How to set up my Identity Provider for SSO

How to set up my Identity Provider for SSO

 Important: Please note that this setup refers to the current authentication method in place that is currently in the process of transitioning to the new Genesys DX authentication. Your organization's SSO configuration will need to be updated if you set this method up or currently have it configured. Additional details about the changes to the Genesys DX Authentication service is available at in this article: Configuring the Genesys DX Product Authentication Service as SSO service.

There are several Identity Providers that you can use, and all are slightly different when it comes to setup. The following example describes setting up Google G Suite as your Identity Provider.
  1. Login at admin.google.com and go to Apps > SAML Apps.
  2. Click on the yellow + sign in the bottom right.
  3. Select Setup my own custom app.
  4. Copy the SSO URL, Entity ID, and download the Certificate / IDP metadata file that you will use later.
  5. Click Next.
  6. On the Service Provider Details page, type the following:

  7. Skip Attribute Mapping and click Finish.
Once created, select the app and click On for everyone.

Setting up your Service Provider using the LogMeIn Organization Center

The Organization Center provides you with the ability to set up automated provisioning using the Active Directory Connector and/or Enterprise Sign-In (single sign-on) for your users. An organization is created when you verify ownership of one or more valid and unexpired domain(s) by registering the domain(s) with LogMeIn. Once your domain ownership has been verified, your organization is automatically created. This allows you to manage sign-in options for user identities that match your verified email domain(s). Domains within your organization are wholly-owned email domains that your admins can verify either through your web service or DNS server. For example, in the email Joe@main.com, "main.com" is the email domain. Verifying the initial domain automatically creates your organization.
Note: Before you get started, you must have a LogMeIn product, such as Digital DX.
  1. Setup your first domain by going to https://organization.logmeininc.com/.
  2. Log in using an existing LogMeIn account set up under the same domain you wish to add to your organization.
  3. Verify that you own the domain that you logged in with: you are provided two methods for setting up domain validation, each of which uses a unique verification code to complete the verification.
  4. Copy the verification value to your clipboard.
    Note: The verification screen will display until the domain is verified. If it takes you longer than 10 days to verify the domain, the system will automatically generate new verification codes for your domain the next time you visit the Organization Center.
  5. Paste the verification code into the DNS record or a text file for upload to one of the locations. Depending on which of the verification methods you choose, you have the following options:
    • Option 1 - Add a DNS record to your domain zone file

      To use the DNS method, place a DNS record at the level of the email domain within your DNS zone. Typically, users are verifying a ?root? or ?second level? domain such as ?main.com?. In this case, the record looks as follows:

      @ IN TXT "logmein-verification-code=668e156b-f5d3-430e-9944-f1d4385d043e"

      or

      main.com. IN TXT "logmein-verification-code=668e156b-f5d3-430e-9944-f1d4385d043e"

      If you need a third-level domain (or subdomain), such as ?mail.example.com?, the record must be placed at that subdomain:

      mail.main.com. IN TXT "logmein-verification-code=668e156b-f5d3-430e-9944-f1d4385d043e"

    • Option 2 - Upload a web server file to the specified website

      Upload a text file to your web server root, which contains a verification string. There should not be any whitespace or other characters in the text file besides what is defined.

      • Location: http://<yourdomain>/logmein-verification-code.txt
      • Contents: logmein-verification-code=668e156b-f5d3-430e-9944-f1d4385d043e

      Once you have added the DNS record or text file, return to the domain status screen and click Verify. Next time you sign in, you will see that the domain is verified.

      Once your base domain is verified, your organization is created with your account as the organization admin. The user who completes domain verification will automatically become an organization admin, but this user is not required to have a LogMeIn product admin role and additional users can be setup under the Users tab. You can also add more domains to verify, or delete any domains you no longer need.

  6. After setting up an organization, you must finalize the trust relationship between your company and LogMeIn to enable Enterprise Sign-In (SSO) for your users:
    1. In the Organization Center, go to the Identity Provider tab.
    2. From the How would you like to configure your SAML IDP drop-down list, select Manual.
      Note: The Automatic option will not work with G Suite since they do not offer a Metadata URL.
    3. Finish your setup with the details that you have defined in Step 5 above:
  7. Save your changes.
You can now login with your Company ID using Single Sign-On.

Sign in to Digital DX with SSO

Once your admin set up Enterprise Sign-In (Single Sign-On), you can sign in to your LogMeIn products from your Identity Provider page with your password or your Company ID.

Note: To enforce Enterprise Sign-In (SSO) as the only login method for your users, please contact support.
  1. Go to your product sign-in page, or https://auth.bold360.com and enter your validated company email address.
  2. On the Password page, click Sign in with Company ID.

    You are redirected to your Identity Provider's sign in page. Enter your company credentials, then proceed to sign in.

  3. Depending on where you signed in in Step 1 above, you are now logged in to your LogMeIn product website or the My Account page.