has been established when each party has acquired the necessary metadata about the partner for execution of a SAML Single Sign-On. At each relying party, the configuration information can be input dynamically or manually, depending on the interface offered by the IdP.

When introducing the LogMeIn SAML Service's metadata at the IdP, you may be given an option to add a new Service Provider via metadata. In this case, you can simply populate the metadata URL field with:

https://authentication.logmeininc.com/saml/sp

In the event your IdP requires manual input of information, you'll need to manually enter the parts of the metadata. Depending on your IdP, it may ask for different pieces of information or call these fields different things. To start, here are some of the configuration values that should be entered if your IdP asks for them. Then, depending on your IdP's support for s feature called RelayState, there will be additional values to input.

  • EntityID ? The LogMeIn SAML Service's entityID is the metadata url. The IdP may sometimes refer to it as the IssuerID or the AppID. (https://authentication.logmeininc.com/saml/sp).
  • Audience ? This is the EntityID of the GoTo SAML Service. An IdP may refer to it as the Audience Restriction. This should be set to: https://authentication.logmeininc.com/saml/sp.
  • Single Logout URL ? The destination of a logout request or logout response from the IdP:  https://authentication.logmeininc.com/saml/SingleLogout.
  • NameID format ? The type of the subject identifier to be returned in the Assertion. The LogMeIn SAML Service expects: EmailAddress

When accessing products through an IdP-initiated sign in, some IdPs support a feature known as "RelayState", which allows you to drop users directly into the specific LogMeIn product on which you want them to land. To configure this, the following fields, if requested by your IdP configuration should be set accordingly. Some IdPs refer to these fields by different names. Where possible, we have included alternative names that some IdPs use for these fields.

  • Assertion Consumer Service URL ? The URL where authentication responses (containing assertions) are returned to. The IdP may also refer to this as the ACS URL, the Post Back URL, the Reply URL, or the Single Sign On URL.
  • Recipient
  • Destination

If your IdP supports the RelayState feature, all of the above fields (where requested by your IdP - not all IdPs will ask for all fields) should be populated with: https://authentication.logmeininc.com/saml/acs.

You can then set a per-product RelayState to allow routing to different products from your IdP application catalog. Below are the RelayState values to set for LogMeIn products:

If your IdP does not support the RelayState feature, there will be no RelayState value to set. Instead, set the ACS values above (ACS URL, Recipient, Destination) to the following values per product

During manual configuration of the LogMeIn SAML Service at the IdP, you may be presented with some additional options. Here is a list of potential options you may be presented and what you should set them to.

  • Sign assertion or response
    • Activate this option, the LogMeIn SAML service requires the IdP's signature on the response.
  • Encrypt assertion or response
    • Deactivate this option, currently the SAML service is not processing encrypted assertions.
  • Include SAML Conditions
    • Activate this option, it's required by the SAML Web SSO profile. This is a SecureAuth option.
  • SubjectConfirmationData Not Before
    • Deactivate this option, required by the SAML Web SSO profile. This is a SecureAuth option.
  • SAML Response InResponseTo
    • Activate this option. This is a SecureAuth option.

What if I forgot my password?

You can reset your password when you sign in with your email address.

  1. On the sign-in page, type your email address to the Email field and click Next.
  2. Click Forgot password.

  3. Click Reset password. You'll receive an email to the email address that you have entered.
  4. Check your inbox and click Create a password in the password recovery email from LogMeIn.
  5. On the next page, make sure the email address that you want to use to sign in to Digital DX is correct.

    To use a different email address in the future to sign in to Digital DX, change the email address that the system provided.

  6. Click Reset your password.

  7. If you have the option to change your email address, you must go through a short verification process.
    Note: This option may not be available to you.

What are the password requirements?

  • Users must change passwords every 90 days
  • Users cannot reuse their last five passwords
  • Password must be at least eight characters long
  • Password must contain a digit, an upper case character, and a lower case character
  • Password cannot have the same character repeating four times in a row
  • Password cannot contain the user's name or the account name

How do I verify my login?

Some Digital DX users may be prompted to complete additional verification steps when they log in to access their LogMeIn account. Once you have verified your login and signed in, you can manage trusted devices for your account, which will no longer require this verification process.

Why am I being asked to verify?

The security of your Digital DX account is our highest priority. If we detect unusual activity or a login attempt from an unidentified yet suspicious location, we want to verify that it's really you logging in to access your account.

Can I turn this off for my account?

This is a built-in security feature that exists to help protect your account, and therefore it cannot be disabled. However, once a user verifies their account and successfully logs in, they can add their specific device as a trusted device to their user account profile to prevent verification checks from that device in the future.

Verify your login for unverified locations

  1. After logging in to Digital DX, you are prompted with a message that instructs you to verify your email address.
  2. An email notification is sent to the inbox of your Digital DX account email address. Go to your inbox and copy the code from the "Email verification" message.
    Note: The verification code is valid for 10 minutes.
  3. Paste the code in the "Verification code" field, then click Continue.
  4. Once verified, you are logged in to your Digital DX account.

Verify your login for unidentified locations (deemed suspicious)

If you are actively logged in to your account via the Web App and a login attempt is made from an unidentified location, you are immediately logged out of your account and your account will remain locked until you reset your password to unlock it, as follows:

  • Once you are automatically logged out, a message is displayed, "We've detected a suspicious sign-in to your account. To prevent unauthorized activity and keep your account safe, set a new password" to inform you why your account is locked. Reset your password to gain access to your account again.

What if I can't access the inbox where the email was sent?

You may have Digital DX user accounts that use generic email addresses that are not linked to an active inbox.

Please contact support by scrolling to the bottom of this article and selecting an available contact option for further assistance.

I haven't received the verification email. What should I do?

