Before proceeding, you must have a live Okta Identity Provider (IdP) environment.

A live IdP environment must be configured before implementing federated authentication for LogMeIn Central. See Okta's Customer Success Center.

The Identity Provider must be configured to trust Common Login Service (CLS) as a Service Provider. CLS is GoTo's own shared authentication service that provides single login experience for GoTo products and services on many platforms.

You must add CLS as an application in Okta to allow a trust relationship to be established between your network and LogMeIn Central.

1. Log into your Okta account.
2. Select Admin in the upper right corner to open the administrative options.
3. On the Applications tab, select Add Application.
4. Select Create New App.

   The Create a New Application Integration dialog is displayed.

5. Select SAML 2.0 and select Create.
6. Input all data in the App Settings wizard as shown in the table below.

   Field	Input or Action
   App Name	Enter a unique name for CLS
   App logo	Upload a logo for the CLS application (optional)

7. Select Finish.

   The SAML Settings screen is displayed.

8. Input all data in the (A) SAML Settings wizard as shown in the table below. If not specified, leave the other configuration fields empty.

   Field	Input
   Single sign on URL	https://accounts.logme.in/federated/saml2.aspx?returnurl=https%3A%2F%2Fsecure.logmein.com%2Ffederated%2Floginsso.aspx Note: Leave the Use this for Recipient URL... checkbox selected.
   Audience URI (SP Entity ID)	https://accounts.logme.in Note: Must be unique across all applications.
   Name ID format	EmailAddress
   Application username	Okta username

A unique identifier attribute must be configured. The identifier represents the shared identifier between the Identity Provider (IdP) and the host, allowing users to access services.

1. Add the following attributes under Attribute Statements by selecting Add Another. Leave the Name format option Unspecified.

   Name	Value
   Email	${user.email}
   FirstName	${user.firstName}
   LastName	${user.lastName}

2. Select Next.
3. Select This is an internal application that we created.
4. Select Finish.

   The Sign On tab is displayed.

Once the IdP configuration is complete, you must provide the information listed in this section to your GoTo representative.

1. On the Sign On screen, select View Setup Instructions.
2. Download the following pieces of information and send them to your GoTo representative.

   Information	Instructions
   Certificate	Select Download certificate under step 3. Note: The X.509 certificate is used to encrypt and sign SAML 2.0 assertions.
   IDP Metadata	Save the content under Optional. Note: The metadata document describes the endpoint addresses for communication.

   Once your GoTo representative has configured the SAML 2.0 connection using the information provided, your users gain access to the appropriate GoTo account and permissions via the IdP as the authentication source. It may take up to 30 minutes for the SSO service to be established for the first time.

   Remember: User provisioning in LogMeIn Central with Okta is not supported.