ADFS for. LogMeIn and join.me authentication



Similar documents
Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML

ADFS Integration Guidelines

360 Online authentication

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

CA Nimsoft Service Desk

Security Assertion Markup Language (SAML) Site Manager Setup

AvePoint Meetings for SharePoint On-Premises. Installation and Configuration Guide

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

Fairsail. Implementer. Single Sign-On with Fairsail and Microsoft Active Directory Federation Services 2.0. Version 1.92 FS-SSO-XXX-IG R001.

VMware Identity Manager Integration with Active Directory Federation Services 2.0

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

Lync Online Deployment Guide. Version 1.0

App Orchestration 2.5

Authentication in XenMobile 8.6 with a Focus on Client Certificate Authentication

SINGLE SIGN-ON FOR MTWEB

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Alert Notification of Critical Results (ANCR) Public Domain Deployment Instructions

Click Studios. Passwordstate. Installation Instructions

Active Directory 2008 Implementation Guide Version 6.3

Configuring Active Directory with AD FS and SAML for Brainloop Secure Dataroom Setup Guide

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

EVault Endpoint Protection 7.0 Single Sign-On Configuration

OneLogin Integration User Guide

Defender Token Deployment System Quick Start Guide

Setting Up SSL on IIS6 for MEGA Advisor

HOTPin Integration Guide: DirectAccess

IIS, FTP Server and Windows

AD RMS Microsoft Federation Gateway Support Installation and Configuration Guide... 3 About this guide... 3

Single sign-on for ASP.Net and SharePoint

Configuration Task 3: (Optional) As part of configuration, you can deploy rules. For more information, see "Deploy Inbox Rules" below.

SecureAware on IIS8 on Windows Server 2008/- 12 R2-64bit

Using Internet or Windows Explorer to Upload Your Site

RSA Authentication Manager 8.1 Virtual Appliance Getting Started

Microsoft Office 365 Using SAML Integration Guide

Active Directory integration with CloudByte ElastiStor

VMware Identity Manager Administration

Host Access Management and Security Server

How-to: Single Sign-On

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

TIBCO Spotfire Web Player 6.0. Installation and Configuration Manual

RemotelyAnywhere Getting Started Guide

Configuration Guide. BES12 Cloud

Ensure that your environment meets the requirements. Provision the OpenAM server in Active Directory, then generate keytab files.

Remote Desktop Services Overview. Prerequisites. Additional References

Single Sign On. Configuration Checklist for Single Sign On CHAPTER

Acunetix Web Vulnerability Scanner. Getting Started. By Acunetix Ltd.

Quickstart guide to Configuring WebTitan

Redtail CRM Integration. Users Guide Cities Digital, Inc. All rights reserved. Contents i

LAB 2: Identity Management

SchoolBooking SSO Integration Guide

White Paper. Installation and Configuration of Fabasoft Folio IMAP Service. Fabasoft Folio 2015 Update Rollup 3

Hosted Exchange 2010

IIS SECURE ACCESS FILTER 1.3

Google Apps SSO to Office 365 Integration

Click Studios. Passwordstate. Installation Instructions

SafeGuard Enterprise Web Helpdesk. Product version: 6.1

Active Directory 2008 Implementation. Version 6.410

App Orchestration 2.0

Active Directory Integration. Documentation. v1.02. making your facilities work for you!

Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names

Single Sign On. Configuration Checklist for Single Sign On CHAPTER

CONFIGURATION GUIDE WITH MICROSOFT ACTIVE DIRECTORY FEDERATION SERVER

Cloud Services. Sharepoint. Admin Quick Start Guide

PingFederate. IWA Integration Kit. User Guide. Version 3.0

FaxCore Ev5 -To-Fax Setup Guide

CRM Migration Manager for Microsoft Dynamics CRM. User Guide

Setup Guide for AD FS 3.0 on the Apprenda Platform

Connected Data. Connected Data requirements for SSO

LDAP Authentication and Authorization

DocuSign Single Sign On Implementation Guide Published: March 17, 2016

Deploying F5 with Microsoft Active Directory Federation Services

AVG Business SSO Partner Getting Started Guide

Installation Guide v3.0

Stoneware Inc. Hyland Software OnBase. Stoneware, Inc.