If you have a valid email address with an active inbox and have not received the verification email:

  • Please be aware that it may take up to 10 minutes to reach your inbox
  • Check your spam filters ? the email will be sent from customerservice@s.logmein.com

Still not receiving it? Please contact Customer Care (by clicking a contact option at the bottom of this article) for further assistance.

I've verified my login. Will I have to go through this verification process for future sign ins?

Once you have verified and signed in, you can manage devices that can access your account by granting trust, which will no longer require email verification for future sign ins from your trusted devices. Learn how to manage trusted devices.

How do I sign in using single sign-on?

Once your admin has completed all of the steps for setting up Enterprise Sign-In (single sign-on), you can sign in to your LogMeIn product and get redirected to your Identity Provider page to finish signing in automatically or by using your Company ID.

Are you interested in enforcing the use of Enterprise Sign-In (SSO) as the only login method for your users?

Please contact support by scrolling to the bottom of this article and selecting an available contact option for further assistance.

  1. On the Digital DX sign in screen or on the My Account page at https://myaccount.logmeininc.com, enter your validated company email address.
    Note: If you are not automatically redirected, click My Company ID, then enter your email address and click Continue.

  2. You are redirected to your Identity Provider's sign in page. Enter your company credentials, then proceed to sign in.
    You are now signed in to your LogMeIn product website or the My Account page, depending on where you signed in during Step #1 above.

Connect Your Social or Other Account for Sign-In

About signing in using social or other accounts

For most accounts, you can choose to sign in through a social or other account provider using LastPass, Google, Facebook, LinkedIn, Microsoft, or Apple. This ensures that while you are logged into the social provider on your device, you can access your Digital DX account instantly with no additional login credentials necessary. You can choose to sign in this way at any time.

If you are part of a corporate account that has been set up to use Enterprise Sign-In (SSO), you will need to use your company email address and password to sign in. If the use of Enterprise Sign-In is enforced (i.e., not optional) in your account, your ability to make account changes will be limited (as shown below). Learn more about Enterprise Sign-In (SSO).

Note: For information about signing in as a user with an Enterprise Sign-In account, please see How do I log in using single sign-on?

How to connect your social or other accounts for sign-in

You can connect your LastPass, Facebook, Google, LinkedIn, Microsoft, or Apple account as follows:

  1. Sign in to the My Account page at https://myaccount.logmeininc.com.
  2. Select Sign In & Security in the left navigation.
  3. Click the Connect to < provider > hyperlink for your desired account.

    Result: You are sent to your social/other account sign-in provider to view and accept the terms.

  4. Sign in with your social/other account email address and password to verify and allow access.
    Note: If you navigate back to the Sign In & Security page, your social/other account will be displayed as "Connected" next to the account provider.

    Result: You have connected your selected social/other account provider and are now signed in to your LogMeIn account. Sign In and Security

Sign in using your social or other account

Once your social or other account is connected on the Sign In & Security page (and you are also logged to your account provider on your device), you can sign in to your Bold360 account immediately by selecting your desired account provider from the "Sign in with..." option at the bottom of the sign-in screen.

Note: Only the social/other accounts you have connected will be displayed (aside from the other sign-in options you are already enabled to use).
Sign in with Social Account

Disconnect your social or other account

You can disconnect your social or other account at any time as follows:

  1. Sign in to the My Account page at https://myaccount.logmeininc.com.
  2. Select Sign In & Security in the left navigation.
  3. Click the Disconnect hyperlink below your desired social/other account.

    Result: A confirmation message displays indicating your social/other account was successfully disconnected.

About connecting social or other accounts for enforced Enterprise Sign-In only accounts

If Enterprise Sign-In (SSO) is strictly enforced for your account, you are unable to connect a social account as a login method. Please contact your company administrator for more information.

Set Up Enterprise Sign-In using ADFS 3.0

Your organization can easily manage thousands of users and their product access while also delivering single sign-on (SSO). SSO ensures your users can access their LogMeIn products using the same identity provider as for their other enterprise applications and environments. These capabilities are called Enterprise Sign-In.

This document covers configuration of your Active Directory Federation Services (ADFS) to support single sign-on authentication to LogMeIn products. Prior to implementing, however, be sure to read more about Enterprise Sign-In and complete the initial setup steps.

ADFS 3.0 is an enhanced version of ADFS 2.0. It is a downloadable component for Windows Server 2012 R2. One large advantage of 3.0 is that Microsoft's Internet Information Services (IIS) Server is included in the deployment rather than a separate install. The enhancements vary the installation and configuration somewhat compared to its predecessor.

This article covers how to install and configure ADFS, and to set ADFS up in a SAML trust relationship with Enterprise Sign-In. In this trust relationship, ADFS is the Identity Provider and LogMeIn is the Service Provider. On completion, LogMeIn will be able to use ADFS to authenticate users into products like GoToMeeting using the SAML assertions served by ADFS. Users will be able to initiate authentications from the Service Provider side or the Identity Provider side.

 

Requirements

Among the prerequisites for ADFS 3.0 are:

  • A publicly trusted certificate to authenticate ADFS to its clients. The ADFS service name will be assumed from the subject name of the certificate so it's important that the subject name of the certificate be assigned accordingly.
  • ADFS server will need to be a member of an Active Directory domain and a domain administrator account will be needed for the ADFS configuration.
  • A DNS entry will be needed to resolve the ADFS hostname by its client

A complete and detailed list of the requirements can be reviewed in the Microsoft ADFS 3.0 overview.

Installation

  1. Start the installation of ADFS 3.0 by going to Administrative Tools > Server Manager > Add roles and features.
  2. Under the Select installation type page, select Role-based or feature-based installation, then click Next.
  3. On the Select destination server page, select the server on which to install the ADFS service, then click Next.
  4. On the Select server roles page, select Active Directory Federation Services, then click Next.
  5. On Select features, unless there are some additional features that you want to install, leave the defaults and click Next.
  6. Review the information on the Active Directory Domain Services page, then click Next.
  7. Initiate the installation on the Confirm installation selections page.

