NOTICE: These instructions are for users who set up their SSO configuration after October 1st, 2023. Please see the legacy SAML configuration instructions here.
Please follow the instructions below to configure your Azure, Okta, or other SAML based ID providers for Logitech Sync. Once configured, you can finish self service SSO setup directly through Logitech Sync.
Configuring Azure Active Directory
Add an Enterprise Application to your Azure Active Directory with the following steps:
- Under Enterprise applications, select New application > Create your own application
- For Name, enter: Logitech Sync
- Select Integrate any other application you don't find in the gallery, click CREATE
-
Under Properties, set User assignment required? to No and set Visible to users? to No
- Alternatively, under User and groups, assign the users and/or groups who can sign in to Sync via SSO. Note, however, that assigned users still need to be invited by an Owner from within Sync Portal.
- Save this image to your local filesystem and then upload it as the application logo:
- Under Single Sign-On, select SAML
-
In Basic SAML Configuration, set the following values:
- Identifier (Entity ID):
Global site (US) | urn:amazon:cognito:sp:us-west-2_dbVjd4yeO |
EU | urn:amazon:cognito:sp:eu-central-1_WPJIm5DVv |
FR | urn:amazon:cognito:sp:eu-west-3_2d7lWcJfk |
CA | urn:amazon:cognito:sp:ca-central-1_vy7w7nSAM |
- Reply URL (Assertion Consumer Service URL):
Global site (US) | https://auth-1.sync.logitech.com/saml2/idpresponse |
EU | https://auth-eu.sync.logitech.com/saml2/idpresponse |
FR | https://auth-fr.sync.logitech.com/saml2/idpresponse |
CA | https://auth-ca.sync.logitech.com/saml2/idpresponse |
- Sign on URL:
Global site (US) | https://sync.logitech.com/sso/<your email domain> |
EU | https://eu.sync.logitech.com/sso/<your email domain> |
FR | https://fr.sync.logitech.com/sso/<your email domain> |
CA | https://ca.sync.logitech.com/sso/<your email domain> |
- Relay state: <leave blank>
- Logout URL: <leave blank>
- In User Attributes & Claims, verify or add the following claims. You need to use the full URI for the claim name:
Claim name | Value |
Unique User Identifier (Name ID) | user.userprincipalname [nameid-format:emailAddress] |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | user.mail |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | user.givenname |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname | user.surname |
- Under SAML Signing Certificate the field App Federation Metadata Url should be populated. Copy the value to clipboard and provide it when requested.
Configuring Okta
Create a SAML application in Okta with the following steps:
- Under Applications, choose Create App Integration
- Complete the wizard using default settings, except for:
- Sign on method: SAML 2.0
- App name: Logitech Sync
- Do not display application icon to users: ✔
- Do not display application icon in the Okta Mobile app: ✔
- Single sign on URL:
Global site (US) | https://auth-1.sync.logitech.com/saml2/idpresponse |
EU | https://auth-eu.sync.logitech.com/saml2/idpresponse |
FR | https://auth-fr.sync.logitech.com/saml2/idpresponse |
CA | https://auth-ca.sync.logitech.com/saml2/idpresponse |
- Audience URI (SP Entity ID):
Global site (US) | urn:amazon:cognito:sp:us-west-2_dbVjd4yeO |
EU | urn:amazon:cognito:sp:eu-central-1_WPJIm5DVv |
FR | urn:amazon:cognito:sp:eu-west-3_2d7lWcJfk |
CA | urn:amazon:cognito:sp:ca-central-1_vy7w7nSAM |
- Attribute statements. You need to use the full URI for the attribute name:
Name | Name Format | Value |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | URI Reference | user.email |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | URI Reference | user.firstName |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname | URI Reference | user.lastName |
- I'm an Okta customer adding an internal app: ✔
- Save this image to your local filesystem and then upload it as the application logo:
- On the Assignments tab for your app, assign the people and/or groups who have access to Logitech Sync via SSO. Please note, users still need to be explicitly invited from within Sync. Therefore, the recommendation to assign an appropriate group or Everyone to Logitech Sync.
