In a nutshell, an agent in LogMeIn Resolve creates a signature key that uniquely identifies that person in an account. This key is not stored anywhere - other than the agent's memory. When the agent wants to perform a sensitive task, such as deploy unattended access or run PowerShell scripts on remote devices, their identity requires extra verification using this signature key. This extra security layer protects your organization as well as your agents, even when working from outside your protected office infrastructure.

Your signature key is not just another password. When you deploy the LogMeIn Resolve application on a remote computer, your key creates a link between you and the device. This signature key uniquely identifies you. It essentially signs (encrypts) every command that you send to your deployed remote devices that, in turn, can be 100% sure that it is you who sent those commands.

Users with a Free subscription can postpone setting up zero trust for up to 30 days. During this period, after users deploy five devices or an admin creates the first signature key in the organization, Free users will have to create their own signature key.The purpose of delaying setting up zero trust is to allow Free users to get oriented with LogMeIn Resolve before they start using this product. During orientation, LogMeIn Resolve uses its own signature key to provide zero trust authentication. For maximum security, Free users are recommended to use their own signature key.

How do I create a zero trust signature key?

See Set up zero trust authentication in LogMeIn Resolve.

How can I have a second person approve my signature key if I'm the only user?

The initial key generated in an account does not need approval as there is no one else available to approve it. Occasionally, when the admin user who initially created a key departs from the organization, leaving you as the only one in the account, you might face a scenario where you are unable to approve signature key requests from others. In this case, you may need to reset – remove – all previously generated keys, as described in Troubleshooting forgotten zero trust signature keys in LogMeIn Resolve.

Can users with paid licenses postpone setting up zero trust authentication?

No. Postponement is available for users with a Free license only.

Can a member user delay setting up a signature key after an admin creates a signature key?

No. As soon as an admin sets up zero trust and creates the first signature key in the company, every other user - regardless of their role - has to set up their own signature key.

If I can delay setting up a signature key, does that impact the security of LogMeIn Resolve in any way?

Not at all. Even without your own signature key, you are protected by LogMeIn Resolve's own key. When you perform a sensitive task, like creating an alert, your will still be identified as the user who performed that action. The purpose of delaying setting up zero trust is to allow Free users to get oriented with LogMeIn Resolve before they start using this product.

For how long can users with a Free subscription perform sensitive tasks without their own signature key?

Until one of the following occurs:

• The user has a Free subscription for 30 days
• The user has deployed five devices
• An admin user has created the first signature key in the organization

What if I can't access a remote device due to a zero trust error?

In some cases, the time zone or system time on the remote device may be out of sync. Remote execution in LogMeIn Resolve provides an easy fix to solve for that. See Sync the system time on your devices

How can I select how often to be prompted for my signature key in my current browser?

To select how often you are prompted for your signature key in your current browser, click on Prompt frequency and choose the option that best suits you:

• Upon each sensitive task: Type your key every time you perform a sensitive task. This is the default setting.
• Once a day: Type your key once every 24 hours. For example, if you type your key at noon, you can perform sensitive tasks until noon the following day without typing your key again.
• Once a week: You can use your key to perform sensitive tasks for one week, which is 168 hours.

As an admin, can I restrict prompt frequency options for my agents?

You can select the prompt frequency options you want to offer for your agents in GoTo Admin. Go to Settings > Zero trust status and on the Settings tab, toggle the options that best suits your needs. See Restrict prompt frequency options for agents in GoTo Admin.