Configuration

  1. In your Notifications, you will have a notification alerting you that you have a Post-deployment Configuration? task remaining. Open it and click on the link to initiate the Setup Wizard.
  2. In the Welcome page, select Create the first federation server in a new federation server farm (unless there is an existing farm that you are adding this ADFS server too).
  3. On the Connect to ADFS page, select the domain admin account to perform this configuration.
  4. In Specify Service Properties, specify the SSL Certificate created from the prerequisites. Set the Federation Service Name and Federation Service Display Name.
  5. In Specify Service Account, select the account that ADFS will use.
  6. In the Specify Configuration Database select the database to use.
  7. Review the information in Pre-requisite Checks and click Configure.

Establish Trust Relationship

Each party (ADFS and LogMeIn ) will need to be configured to trust the other party. Therefore, the trust relationship configuration is a two step process.

Step #1: Configure ADFS to trust SAML

  1. Go to Administrative Tools > ADFS Management.
  2. In ADFS Management, use the Action drop-down menu and select Add Relying Party Trust. This will initiate the Add Relying Party Trust Wizard.
  3. On the Select Data Source page of the wizard, select Import data about the relying party published online or on a local area network.
  4. In the text box below the selected option, paste the metadata URL:           https://authentication.logmeininc.com/saml/sp.
  5. Click Next.
  6. Skip the Configure Multi-factor Authentication Now? page.
  7. On the Choose Issuance Authorization Rules screen, select Permit all users to access this relying party (unless another option is desired).
  8. Proceed through the rest of the prompts to complete this side of the trust relationship.

Add 2 claim rules

  1. Click on the new endpoint entry, and click Edit Claim Rules in the right navigation.
  2. Select the Issuance Transform Rules tab, then click Add Rule.
  3. Use the drop-down menu and select Send LDAP Attributes as Claims, then click Next.
  4. Use the following settings for the rule:
    • Claim rule name: AD Email
    • Attribute store: Active Directory
    • LDAP Attribute: E-mail-Addresses
    • Outgoing Claim Type: E-mail Address
  5. Click Finish.
  6. Click Add Rule again.
  7. Use the drop-down menu and select Transform an Incoming Claim menu, then click Next.
  8. Use the following settings: 
    • Claim rule name: Name ID
    • Incoming claim type: E-Mail Address
    • Outgoing claim type: Name ID
    • Outgoing name ID Format: Email
  9. Select Pass through all claim values.
  10. Click Finish.
  11. Right click on the new relying party trust in the Relying Party Trusts folder and select Properties.
  12. Under Advanced, select SHA-1 and click OK.
  13. To prevent ADFS from sending encrypted assertions by default, open a Windows Power Shell command prompt and run the following command:

    set-ADFSRelyingPartyTrust ?TargetName "< relyingPartyTrustDisplayName >" ?EncryptClaims $False

Step #2 Configure LogMeIn to trust ADFS

  1. Navigate to the Organization Center at https://organization.logmeininc.com and use the Identity Provider webform.
  2. ADFS publishes its metadata to a standard URL by default: (https://< hostname >/federationmetadata/2007-06/federationmetadata.xml).
    • If this URL is publicly available on the Internet: Click the Identity Provider tab in the Organization Center, select the Automatic configuration option, then paste the URL in the text field and click Save when finished.
    • If the metadata URL is not publicly available, then collect the single-sign-on URL and a certificate (for signature validation) from ADFS and submit them using the Manual configuration option in the Identity Provider tab in the Organization Center.
  3. To collect the necessary items, do the following:
    1. To collect the single sign-on service URL, open the ADFS Management window and select the Endpoints folder to display a list of the ADFS endpoints. Look for the SAML 2.0/WS-Federation type endpoint and copy the URL from its properties. Alternatively, if you have access to the standard metadata URL, display the contents of the URL in a web browser and look for the single-sign-on URL in the XML content.
    2. To collect the certificate for signature validation, open the ADFS Management Console and select the Certificates folder to display the certificates. Look for the Token-signing certificate, then right click on it and select View Certificate. Select the Details tab, and then the Copy to File option. Using Certificate export wizard, select the Base-64 Encoded X.509 (.cer). Assign a name to the file to complete the export of the certificate into a file.
  4. Enter the single sign-on service URL and the certificate text into their respective fields into the Organization Center and click Save.

Test the configuration

  1. To test Identity Provider-Initiated Sign-On, go to your custom IdP URL (example: https://adfs.< my domain.com >/adfs/ls/< IdP Initiated sign on > = https://adfs.mydomain.com/adfs/ls/IdpInitiatedSignOn.aspx). You should see the relying party identifier in a combobox under ?Sign in to one to the following sites?.
  2. To test Relying Party-Initiated Sign-on, see instructions for How do I log in using single sign-on?

How do I manage my trusted devices?

The security of your Digitial DX account is our highest priority. For this reason, you can view all of the devices and locations where your user account is actively signed in and when it was last accessed.

You can review each device listed and choose to set familiar devices as trusted, or revoke trust and/or report devices that you don't recognize. Please note that the current device listed is the one you are using while you are logged in and reviewing your devices.

Trust a device

When reviewing your devices, you should only trust those that are familiar and that you fully recognize.

  1. Sign in to the My Account page at https://myaccount.logmeininc.com.
  2. Select Sign In & Security in the left navigation.
  3. Under Devices, click Review all devices.
  4. For your desired device, click the Options icon then select I trust this device.
  5. When prompted, click Continue to acknowledge that this device will not be prompted for email verification upon sign in if a security risk is detected.
  6. Your device now displays with a Trusted status and the date it was flagged as trusted.

