LogMeIn support sites no longer support Microsoft's Internet Explorer (IE) browser. Please use a supported browser to ensure all features perform as they should (Chrome / FireFox / Edge).

The GoTo support site no longer supports Safari 15. Please upgrade your browser to Safari 16 (or newer) or switch to a supported browser such as Google Chrome, Mozilla Firefox, or Microsoft Edge.

Maintain your IT infrastructure with powerful RMM software. Discover LogMeIn Central.

We are currently experiencing an unplanned outage for this product. View Service Status
  • Support
  • Products

    Explore support by product

    GoTo Connect

    All-in-one phone, meeting and messaging software

    GoTo Meeting

    Video and audio meeting software

    GoTo Webinar

    All-in-one webinar and virtual events software

    GoTo Room

    Conference room hardware

    GoTo Training

    Online training software

    OpenVoice

    Audio conferencing software

    Grasshopper

    Lightweight virtual phone system

    join.me

    Video conferencing software

    LogMeIn Resolve

    IT management & support

    LogMeIn Resolve MDM

    Mobile device management

    LogMeIn Pro

    Remote device access

    LogMeIn Central

    Remote monitoring & management

    LogMeIn Rescue

    Remote IT support

    GoToMyPC

    Remote desktop access

    GoToAssist

    Remote support software

    Hamachi

    Hosted VPN service

    RemotelyAnywhere

    On-prem remote access solution
  • Community
  • Trainings
  • Service Status

  • LogMeIn Returns as GoTo's IT Portfolio Brand

    LogMeIn is back as the name behind our IT products.

    Read the full announcement.
    Try the improved My Cases portal

    Easily manage your ticket, track its status, contact us from an existing case, and more.

    Sign in to try
  • Language selector icon Language selector icon
    • English
    • français
    • italiano
    • Deutsch
    • español
    • português
    • Nederlands
  • Contact Support
  • Service Status
  • User Avatar User Avatar
    • Support
    • Contact Support
    • Browse Products
    • Service Status
    • Community
    • Trainings
    • Sign in
    • User Avatar
    • My Account
    • Personal Info
    • Sign In & Security
    • My Cases
    • Billing Center
    • https://link.goto.com/myaccount-billing
    • My GoTo Connect
    • My Meetings
    • My Webinars
    • My Trainings
    • My Conferences
    • My Resolutions
    • My Mobile Devices
    • My Sessions
    • My Sessions
    • My Incidents
    • Sign out
  • Explore Features
  • Integrations
product logo
Back button image Back
Back button image
product logo

Using ADFS with LogMeIn Central

How to Integrate LogMeIn Central with Microsoft Active Directory Federation Services.

Important: You can log in with Single Sign On on the website only. The Client App does not support Single Sign On login.

Prerequisite: Set up ADFS

Set-up ADFS on your internal server network before proceeding.

A live ADFS environment with an externally addressable Microsoft Active Directory Federation Services (ADFS) server must be configured before implementing federated authentication for the host using ADFS.

ADFS is a software module downloaded and installed on Windows Server operating systems to provide users with Single Sign-On access to systems and applications located across organizational boundaries. For more information, see:

  • Microsoft Support's Key AD FS Concepts guide
  • Microsoft Support's How-to Guide
Once installed, go to Start > Administrative tools > AD FS 2.0 Management.
Important: Make sure your ADFS server is configured before you continue with the remaining tasks.
Important: When users are removed from Active Directory, they are not removed from LogMeIn Central.

Task One: Provide information to GoTo

Provide the relevant information to GoTo and we make adjustments on your account. Contact your Account Manager to begin the ADFS process.