How To Use Saml 2.0 Single Sign On With Qualysguard

Browser-based Support Console

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

NovaBACKUP xsp Version 15.0 Upgrade Guide

PingFederate. IWA Integration Kit. User Guide. Version 2.6

TIBCO Spotfire Platform IT Brief

How to configure the TopCloudXL WHMCS plugin (version 2+) Update: Version: 2.2

Colligo Engage Windows App 7.0. Administrator s Guide

Integration Guide. SafeNet Authentication Service. Using SAS with Web Application Proxy. Technical Manual Template

SAML 2.0 Configurations at SAP NetWeaver AS ABAP and Microsoft ADFS

PineApp Surf-SeCure Quick

Authentication Methods

Enterprise Knowledge Platform

Moodle and Office 365 Step-by-Step Guide: Federation using Active Directory Federation Services

Publish Cisco VXC Manager GUI as Microsoft RDS Remote App

Professional Mailbox Software Setup Guide

SafeNet Authentication Service

Application Note. ShoreTel 9: Active Directory Integration. Integration checklist. AN June 2009

NetWrix Password Manager. Quick Start Guide

Transcription:

ADFS for LogMeIn and join.me authentication

ADFS for join.me authentication This step-by-step guide walks you through the process of configuring ADFS for join.me authentication. Set-up Overview 1) Prerequisite: Verification of Domain Ownership 2) Prerequisite: Set up ADFS 3) Prerequisite: Provide Data to LogMeIn 4) Add LogMeIn as a Relying Party Trust 5) Add the Transform Claim Rule 6) Configure Authorization through AD Group Membership a) Set Authorization Limits 7) Configure NTLM Pass-through for One-click Login Copyright 2013 LogMeIn, Inc. 1

1 Prerequisite: Verification of Domain Ownership You must prove ownership of your domain before a LogMeIn representative is permitted to activate ADFS for your domain. Activation can happen before or after set-up. Options for confirmation of domain ownership Option HTML upload DNS record Input or Action Upload a file with the following name to the web site for your planned ADFS domain: logmein-domain-confirmation.html The file must contain a random string provided by your LogMeIn representative. Example: Create a file yourdomain.com/logmein_domain_confirmation.html with content xoivzliaxrltmawrykyjjoauyheiiqge Confirmation procedure: Your LogMeIn representative opens yourdomain.com/logmein_domain_confirmation.html and ensures that the random string is present Create a TXT record for the DNS entry of your domain. The value of the record should be: logmein-domain-confirmation Append the random string provided by your LogMeIn representative. Example: logmein-domain-confirmation jska7893279jkdhkkjdhask Confirmation procedure: Your LogMeIn representative runs nslookup q=txt yourdomain.com and confirms that the random string is present 2 Prerequisite: Set up ADFS Microsoft Active Directory Federation Services (ADFS) is a software module that can be installed on Windows Server operating systems to provide users with Single Sign-On access to systems and applications located across organizational boundaries. By configuring ADFS for join.me authentication you will enable users to log in to join.me using their corporate AD credentials. To simplify provisioning, the first time a user logs in a join.me account for that user is created automatically. Additionally, once configured, ADFS becomes the exclusive authentication method for your domain, which gives you complete control over who can access join.me. The result is a secure authentication methodology that simplifies and automates user provisioning. Copyright 2013 LogMeIn, Inc. 2

Before enabling ADFS for join.me authentication, a live ADFS environment with an externally addressable ADFS server must be configured. For assistance setting up ADFS, please consult Microsoft documentation on Technet: http://technet.microsoft.com/en-us/library/cc782250(v=ws.10).aspx Once installed, follow this path to launch AD FS 2.0 Management: Start > Administrative Tools > AD FS 2.0 Management. Copyright 2013 LogMeIn, Inc. 3