Revoke trust or report an unrecognized device

For a device listed that you do not recognize, or an already trusted device that needs to have trust revoked (e.g., the device was replaced), you can report the device and will be immediately prompted to reset your account password as a security measure.

  1. Sign in to the My Account page at https://myaccount.logmeininc.com.
  2. Select Sign In & Security in the left navigation.
  3. Under Devices, click Review all devices.
    Note: You cannot report your current device as unrecognized or revoke trust for it.
  4. For your desired device, click the Options icon then select I don't recognize this device.
  5. On the Unrecognized Device screen, the location, date and time, device info, and IP address of the last login activity is displayed. If it is unfamiliar or you want to revoke trust, click Report & Sign Out.
  6. A confirmation window appears indicating that your device was reported, and a password reset email has been sent to your account email address. Check your inbox and click on the link to create a new password.

Using the Organization Center

The Organization Center provides you with the ability to set up Enterprise Sign-In (single sign-on) for your users. An organization is created when you verify ownership of one or more valid and unexpired domain(s) by registering the domain(s) with LogMeIn. Once your domain ownership has been verified, your organization is automatically created. This allows you to manage sign-in options for user identities that match your verified email domain(s).

To set up single sign-on (SSO), you must set up an organization using the steps below.

Before you get started...

You are required to have a LogMeIn product account in order to proceed.

Step #1: Set up your first domain

To get started, set up your initial domain, which will match the email domain of your users when they sign in to their Digital DX account.

Step #2: Add more organization users (optional)

If desired, you can add more organization admins who will be able to manage the Organization Center. Additional admins can assist in adding domains, users, and configuring your Identity Provider if you plan on setting up Enterprise Sign-In.

Step #3: Set up Enterprise Sign-In (SSO)

Now that you have created your organization, you can proceed to set up Enterprise Sign-In (SSO).

Organization Center Email Domains tab

Why can't I log in to my account?

From February 2021, users of the AI Console need to use their email address to sign in. Users may have to go through a short email verification process when signing in for the first time. See About the new sign-in process in the AI Console for more information about the new sign-in process.

Change Your Time Zone

You can change your time zone settings after you have logged in to your LogMeIn account.

  1. Sign in to the My Account page at https://myaccount.logmeininc.com.
  2. Select Personal Info in the left navigation.
  3. In the "Time zone" field, use the drop-down menu to select your desired time zone.
  4. Click Save when finished.

    Save Changes to Personal Info

Set Up Enterprise Sign-In (single sign-on)

LogMeIn offers Enterprise Sign-In, which is a SAML-based single sign-on (SSO) option that allows users to log in to their LogMeIn product(s) using their company-issued username and password, which is the same credentials they use when accessing other systems and tools within the organization (e.g., corporate email, work-issued computers, etc.). This provides a simplified login experience for users while allowing them to securely authenticate with credentials they know.

Before you get started...

You are required to have a LogMeIn product account in order to proceed, but this user is not required to have a LogMeIn product admin role.

Step #1: Set up an organization

Create your organization by verifying at least 1 domain used by your company.

Step #2: Configure your Identity Provider

Configure an Identity Provider (IdP) from one of our single sign-on options, if you have not already set one up. If you have already set one up, you can proceed to Step #3.

Step #3: Add your Identity Provider to the Organization Center

Add your configured Identity Provider to the Organization Center to indicate where you want your users to go to sign in to their assigned LogMeIn products.

Step #4: Test your Enterprise Sign-In environment

Sign in to your account to test your newly established Enterprise Sign-In setup.

Step #5: Inform your users they can log in using their company login credentials

You're all set! Once Enterprise Sign-In is set up, your users will receive a Welcome email that contains their Company ID (username) that they can now use to sign in to their account. When your users log in to their account via Enterprise Sign-In, their account status will be displayed as Enabled in the Admin Center.

(Optional) Step #6: Request to enforce Enterprise Sign-In

If you have set up Enterprise Sign-In and are interested in enforcing it as the only login method available when your users access their LogMeIn product account, please contact Customer Care by scrolling to the bottom of this article and selecting a contact option. Don't worry ? once Enterprise Sign-In has been enforced in your account, your users' active sessions remain unaffected ? they will just be prompted to use their company credentials upon their next login.

Add Your Identity Provider to the Organization Center

The Identity Provider tab within the Organization Center lets you configure your Identity Provider (IdP) relationship to establish Enterprise Sign-In (SSO) for your organization's users. Whichever single sign-on configuration method you choose, you must finalize the relationship with LogMeIn using the Identity Provider tab to complete the setup.

You can set up this configuration either automatically or manually ? you cannot do both. If you save one after the other, the last save is accepted.

Add Your Identity Provider Automatically

The easiest and most robust way to configure SSO is to use a link to your Identity Provider's metadata file if they provide one. The metadata contains additional information that the IdP can use to make the transaction more secure. In addition, since the metadata file is generated, the method is less prone to typographical errors.

  1. Log in to the Organization Center at https://organization.logmeininc.com.
  2. Click the Identity Provider tab.
  3. Select Automatic from the drop-down menu.
  4. Enter the Metadata URL for your Identity Provider.
  5. Click Save.
    The metadata file is uploaded and configures the relationships correctly.

Once your IdP has been added, you are all set! You can now sign in with your Company ID using single sign-on.


Add Your Identity Provider Manually

Not all IdPs support a metadata implementation. To set up a manually configured IdP relationship, you enter key data that will get built into the SAML assertions.