  1. Verify domain ownership.
    You must prove ownership of your domain before ADFS can be activated for your account. There are two methods of verification: HTML upload and DNS record.
    Option Procedure
    Verify domain ownership by HTML Upload
    1. Create an html file named logmein-domain-confirmation.html to the website for your planned ADFS domain.
    2. In the logmein-domain-confirmation.html file, include a random string. Example: logmein-domain-confirmation jska7893279jkdhkkjdhask
    3. After you have created the logmein-domain-confirmation.html file containing the random string, email your Account Manager with the string and they will confirm the logmein-domain-confirmation.html is visible and contains the correct information.
    Verify domain ownership by DNS record
    1. Create a TXT for your domain's DNS entry with the value logmein-domain-confirmation.
    2. In the logmein-domain-confirmation.txt file, include a random string. Example: logmein-domain-confirmation jska7893279jkdhkkjdhask
    3. After you have created the logmein-domain-confirmation file containing the random string, email your Account Manager and they will confirm the logmein-domain-confirmation file is visible and contains the correct information.
    Tip: If you do not have an Account Manager, you can get in touch with customer support by selecting Contact Support in this article.
  2. Provide the URL of the ADFS server.
    You must provide the endpoint URL of your ADFS proxy server to your Account Manager. To find your endpoint URL:
    1. Launch AD FS 2.0 Management by going to Start > Administrative tools > AD FS 2.0 Management.
    2. Go to Service > Edit Federation Service Properties.
    3. Copy the Federation Service name and append it with /adfs/ls.
  3. Provide email domains.
    You must tell your Account Manager what email domain you will use with your ADFS login. If you have multiple domains, you must specify this to your Account Manager.
    Important: Do not change your domain address. Contact your Account Manager if you need to change your domain address.
  4. Provide your Token-Signing Certificate.
    You must provide your token signing certificate and provide this information to your Account Manager. You can get information on Token-Signing Certificates from Microsoft's TechNet site.

Task Two: Establish a Trust Relationship

Add the host software as a Relying Party Trust in AD FS 2.0 Management.

  1. In AD FS 2.0 Management, open the Add Relying Party Trust wizard by going to Action > Add Relying Party Trust.
  2. Set the data as follows:
    Tab Input or Action
    Select Data Source Select Enter data about the relying party manually
    specify a display name Enter the Display name as LogMeIn authentication
    Choose Profile Select AD FS 2.0 profile
    Configure URL Enter the SAML Assertion Consumer Endpoint URL: https://accounts.logme.in/federated/saml2.aspx
    Configure Identifiers The following URL must be added to the list of Relying party identifiers: https://accounts.logme.in
    Choose Issuance Authorization Rules Select Permit all users to access this relying party
    Ready to Add Trust Select Open the Edit Claim Rules
    Finish Select Finish

Task Three: Allow Data to be sent to GoTo

Add a Transform Claim Rule for GoTo.

  1. In AD FS 2.0 Management, open the Add Transform Claim Rule Wizard by going to Action > Edit Claim Rules > Issuance Transform Rules > Add Rule.
  2. Set the data as follows:
    Tab Input or Action
    Choose Rule Type Under Claim rule template select Send LDAP Attributes as Claims
    Configure Claim Rule Set Claim rule name to Email and name
    Configure Claim Rule Set Attribute store to Active Directory
    Configure Claim Rule Set the LDAP attributes as:
    • E-Mail-Addresses: E-Mail Address
    • Given-Name: Given Name
    • Surname: Surname
  3. Select Finish.

Task Four: Browser Setup (Optional)

Find out what to do if the browsers do not redirect automatically.

When users who have already authenticated to the domain try to log in to a host service via Internet Explorer and Chrome, the browser should automatically recognize their intranet URL and use NTLM for FS server authentication. If the address is not recognized as intranet, you can add the FQDN of your ADFS to the Local intranet zone. This can be deployed to multiple computers via Group Policy. This ensures that users who have already logged in to the domain are able to log in to services with their domain email address alone. They will not need to enter a password since they have already been authenticated.

In Internet Explorer, set the Local Intranet website under Settings > Internet Options > Security > Local Intranet.

In Firefox:

  1. Type about:config in the URL bar and press Enter.
  2. Modify the network.automatic-ntlm-auth.trusted-uris to include the Local Intranet Website.
  3. Select OK.

Need help?

Contact icon Contact support
Manage Cases icon Manage cases
Community icon Ask the Community
Training icon Attend trainings
Video icon Watch videos
  • Language selector icon Language selector icon
    • English
    • français
    • italiano
    • Deutsch
    • español
    • português
    • Nederlands
  • About Us
  • Terms of Service
  • Privacy Policy
  • Trademark
  • Do Not Sell or Share My Personal Info
  • Browse Products
  • Copyright © 2025 GoTo Group, Inc. All rights reserved

Collaboration Products

GoTo Connect

GoTo Meeting

GoTo Webinar

GoTo Training

join.me

Grasshopper

OpenVoice

Remote Solutions Products

GoTo Resolve

Rescue

GoToAssist

Access Products

Pro

Central

GoToMyPC