3 Prerequisite: Provide Data to LogMeIn You must provide the following information to your LogMeIn representative. These are technical requirements that must be met before LogMeIn can enable ADFS for your account: The URL of your ADFS proxy server The email domain(s) that you will use for ADFS login (see Add the Transform Claim Rule ) The token signing certificate from your ADFS server To export your token signing certificate, follow the step-by-step instructions in Export the public key portion of a token-signing certificate on Technet: http://technet.microsoft.com/en-us/library/cc737522(v=ws.10).aspx Copyright 2013 LogMeIn, Inc. 4

4 Add LogMeIn as a Relying Party Trust You must add LogMeIn as a Relying Party Trust via the Add Relying Party Trust Wizard. 1. In AD FS 2.0 Management, open the Add Relying Party Trust Wizard: Action > Add Relying Party Trust. 2. Input all data in the wizard as shown in the table below. Add Relying Party Trust Wizard Tab Select Data Source Specify a Display Name Choose Profile Configure URL Configure Identifiers Choose Issuance Authorization Rules Ready to Add Trust Finish Input or Action Select Enter data about the relying party manually Enter the Display name as LogMeIn authentication. Select AD FS 1.0 and 1.1 profile Enter the WS-Federation Passive URL: https://accounts.logme.in/federated/saml.aspx Verify that https://accounts.logme.in/federated/saml.aspx has been added to the list of Relying party trust identifiers Select Permit all users to access this relying party Select Open the Edit Claim Rules Confirm all data. Copyright 2013 LogMeIn, Inc. 5

5 Add the Transform Claim Rule You must add a Transform Claim Rule for LogMeIn using the Add Transform Claim Rule Wizard. 1. In AD FS 2.0 Management, open the Add Transform Claim Rule Wizard: Action > Edit Claim Rules > Issuance Transform Rules > Add Rule. 2. Input all data in the wizard as shown in the table below. Add Transform Claim Rule Wizard Tab Choose Rule Type Input or Action Under Claim rule template select Send LDAP Attributes as Claims Set Claim rule name to Email and name Set Attribute store to Active Directory Map the LDAP Attributes as follows: E-Mail-Addresses: E-Mail Address Given-Name: Given Name Surname: Surname Copyright 2013 LogMeIn, Inc. 6

6 Configure Authorization through AD Group Membership Optional. To control access to join.me when authenticating via ADFS access you can add a new Issuance Transform Rule using the Add Transform Claim Rule wizard. 1. In AD FS 2.0 Management, open the Add Transform Claim Rule Wizard: Action > Edit Claim Rules > Issuance Transform Rules > Add Rule. 2. Input all data in the wizard as shown in the table below. Add Transform Claim Rule Wizard Tab Choose Rule Type Input or Action Under Claim rule template select Send Group Membership as a Claim Under Claim rule name, enter a name, for example Permit Group for LogMeIn Browse for a User s group that you want to permit to use LogMeIn services. Under Outgoing claim type, select Group Under Outgoing claim value, enter 1 Copyright 2013 LogMeIn, Inc. 7

6.1 Set Authorization Limits Remove the default Issuance Authorization Rule and add a custom rule. 1. In AD FS 2.0 Management, click Action > Edit Claim Rules. 2. On the Edit Claim Rules window, click the Issuance Authorization Rules tab. 3. From the list, select the rule Permit Access to All Users and click Remove Rule. 4. On the Edit Claim Rules window, click Add Rule to open the Add Issuance Authorization Claim Rule Wizard. 5. Input all data in the wizard as shown in the table below. Add Issuance Authorization Claim Rule Tab Choose Rule Type Input or Action Under Claim rule template select Permit or Deny Users Based on an Incoming Claim Under Claim rule name, enter a name, for example Permit Group for LogMeIn Under Incoming claim type, select Group Under Incoming claim value, enter 1 Copyright 2013 LogMeIn, Inc. 8

7 Configure NTLM Pass-through for One-click Login Internet Explorer and Chrome should automatically recognize an intranet URL and use NTLM for FS server authentication. If the address is not recognized as intranet, add the FQDN of your ADFS to the Local intranet zone. This can be deployed to multiple computers via Group Policy. In Firefox, the domain should be added at this location: about:config > network.automatic-ntlm-auth.trusted-uris. Copyright 2013 LogMeIn, Inc. 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information