  1. Log in to the Organization Center at https://organization.logmeininc.com.
  2. Click the Identity Provider tab.
  3. Select Manual using the drop-down menu.
  4. Enter the data provided by your Identity Provider:
    • Sign-in page URL ? The IdP?s landing page for authentication requests, which is the full Identity Provider URL path. It must begin with https://.
    • Sign-in binding ? Select Redirect or POST.
    • Sign-out page URL ? This is the URL where the user is redirected upon log-out.
    • Sign-out binding ? Select Redirect or POST.
    • Identity Provider Entity ID ? Location of the globally unique name for your IdP as a SAML entity.
    • Verification certificate ? The IdP?s public certificate used to verify incoming responses from the IdP. You can add it in either of the following ways:
    1. Copy and paste the text of the certificate. It is required that the field starts with -----BEGIN CERTIFICATE----- and ends with -----END CERTIFICATE-----.
    2. Click Upload certificate to import the certificate from a saved location.
  5. When finished, click Save.
    The configuration is stored in the LogMeIn account service.

Once your IdP has been added, you are all set! You can now sign in with your Company ID using single sign-on.


Change Your Password

For most accounts, once you are logged in to your LogMeIn account, you can change the password that you use to sign in. If you have forgotten your password, you can also reset it here.

If you are part of a corporate account that has been set up to use Enterprise Sign-In (SSO), you will need to use your company email address and password to sign in. If the use of Enterprise Sign-In is enforced (i.e., not optional) in your account, your ability to make account changes will be limited (as shown below). Learn more about Enterprise Sign-In (SSO).

About password changes for enforced Enterprise Sign-In only accounts

If Enterprise Sign-In (SSO) is strictly enforced for your account, you are unable to change your account password. Please contact your company administrator for more information about password changes.

Password changes for most accounts

  1. Sign in to the My Account page at https://myaccount.logmeininc.com.
  2. Select Sign In & Security in the left navigation.
  3. In the Password section, click Edit.
  4. Under Current password, fill in your current account password.
  5. Under New password and Confirm new password, fill in your desired password. Please note, these fields must include a minimum of 8 characters and include letters & numbers.
    Note: If you want to view the password you are typing, click the View icon at the end of any of the password fields, as shown below.
  6. Click Save when finished.

    Save Password Changes

About password changes for enforced Enterprise Sign-In only accounts

If Enterprise Sign-In (SSO) is strictly enforced for your account, you are unable to change your account password. Please contact your company administrator for more information about password changes.

Set Up an Identity Provider

An Identity Provider (IdP) is a trusted online service or website that creates and maintains user identity information within a distributed network while also acting as a means of authentication for these users to access services.

This will allow users in your validated email domains to be authenticated for sign-on through your Identity Provider. Once you have set up an organization, the next step is to finalize the trust relationship between your company and LogMeIn to enable Enterprise Sign-In (SSO) for your users.

If you have not already established an Identity Provider, you can set up one of the following:

  • Implement the Microsoft Active Directory Federation Services (AD FS)

    Active Directory Federation Services is a feature of the Windows Server operating system that extends user's Windows sign-on access to other applications outside the corporate network. You can configure AD FS to work as an Identity Provider for LogMeIn's products. Learn how to configure AD FS 2.0 or AD FS 3.0.

  • Use a third-party Identity and Access Management Provider that provides single sign-on

    Many third-party Identity and Access Management partners offer single-sign on as part of their feature set, including:

  • Set up a custom configuration using the Organization Center

    You can use the Identity Provider tab in the Organization Center to set up a custom SAML configuration. Learn how to set up a custom Enterprise Sign-In (SSO) configuration.

Next Steps

You will need to add your Identity Provider to the Organization Center to indicate where you want your users to go to sign in to their assigned LogMeIn products.

Adding a TXT Record to a DNS Server

In order to define a domain organization with LogMeIn , you need to validate your company's ownership of specific email domains. One option is to add a text record to your domain's DNS settings. LogMeIn can then query the server and receive confirmation back of your ownership. Alternately, you can upload a plain-text file to your web server root containing a verification string. For more information, please see Set Up Domains in the Organization Center.

A TXT record contains information specifically intended for sources outside your domain. The text can be either human- or machine-readable and can be used for a variety of purposes including verifying domain ownership, authorizing senders with SPF, adding digital email signatures, and preventing outgoing spam.

Note:  If you have multiple domains to verify, you will need to add a text record for each domain.

Identify your domain host

If you do not know who is hosting your domain, there is a simple method for finding out. The following example uses the online utility site Whois.

  1. Open https://www.whois.com/.

  2. Click Whois and enter the domain name.
  3. Click Search.

  4. In the results, locate the name server for the site (e.g., CDCSERVICES.com). This is the domain host.

Add a TXT record

The method to add a text record to your domain will vary with hosts. The generic steps to add a text record to your domain are listed below.

  1. Sign in to your domain's account at your domain host.
  2. Locate the page for updating your domain's DNS records. The page may be called DNS Management, Name Server Management, or Advanced Settings.
  3. Locate the TXT records for your domain on this page.
  4. Add a TXT record for the domain and for each subdomain (see "Use Cases" below).
  5. Save your changes and wait until they take effect, which can range from a few minutes to up to 72 hours.
  6. You can verify that the change has taken place by opening a command line and entering one of the following commands below (based on your operating system):
    • For Unix and Linux systems:

      $ dig TXT main.com

    • For Windows systems:

      c:\ > nslookup -type=TXT main.com

  7. The response will display on its own line (not appended to another), and will look something like:

    main.com. 3600 IN TXT "logmein-verification-code=976afe6f-8039-40e4-95a5-261b462c9a36"

Use cases

Domain verification for domain main.com using 2 different methods (shown below).

Name TTL* Type Value / Answer / Destination
@ 3600 IN TXT "logmein-verification-code=976afe6f-8039-40e4-95a5-261b462c9a36?
main.com 3600 IN TXT "logmein-verification-code=976afe6f-8039-40e4-95a5-261b462c9a36?

