Find an Answer
Once you have an organization set up with organization users associated with user accounts, you can configure SAML-based Single Sign-On (SSO) for your users through an external Identity Provider (IdP). The IdP can be a service such as Active Directory Federation Services (ADFS); a third-party provider such as OneLogin, Okta, Azure, etc.; or a custom solution. Once configured, your users can sign in either from the Identity Provider’s website or from your GoTo product’s website using the Use my company ID link in the GoTo sign in form.
Back to Single Sign-On Contents
We offer specific documentation for:
Many Identity and Access Management Vendors provide GoTo-specific documentation to configure SSO.
For other providers, or a custom SAML IdP, the below information can aid in configuration.
In general, the process is:
1. Enabling the application integration for GoToMeeting
2. Configuring single sign-on
3. Configuring user provisioning - optional
4. Assigning users
The Identity provider interface supports the various configurations. It provides the capability to configure automatically using a metadata URL, by uploading a SAML metadata file, or manually with sign-in and sign-out URLs, an identity provider ID and an uploaded verification certificate.
A trust-relationship between two relying parties has been established when each party has acquired the necessary metadata about the partner for execution of a SAML Single Sign-On. At each relying party, the configuration information can be input dynamically or manually, depending on the interface offered by the IdP.
When introducing the GoTo SAML Service’s metadata at the IdP, you may be given an option to add a new Service Provider via metadata. In this case, you can simply populate the metadata URL field with:
In the event your IdP requires manual input of information, you’ll need to manually enter the parts of the metadata. Depending on your IdP, it may ask for different pieces of information or call these fields different things. To start, here are some of the configuration values that should be entered if your IdP asks for them. Then, depending on your IdP's support for s feature called RelayState, there will be additional values to input.
When accessing products through an IdP-initiated sign in, some IdPs support a feature known as “RelayState”, which allows you to drop users directly into the specific GoTo product on which you want them to land. To configure this, the following fields, if requested by your IdP configuration should be set accordingly. Some IdPs refer to these fields by different names. Where possible, we have included alternative names that some IdPs use for these fields.
If your IdP supports the RelayState feature, all of the above fields (where requested by your IdP - not all IdPs will ask for all fields) should be populated with:
You can then set a per-product RelayState to allow routing to different products from your IdP application catalog. Below are the RelayState values to set for GoTo products:
If your IdP does not support the RelayState feature, there will be no RelayState value to set. Instead, set the ACS values above (ACS URL, Recipient, Destination) to the following values per product:
During manual configuration of the GoTo SAML Service at the IdP, you may be presented with some additional options. Here is a list of potential options you may be presented and what you should set them to.