product icon

Use directory integrations for automated provisioning in the new Admin Console

    If you determined that an automated provisioning service best suits your organization, let's review each one in detail so that you can make an informed decision about the service you choose. Please note that there is no limitation for the amount of users you can add to your account.

    Note: This feature is only available for LastPass Business accounts. What type of LastPass business account do I have?

    The directory integrations outlined here do not allow users to log in to LastPass with their Identity Provider credentials. Setting up automated provisioning using the directory integration options below will still require the user to create and remember a separate master password to log in to LastPass, which is used to create the unique encryption key for their LastPass vault.

    However, LastPass does support federated login with various Identity Providers, which allows users to log into LastPass using their Identity Provider's active directory user account. For more information, please see What is federated login for LastPass?

    Accessing directory integrations

    You can access all of the directory integrations offered by LastPass in the new Admin Console.

    Note: If you are seeing something different than below, please see instructions for the Password Manager Admin Console (legacy Admin Console experience).
    1. Log in with your email address and master password to access the new Admin Console at
    2. If prompted, complete steps for multifactor authentication (if it is enabled for your account).
    3. Select Users in the top toolbar.
    4. Select Directories in the left navigation.
    5. Select from any of the following options:

      Result: You have accessed the directory integrations offered for LastPass Business accounts.

      Directory integrations in the new Admin Console

    LastPass Active Directory Connector service

    The LastPass Active Directory Connector (AD Connector) sync client is a Windows service that is run locally and can be downloaded from the Admin Console within your LastPass Business account. It connects to your Active Directory environment to support a variety of provisioning and management processes in LastPass Business accounts.

    Using the Active Directory Connector service, you can:

    • Feed relevant information from your user directory into LastPass.
    • Sync new user profiles to LastPass for automated provisioning of LastPass user accounts.
    • Sync disabled or deleted user profiles to LastPass for automated termination of LastPass user accounts.
    • Create nested groups to manage permissions at the group level.
    • Sync user groups to LastPass for policy designations, Shared Folders, and SAML application assignments.
    • Apply filters based on your groups so that only members of the relevant groups sync to LastPass.
    • Provisioning for a number of cloud-based applications, including Google Apps and Once set up, when users are added in your Active Directory, a LastPass account will be created on their behalf. No local provisioning necessary.

    Out of the box, the Active Directory Connector will automatically track changes to your Active Directory or LDAP server (e.g., adding a new user, removing or disabling existing users, changing user groups for a user, etc.) and invoke appropriate actions for LastPass accounts. Similarly, if you delete or disable a user in Active Directory, the associated LastPass account will also be disabled.

    For more information, please see our Active Directory Connector FAQs.

    Learn how to get started with setting it up.

    Azure Active Directory SCIM integration

    LastPass provides an out-of-the-box solution to centrally manage all passwords that are being used and shared throughout the organization, and helps solve for the co-management of work and personal credentials. Using LastPass with your Azure AD user directory as your single sign-on solution can help IT enforce security controls and address the gap left by apps and web services introduced by users that do not support SSO.

    Learn how to get started with setting it up.

    Okta SCIM integration

    We’ve partnered with Okta to offer a SCIM API that can be configured for automatic provisioning and deprovisioning of LastPass accounts for easy, secure administration.

    Learn how to get started with setting it up.

    OneLogin SCIM integration

    To ease on-boarding and management of LastPass, we’ve partnered with OneLogin to allow automated user provisioning and deprovisioning through a SCIM API. Our OneLogin endpoint can be configured for instant creation of LastPass accounts and real-time revocation when employees leave the organization. IT admins benefit from easy, secure administration of LastPass through their OneLogin directory.

    Learn how to get started with setting it up.


    LastPass has partnered with PingOne to allow LastPass Business admins to automate provisioning and deprovisioning of users, along with secure configuration and deployment using our SCIM API.

    Learn how to get started with setting it up.

    Google Workspace

    LastPass offers a SCIM API for Google Workspace to automate provisioning of user accounts, as well as deprovisioning in real-time for LastPass Business accounts.

    Learn how to get started with setting it up.

    LastPass Provisioning API

    LastPass exposes a public API that can be used by LastPass Business accounts to create users, deprovision users, and manage groups via a REST web service interface. The LastPass Provisioning API is powerful, and includes many configuration settings that can be customized.

    Note: The LastPass Provisioning API does not support managing groups for pre-configured SSO (Cloud) apps for LastPass Business accounts.

    The main difference between this option and the Active Directory Connector is that the LastPass Provisioning API requires some coding on your part to avoid having duplicate actions occur, whereas the LastPass AD Connector requires zero coding or integration.

    Learn how to get started with setting it up.