Subdomain verification for mail.main.com.

Name TTL* Type Value / Answer / Destination
mail.main.com 3600 IN TXT
?logmein-verification-code=976afe6f-8039-40e4-95a5-261b462c9a36?
Note: * TTL - Time To Live - is the number of seconds before changes to the TXT record go into effect.

Manage Organization Users

The Users tab in the Organization Center provides access to your organization users. Each user has one of the following roles:

  • Admin (Read & Write) ? Individuals who can log in to the Organization Center and manage all settings. They may or may not be LogMeIn account holders themselves.
  • Admin (Ready Only) ? Individuals who can log in to the Organization Center and view settings, but not modify them. They may or may not be LogMeIn account holders themselves.
  • User ? Individuals with LogMeIn accounts who use Enterprise Sign-In, but do not need Organization Center access.

You can add, delete, and update organization users. If the user already has an account ID (an account for GoToMeeting, for instance), you must still add them to the organization. They can then authenticate through its IdP, and because their ID is a company ID, they can no longer change their own email address. If they do not have a product account login, they are provisioned with one but it is not associated with a specific product unless you have set up your system to do this through a user provisioning service.

Add users to the Organization Center

Users are defined by name, email, locale, and role. The filter option above the Role column allows you to search for any text string in the emails or names of users.
  1. Log in to the Organization Center at https://organization.logmeininc.com.
  2. Select the Users tab.
  3. Click Add.
  4. Enter the new user data:
    • The user email domain must be one of your verified organization domains.
    • Available locales display in a drop-down.
    • Role relates to the Organization Center. No role is appropriate for most users: they have no access to the Organization Center. A read-only role allows a user into the Center with full access to view the data, but with no ability to create or edit data. Read-write access enables full admin access to the Center.
  5. Click Save when finished.
    Note:  Organization Admins can edit their own first name, last name, and email, but not their role, and they cannot delete themselves.

Delete users from the Organization Center

Delete removes the user from the organization. Delete also removes the user?s account ID, and therefore any product access as well all product data such as their meeting history, future scheduled meetings, etc. You could alternatively remove product access from the user in the Admin Center to revoke access while retaining the data.

  1. Log in to the Organization Center at https://organization.logmeininc.com.
  2. Select the Users tab.
    Note: The filter option above the Role column allows you to search for any text string in the emails or names of users.
  3. Check the box next to your desired user, then click Delete.
  4. When prompted, click Delete to confirm.

Set Up Domains in the Organization Center

The first step you take in creating an organization is to create the initial domain. Domains within your organization are wholly-owned email domains that your admins can verify either through your web service or DNS server. For example, in the email Joe@main.com, "main.com" is the email domain. Verifying the initial domain automatically creates your organization. The user who completes domain verification will automatically become an organization admin, but this user is not required to have a LogMeIn product admin role. You can also add more domains to verify, or delete any domains you no longer need listed.

Organization Center Email Domains tab

Add Your First Domain to the Organization Center

Once you start the verification process for a domain, you have ten (10) days to complete the verification. If this period lapses, the domain is set to Expired, but you have the option to simply restart the process using new verification codes. Once you have verified a domain, you cannot delete it from your organization, though it can be deleted prior to being verified or after it has expired.

  1. Log in to the Organization Center at https://organization.logmeininc.com.
  2. The first screen will ask that you verify that you own the domain for the account with which you are logged in currently. You are provided two methods for setting up domain validation, each of which uses a unique verification code to complete the verification. Copy the verification value to your clipboard.
    Note: The verification screen will display until the domain is verified. If it takes you longer than 10 days to verify the domain, the system will automatically generate new verification codes for your domain the next time you visit the Organization Center.
  3. Paste the verification code into the DNS record or a text file for upload to one of the locations, depending on which of the verification methods you choose: 
    • Method 1: Add a DNS record to your domain zone file. To use the DNS method, you place a DNS record at the level of the email domain within your DNS zone. Typically, users are verifying a ?root? or ?second level? domain such as ?main.com?. In this case, the record would resemble:

      @ IN TXT ?logmein-verification-code=668e156b-f5d3-430e-9944-f1d4385d043e?

      OR

      main.com. IN TXT ?logmein-verification-code=668e156b-f5d3-430e-9944-f1d4385d043e?

      If you require a third-level domain (or subdomain) such as ?mail.example.com? the record must be placed at that subdomain, such as:

      mail.main.com. IN TXT ?logmein-verification-code=668e156b-f5d3-430e-9944-f1d4385d043e?

      For more detailed documentation, see Add a TXT DNS record.

    • Method 2: Upload a web server file to the specified website.Upload a plain-text file to your web server root containing a verification string. There should not be any whitespace or other characters in the text file besides those given.
      • Location: http://< yourdomain >/logmein-verification-code.txt
      • Contents: logmein-verification-code=668e156b-f5d3-430e-9944-f1d4385d043e
  4. Once you have added the DNS record or text file, return to the domain status screen and click Verify.
    You will see the domain verified the next time you log in to the Organization Center.
Once your base domain is verified, your organization has been created with your account as the organization admin. You can continue configuring your organization setup, or begin setting up Enterprise Sign-In (single sign-on):

Add More Domains to the Organization Center

Most companies will only need the first domain they add. You only need to add additional domains if users within your company sign in using other email domains but the same Identity Provider.

  1. Log in to the Organization Center at https://organization.logmeininc.com.
  2. Click the Email Domains tab, then click Add a domain.
  3. Enter the email domain and click Next.
  4. Repeat the steps detailed in Add your first domain to the Organization Center.
    Note: During the period of verification, the Email Domains tab displays the status of each domain.

Delete a Domain from the Organization Center

The option to delete a domain is only available while the domain is not yet verified or has expired. Once a domain is verified it cannot be deleted from your organization.