-
OPTIONAL: Sync does not support ID Provider initiated sign in. If you want to show Logitech Sync in the list of Okta applications you need to add it as a Bookmark app. Follow these steps from the Okta documentation using these settings:
- Application label: Logitech Sync
- URL:
Global site (US) | https://sync.logitech.com/sso/<your email domain> |
EU | https://eu.sync.logitech.com/sso/<your email domain> |
FR | https://fr.sync.logitech.com/sso/<your email domain> |
CA | https://ca.sync.logitech.com/sso/<your email domain> |
- On the Sign On tab for your app, look for the Metadata URL hyperlink. Copy the value to clipboard and provide it when requested.
Configuring SAML Identity Provider
Configure your SAML 2.0 identity provider using these settings, where applicable:
- Application name: Logitech Sync
- Entity ID / Audience:
Global site (US) | urn:amazon:cognito:sp:us-west-2_dbVjd4yeO |
EU | urn:amazon:cognito:sp:eu-central-1_WPJIm5DVv |
FR | urn:amazon:cognito:sp:eu-west-3_2d7lWcJfk |
CA | urn:amazon:cognito:sp:ca-central-1_vy7w7nSAM |
- Assertion Consumer Service (ACS) URL:
Global site (US) | https://auth-1.sync.logitech.com/saml2/idpresponse |
EU | https://auth-eu.sync.logitech.com/saml2/idpresponse |
FR | https://auth-fr.sync.logitech.com/saml2/idpresponse |
CA | https://auth-ca.sync.logitech.com/saml2/idpresponse |
- ACS Validator:
Global site (US) | ^https:\/\/auth-1\.sync\.logitech\.com\/saml2\/idpresponse$ |
EU | ^https:\/\/auth-eu\.sync\.logitech\.com\/saml2\/idpresponse$ |
FR | ^https:\/\/auth-fr\.sync\.logitech\.com\/saml2\/idpresponse$ |
CA | ^https:\/\/auth-ca\.sync\.logitech\.com\/saml2\/idpresponse$ |
- Relay state: <leave blank>
- Sign out URL / Logout URL: <leave blank>
- Sign in URL / Login URL:
Global site (US) | https://sync.logitech.com/sso/<your email domain> |
EU | https://eu.sync.logitech.com/sso/<your email domain> |
FR | https://fr.sync.logitech.com/sso/<your email domain> |
CA | https://ca.sync.logitech.com/sso/<your email domain> |
The following claims must be included in the SAML sign-in response (use the full URI as the claim name):
- http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier (i.e. NameID)
- http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
- http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
- http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
The first claim is probably included by default. You will probably need to configure the others as custom parameters, claims or attributes. The values should be mapped from the appropriate fields in your ID provider; e.g. Email, First Name, and Last Name.
Remember to grant access to Logitech Sync to the appropriate users/groups in your directory. Note, however, that Sync does not support just-in-time (JIT) provisioning. This means that users also need to be invited explicitly from within Sync itself. We therefore recommend that you grant access to a broad group of users and control individual user access from within Sync itself.
Logitech Sync does not support identity provider-initiated sign in. Service provider sign in is initiated at the following URL:
Global site (US) | https://sync.logitech.com/sso/<your email domain> |
EU | https://eu.sync.logitech.com/sso/<your email domain> |
FR | https://fr.sync.logitech.com/sso/<your email domain> |
CA | https://ca.sync.logitech.com/sso/<your email domain> |
(e.g. https://sync.logitech.com/sso/logitech.com)
If your ID provider supports it, upload the following icon for Logitech Sync:
Once the integration is configured please provide the Identity Provider Metadata URL, sometimes called Issuer URL. Copy the value to clipboard and provide it when requested.
Sync Doesn't Support IdP Initiated Sign in (Okta)
Unfortunately, Sync does not support ID provider initiated sign-in. Are you able to sign in with SSO at https://sync.logitech.com/sso?
There is a workaround for Okta:
-
If you want to show Logitech Sync in the list of Okta applications you need to add it as a Bookmark app. Follow these steps from the Okta documentation using these settings:
- Application label: Logitech Sync
- URL:
Global site (US) | https://sync.logitech.com/sso/<your email domain> |
EU | https://eu.sync.logitech.com/sso/<your email domain> |
FR | https://fr.sync.logitech.com/sso/<your email domain> |
CA | https://ca.sync.logitech.com/sso/<your email domain> |