Active Directory Connector v2 - OpenVoice - LogMeIn

Find an Answer

Search OpenVoice articles, videos and user guides   Your search term must have 2 or more characters.

Browse Articles

Active Directory Connector v2

Most large companies use Microsoft Active Directory (AD) to automate changes for user identities and application privileges. The Active Directory Connector (ADC) receives Active Directory user updates and automatically makes the same changes in your GoTo account.The ADC accesses all users in selected AD groups containing GoTo users and all users in any subgroups. All new users are added to one of your validated company email domains in the External Admin SCIM* service. If a company chooses, they can use the information generated by this process to entitle (and suspend) user accounts using the User Sync service.

* SCIM is the System for Cross-domain Identity Management that defines how user identities are managed across multiple systems, generally over the Internet.

Active Directory articles

Implementation of the Active Directory Connector consists of installation, setting permissions and Active Directory groups, and running the ADC to start receiving updates. You can view the user updates in the Organization Center (documentationlogin). Existing users are updated only if information from the AD is different than what is in the SCIM organization.

Prerequisites

  • A corporate GoTo account with at least one admin who has both organization and GoToMeeting admin roles
  • One or more verified organization domains
  • Active Directory groups and users set up

On initial launch, the ADC reads the identified groups in the AD and generates a list of users. It compares this list with the information already in the company’s domain organization. Any valid new users are added, and any users that exist in both AD and the domain organization account get updated as needed. If there are users in the domain organization but not in the AD, they can remain depending on the company’s policies and practices - for instance, these users may be consultants, non-Windows users, etc.

After initial launch, the ADC syncs at the polling interval you set. During a sync, any new AD user in a linked group is added, any modified user is updated, any expired or deleted user is suspended.

The ADC passes the identity data to SCIM which creates users on the company’s GoTo account. These users are members of the company’s domain organization and can then be entitled, either through User Sync, or manually, to use specific products.

Comparison with prior ADC versions

Earlier ADC releases did more work on the local servers, integrated user entitlements, and embedded business rules in the application itself. This design led to customer issues with local repositories and enforced updates (which required a complete re-install) when business rules changed. These issues have been resolved with v2.

To upgrade from an earlier version to the latest, first you must uninstall the v1 version, then install v2. Once installed, you can configure ADC v2 to point to the correct Active Directory groups and run the service, which will recognize your existing users. Any changes are communicated via the new ADC to the Admin Center via User Sync.

What's new in ADC v2?

Automatic User Matching via Admin Center's "User Sync" Feature

  • Account admins can use the User Sync feature within their Admin Center to better automate the provisioning of LogMeIn products. For example, you can have new employees automatically provided with access to specific LogMeIn products, as well as have employees leaving the company automatically have their access disabled. The ability to more effectively automate these frequently occurring steps provides huge time and costs savings for users. In all ADC versions prior to v2, IT Admins were required to go through the extra step of manually matching Active Directory and GoTo user accounts via the "Provisioning" and "Users" tabs within the Active Directory Connector desktop app. Those settings are now integrated with the Admin Center on the User Sync page.

Added Ability to Give Users Multiple Products

  • IT Admins can use the ADC to assign a combination of products and tiers to a single user, which allows for more efficiency when provisioning users. Previously, admins were only able to allocate one product per user at a time (via the Active Directory Connector), so if their LogMeIn account had 2 tiers of the same product (e.g., GoToMeeting Pro and GoToMeeting Plus), the product tier that became assigned to the user was dependent on the product tier's seat count during the time of provisioning. This means that 2 users being provisioned simultaneously for the same account could each be assigned different products.
  • To access User Sync, admins can log in to the Admin Center and click User Sync in the left navigation. Previously, IT admins had to manually add "/usersync" to the end of their Admin Center URL once logged in (e.g., https://admin.logmeininc.com/portal/#accounts/<account key>/usersync).
VersionRequirementsConfigurationUser statusEntitlement
1.5 and earlier Windows Svr 2008 R2 +Customer server with ADC read permissionsAdded to corporate accountCompleted within ADC workflow
1.6Windows Svr 2008 R2 +Customer server with ADC read permissionsAdded to domain organization
and corporate account
Completed within ADC workflow
2.1Windows Svr 2008 R2 +Customer server with ADC read permissionsAdded to domain organization accountAdd to corporate account and optionally
completed through User Sync

See also