  1. Log in to the Organization Center at https://organization.logmeininc.com.
  2. Click the Email Domains tab.
  3. Check the box next to your desired domain name.
  4. Click Delete domain.
  5. When prompted, click Yes, Delete.

Change Your Profile Picture

You can change your profile picture that is displayed within your LogMeIn account at any time.

  1. Sign in to the My Account page at https://myaccount.logmeininc.com.
  2. Select Personal Info in the left navigation.
  3. Click Change your profile photo below your avatar.
  4. Click and drag a photo in the "Drop photo here" area, or click choose a photo and select your desired photo from your local computer, then click Open.
    Note:  For best results, use a .png or .jpg file smaller than 2 MB.
  5. Once uploaded, use the following tools to achieve your desired photo position:
    • (a) Click on the photo and drag to reposition
    • (b) Rotate the photo 90? left
    • (c) Rotate the photo 90? right
    • (d) Use the slider to zoom in or out of the photo
  6. Once finished, click Done, or click Choose a different photo to select a new photo.
  7. If you decide that you would like to change your uploaded profile picture back to the default avatar, go to Change your profile photo > Reset to default photo.

    Change Profile Photo

    Reposition Your Photo

I forgot my password, how do I reset it?

Remembering all of your passwords is hard. Luckily, resetting your password is easy!

If you can't remember your password, you can reset it using your email address.
  1. Go to the Forgot password? page at https://authentication.logmeininc.com/pwdrecovery/.
  2. Enter your login email address and click Reset Password.
  3. Soon you?ll receive a Forgot Your Password email. Click the link inside to create a new password.
    1. If desired, check the box for the Sign out of all sessions option to ensure your account is not being accessed from any other device.

    Result: You have successfully reset your password.

If you didn't get the password reset email, please see Why didn't I get my "Reset Password" email? for more information. Additionally, you can learn more about managing trusted devices.

Set Up Enterprise Sign-In Using ADFS 2.0

Your organization can easily manage thousands of users and their product access while also delivering single sign-on (SSO). SSO ensures your users can access their LogMeIn products using the same identity provider as for their other enterprise applications and environments. These capabilities are called Enterprise Sign-In.

This document covers configuration of your Active Directory Federation Services (ADFS) to support single sign-on authentication to LogMeIn products. Prior to implementing, however, be sure to read more about Enterprise Sign-In and complete the initial setup steps.

ADFS 2.0 is a downloadable component for Windows Server 2008 and 2008 R2. It is simple to deploy, but there are several configuration steps that need specific strings, certificates, URLs, etc. ADFS 3.0 is also supported for Enterprise Sign-In. ADFS 3.0 has several improvements, the largest of which is that Microsoft's Internet Information Services (IIS) Server is included in the deployment rather than a separate install.

Note: You may skip to Step #4 (listed below) if you already have ADFS 2.0 deployed.

Step #1: Federation services certificate

Each ADFS deployment is identified by a DNS name (e.g., ?adfs.mydomain.com). You will need a Certificate issued to this Subject Name before you begin. This identifier is an externally visible name, so make sure you pick something suitable to represent your company to partners. Also, don?t use this name as a server host name as well ? it will cause trouble with Service Principal Names (SPN) registration if you do.

There are many methods to generate certificates. The easiest, if you have a Certificate Authority in your Domain, is to use the IIS 7 management console:
  1. Open Web Server (IIS) management snap-in.
  2. Select the server node in the navigation tree, then Server Certificates option.
  3. Select Create Domain Certificate.
  4. Enter your Federation Service Name in Common Name (e.g., adfs.mydomain.com ).
  5. Select your Active Directory Certificate Authority.
  6. Enter a ?Friendly Name? for the Certificate (any identifier will do).
    Note: If you didn?t use the IIS console to generate the certificate, make sure the certificate is bound to the IIS service in the servers where you?ll be installing ADFS before proceeding.

Step #2: Create a domain user account

ADFS servers require that you create a domain user account to run its services (no specific groups are required).

Step #3: Install your first ADFS server

  1. Download ADFS 2.0 and run the installer. Make sure you run the installer as a Domain Admin ? it will create SPNs and other containers in AD.
  2. In Server Role, select Federation Server.
  3. Check Start the ADFS 2.0 Management snap-in when this wizard closes at the end of the Setup Wizard.
  4. In ADFS Management snap-in, click Create new Federation Service.
  5. Select New Federation Server farm.
  6. Select the Certificate you?ve created in the previous step.
  7. Select the Domain user you?ve created in previous steps.

Step #4: Configure your relying party

In this step you will tell ADFS the kind of SAML tokens that the system accepts.

Set up the trust relationship, as follows:
  1. In ADFS 2.0 MMC, select Trust Relationships> Relying Party Trusts in the navigation tree.
  2. Select Add Relying Party Trust and click Start.
  3. Under Select Data Source, select Import data about the relying party published online or on a local area network.
  4. In the text box below the selected option, paste the metadata URL: https://authentication.logmeininc.com/saml/sp.
  5. Click OK to acknowledge that some metadata that AD FS 2.0 does not understand will be skipped.
  6. On the Specify Display Name page, type LogMeInTrust, and click Next.
  7. On the Choose Issuance Authorization Rules screen, select Permit all users to access this relying party (unless another option is desired).
  8. Proceed through the rest of the prompts to complete this side of the trust relationship.

