The GoTo Community is currently experiencing some technical issues affecting new posts and comments. You may need to reload the page you are on before you can post a comment. We are actively working with our service provider and apologize for the frustration.
Forum Discussion
Solved
Azure SSO Problems
Hi there,
I know it's been a while since you raised this issue, BUT I am getting the exact same error trying to configure LogMeIn SSO with Azure AD. I have reached out to LogMeIn support (unsuccessfully). I also tried Microsoft support who pointed out that Client app ID: 9efc94c4-b491-4f36-9779-3a5c310ff2a1 does not exists in my tenant. Wondering what solved your issue ???
AADSTS650056: Misconfigured application. This could be due to one of the following: the client has not listed any permissions for 'AAD Graph' in the requested permissions in the client's application registration. Or, the admin has not consented in the tenant. Or, check the application identifier in the request to ensure it matches the configured client application identifier. Or, check the certificate in the request to ensure it's valid. Please contact your admin to fix the configuration or consent on behalf of the tenant. Client app ID: 9efc94c4-b491-4f36-9779-3a5c310ff2a1.
This is a combination of DWilliams14 comments for anyone else having an issue with this:
"For anyone else having this issue, I was able to resolve it by changing the identifier URL in the Azure AD App.
By default it is https://authentication.logmeininc.com/saml/metadata/sp and the instructions say not to change it, but changing it to https://authentication.logmeininc.com/saml/sp fixed this error for me - this is the url that they say to use if you look at the generic instructions for setting up SAML manually instead of the Azure specific ones.
The generic instructions for 'Custom Enterprise Sign-In Configuration' that you linked are fine. However the instructions for Azure AD specifically are not. If you look at this article: https://support.logmeininc.com/central/help/set-up-enterprise-sign-in-sso, under step 2 follow the link for Azure AD which takes you here: https://learn.microsoft.com/en-us/entra/identity/saas-apps/logmein-tutorial
On that page, under 'Configure Microsoft Entra SSO', step 5 says "On the Basic SAML Configuration section, the user does not have to perform any steps as the app is already pre-integrated with Azure."
However, the app default setting for entity ID is "https://authentication.logmeininc.com/saml/metadata/sp" which is incorrect. Within the azure app while configuring, it also tells you to use that incorrect url in the tooltip."
14 Replies
- Yuppp this has just worked for me, thank you GlennD!!!
This is a combination of DWilliams14 comments for anyone else having an issue with this:
"For anyone else having this issue, I was able to resolve it by changing the identifier URL in the Azure AD App.
By default it is https://authentication.logmeininc.com/saml/metadata/sp and the instructions say not to change it, but changing it to https://authentication.logmeininc.com/saml/sp fixed this error for me - this is the url that they say to use if you look at the generic instructions for setting up SAML manually instead of the Azure specific ones.
The generic instructions for 'Custom Enterprise Sign-In Configuration' that you linked are fine. However the instructions for Azure AD specifically are not. If you look at this article: https://support.logmeininc.com/central/help/set-up-enterprise-sign-in-sso, under step 2 follow the link for Azure AD which takes you here: https://learn.microsoft.com/en-us/entra/identity/saas-apps/logmein-tutorial
On that page, under 'Configure Microsoft Entra SSO', step 5 says "On the Basic SAML Configuration section, the user does not have to perform any steps as the app is already pre-integrated with Azure."
However, the app default setting for entity ID is "https://authentication.logmeininc.com/saml/metadata/sp" which is incorrect. Within the azure app while configuring, it also tells you to use that incorrect url in the tooltip."
- Use https://authentication.logmeininc.com/saml/sp. It works!
Hi Glenn,
The generic instructions for 'Custom Enterprise Sign-In Configuration' that you linked are fine. However the instructions for Azure AD specifically are not. If you look at this article: https://support.logmeininc.com/central/help/set-up-enterprise-sign-in-sso, under step 2 follow the link for Azure AD which takes you here: https://learn.microsoft.com/en-us/entra/identity/saas-apps/logmein-tutorial
On that page, under 'Configure Microsoft Entra SSO', step 5 says "On the Basic SAML Configuration section, the user does not have to perform any steps as the app is already pre-integrated with Azure."
However, the app default setting for entity ID is "https://authentication.logmeininc.com/saml/metadata/sp" which is incorrect. Within the azure app while configuring, it also tells you to use that incorrect url in the tooltip.
Hi DWilliams14, welcome to the community.
Thank you for sharing this. I know that the second (working) URL is what we list in this support article: Set Up a Custom Enterprise Sign-In Configuration, is the first URL you mentioned in another support article or from a different source? If it is in one of our other articles I can make sure it is corrected.
For anyone else having this issue, I was able to resolve it by changing the identifier URL in the Azure AD App.
By default it is https://authentication.logmeininc.com/saml/metadata/sp and the instructions say not to change it, but changing it to https://authentication.logmeininc.com/saml/sp fixed this error for me - this is the url that they say to use if you look at the generic instructions for setting up SAML manually instead of the Azure specific ones.
Hope that helps.
Hi MMIGLIOR ,
Did you look into the instructions of this article?
Please call our support team, explaining that you need to configure your Azure SSO. They will say of you need to send them the certificate and metadata info, or if you can configure it on your own.
Hi GlennD,
I followed the instruction and I still get the error. I am only testing my account right now where I am the owner, and I am only testing it trying to log into the logmein.com website.
There is a mention that I need to provide some info to my Goto Rep so they can do something on the backend for SAML 2.0. How do I initiate this?
Thanks,
Mike
Hi MMIGLIOR, welcome to the community.
Have you reviewed both of these support articles already?
- Using Azure Active Directory with Central
- How to Enable Access to a Host Computer for users in AzureAD?
I seem to have the same problem. Is it related to what package and options you buy. I currently have Central Basic options.
