:orphan:

****************************
GoToMeeting SAML Integration
****************************

Introduction
************

This article describes how to configure GoToMeeting to work with AuthControl Sentry.

.. include:: HowToCreateSAMLKeysOnCMI.rst

.. include:: CheckPasswordWithRepositoryLocalAgent.rst
 
Setup SSO on GoToMeeting
************************

To configure SSO setting on your GoToMeeting account you have to access your Admin console by simply going to https://account.citrixonline.com/organization/administration/#identity. You should see an Admin console with an option "Identity Provider" similar to the one below:

.. image:: images/Integration/SAML/GoToMeeting/GoToMeetingIdp.png
 
Now navigate to your AuthControl Sentry View IdP Metadata page and copy the content of this page.

.. image:: images/Integration/SAML/GoToMeeting/GoToMeetingIdp2.png

Click save. You will see something like the below. Click save again:

.. image:: images/Integration/SAML/GoToMeeting/GoToMeetingIdp3.png

Setup AuthControl Sentry Application definition
***********************************************

Login to the AuthControl Sentry Administration Console. Click Applications in the left hand menu. To add a new Application definition for GoToMeeting, click the Add Application button and select SAML - GoToMeeting type.

.. image:: images/Integration/SAML/GoToMeeting/GoToMeetingApplication.png

* Name: GoToMeeting

* Points: 100 (the number of points the user needs to score from their Authentication Method in order to successfully authenticate to this Application)

* Portal URL: URL to access to goToMeeting (It does not require modification)

* Entity ID: Identifier of the GoToMeeting SAML request (It does not require modification)

* Federated Id: email

 
Setup AuthControl Sentry Authentication definition
**************************************************

As an example here we will be using Turing authentication as the Primary method required for GoToMeeting authentication.

Login to the AuthControl Sentry Administration Console. Click Authentication Methods in the left hand menu. Click the Edit button against the Turing option in the list of Authentication Methods. Give this Authentication Method 100 points. This will mean that when a login attempt is made to the GoToMeeting Application, this Authentication Method will be offered during login.
 
Testing authentication to GoToMeeting
*************************************

This should be the final step after all previous elements have been configured.

Visit your AuthControl Sentry Page with your public DNS entry of your Swivel AuthControl Sentry server, e.g. https://mycompanysentrydomain/sentry/startPage. On a Start Page you will be able to see a new GoToMeeting Icon on which you can click and proceed with authentication (as you would by going straight to the GoToMeeting page)

.. image:: images/Integration/SAML/SentryStartup1.png

When you visit this URL you will notice that the domain should redirect to the identity provider login URL that you setup.

.. image:: images/Integration/SAML/GoToMeeting/GoToMeetingLogin.png

Once you have submitted your username. You should be presented with the Sentry username page.

In this login example we are using the email as a username.

.. image:: images/Integration/SAML/GoToMeeting/GoToMeetingUsername.png

Once you have submitted your username. You should be presented with the page of the Authentication Method which can score enough points to match the points required by the GoToMeeting Application definition.

.. image:: images/Integration/SAML/GoToMeeting/GoToMeetingTuring.png 

After we enter our authentication credentials we successfully will see the GoToMeeting account that we tried to access.

.. image:: images/Integration/SAML/GoToMeeting/GoToMeetingLogged.png

Troubleshooting
***************

There are various logging components available for this particular integration which can aid in diagnosis at different points during authentication:

* The Swivel Core has a Log Viewer menu item which can reveal information concerning user status e.g. is the user locked, has a session been started for the image request;

* The Swivel AuthControl Sentry has a View Log menu item which provides details about the SAML assertion and response received from GoToMeeting and can be useful for comparison with the GoToMeeting SAML Assertion Validator output;

It is crucial when troubleshooting, to pinpoint where the authentication is failing. For example, you may find that the Swivel Core logs show a successful authentication (which would indicate that the user has entered their Password and OTC correctly), but the AuthControl Sentry logging shows that there is a problem with the SAML assertion.

Some common issues which can be diagnosed with the validator are:

* Certificate or decryption issues;

* Can AuthControl Sentry find the Certificate locally, is it the correct one?

* Has the correct Certificate been uploaded to GoToMeeting?

* Does the Repository -> Attribute name being used actually map to a Repository attribute? Has a User Sync occurred in the Swivel Core since modifying this?