Add 2 claim rules

  1. Click on the new endpoint entry, and click Edit Claim Rules in the right navigation.
  2. Select the Issuance Transform Rules tab, then select Add Rule.
  3. Use the drop-down menu to select Send LDAP Attributes as Claims, then click Next.
  4. Use the following settings for the rule:
    • Claim rule name ? AD Email
    • Attribute store ? Active Directory
    • LDAP Attribute ? E-mail-Addresses
    • Outgoing Claim Type ? E-mail Address
  5. Click Finish.
  6. Click Add Rule again.
  7. Use the drop-down menu to select Transform an Incoming Claim, then click Next.
  8. Use the following settings for the rule:
    • Claim rule name ? Name ID
    • Incoming claim type ? E-Mail Address
    • Outgoing claim type ? Name ID
    • Outgoing name ID Format ? Email
  9. Select Pass through all claim values.
  10. Click Finish.

Complete the configuration

  • Right-click on the new relying party trust in the Relying Party Trusts folder and select Properties.
  • Under Advanced, select SHA-1, then click OK.
  • To prevent ADFS from sending encrypted assertions by default, open a Windows Power Shell command prompt and run the following command:
set-ADFSRelyingPartyTrust ?TargetName"< relyingPartyTrustDisplayName >" ?EncryptClaims $False

Step #5: Configure trust

The last configuration step is to accept the SAML tokens generated by your new AD FS service.

  • Use the ?Identity Provider? section in the Organization Center to add the needed details.
  • For ADFS 2.0, select ?Automatic? configuration and enter the following URL ? replacing ?server? with the externally accessible hostname of your ADFS server:  https://server/FederationMetadata/2007-06/FederationMetadata.xml

Step #6: Test single server configuration

At this point you should be able to test the configuration. You must create a DNS entry for the AD FS service identity, pointing to the AD FS server you?ve just configured, or a network load balancer if you?re using one.

  • To test Identity Provider-Initiated Sign-On, go to your custom IdP URL (example: https://adfs.< my domain.com >/adfs/ls/< IdP Initiated sign on > = https://adfs.mydomain.com/adfs/ls/IdpInitiatedSignOn.aspx). You should see the relying party identifier in a combobox under ?Sign in to one to the following sites?.
  • To test Relying Party-Initiated Sign-on, see instructions for How do I log in using single sign-on?

How do I access my products?

You can access any of your assigned products in either of the following ways:

  • Click any of the hyperlinks within your desired product pane.
  • Select your user account drop-down menu in the upper-right navigation, then select your desired product.

Why can't I access my account?

There are a few reasons why you can't log in and access your account. See below for troubleshooting tips.

You might be entering the wrong password.

If you're positive that you're using the right email address, it's possible that you are entering the wrong password.

  • Try resetting your password.
  • Try typing the password somewhere else where it is visible (such as Notepad or a Word Document), then copy/paste into the password field once you are positive that there are no typos.
  • Make sure your keyboard's Caps Lock or Num Lock isn't on.

You might be entering the wrong email address.

When you enter an email address on the Reset Password page, the Password Recovery service will show you the confirmation page regardless of whether you entered the right email address or not. To protect your account's security, we cannot confirm whether or not the email address you entered is registered with our system.
  • Try using another email address that the account might have been created under.
  • Contact Customer Care (by clicking a contact option at the bottom of this article) to have them help you identify which email address is actually associated with your account by verifying all required billing information (if applicable) or via email verification.
    • New accounts may initially work since you are automatically logged in, but you may later find that you cannot log in because there was a typo in the email address used at sign up. Customer Care can verify the correct email address was used.
    • If additional users have been allowed to access the account, they may have changed the login information on the account, including both the password and email. Customer Care may be able to find the account by the associated credit card number on file if no account is found.

You might not have an account.

Your account might be suspended or deleted.

It's possible that all products were removed from your account, or your account has been deleted by an administrator on the account. For either scenario, you will encounter a message, "You currently don't have any products" when you are redirected to the My Account page at https://myaccount.logmeininc.com.

  • Check your email inbox for a notification from customerservice@s.logmein.com indicating that your administrator has removed privileges from your account.
    Note: It is possible to have an administrator account with no products assigned in order to access and use the LogMeIn Admin Center. In this case, you would encounter the same message above.
  • Contact Customer Care (by clicking a contact option at the bottom of this article) to have them verify whether your account is active.
  • Check your email inbox for a notification from customerservice@s.logmein.com indicating that your administrator has removed privileges from your account.
    Note: It is possible to have an administrator account with no products assigned in order to access and use the LogMeIn Admin Center. In this case, you would encounter the same message above.

Change Your Display Name

You can change your display name setting, which will update the name that is displayed within your account (such as in the web account or your desktop app name).

  1. Sign in to the My Account page at https://myaccount.logmeininc.com.
  2. Select Personal Info in the left navigation.
  3. In the "Name" field, fill in your desired display name.
  4. Click Save when finished.

    Save Changes to Personal Info

Announcements

Genesys DX/Bold360 End of Life: January 2024

The Genesys DX (Bold360) platform will end of life on January 31st, 2024. This difficult decision was announced in March, 2023.  

Genesys continues to make a strong commitment to Genesys Cloud, while tightening the portfolio to further accelerate feature growth on the platform. Part of that included bringing over key Genesys DX features to Genesys Cloud CX, such as Knowledge Optimizer that focuses on ease-of-use knowledge management. Digital only licenses for Genesys Cloud were also introduced late last year, which are suitable to those who are not looking for voice capabilities or who need agent seats that only feature support for digital channels. 

Details on the end of life timeline

As of January 31st, 2024, access to Genesys DX product interfaces and customer-deployed components stop to function. Users will no longer be able to log into product interfaces, and all of the boldchat/bold360/nanorep domains will become unavailable for use. If you are curious on what the code on your website related to this might look like and how to remove it, we encourage referencing this post on the DX community

After January 31st, 2024, admins will still be able to get access for an additional 30 days. This period is meant to allow for extracting the necessary data from the platform. Historical data extraction from your account will be available to retrieve by data extraction APIs (Bold360 APIs and Nanorep APIs).