product icon
How do I add the "active" user attribute in Azure AD for LastPass federated login?

How do I add the "active" user attribute in Azure AD for LastPass federated login?


    The "active" user attribute is not listed when configuring your user attributes in the Azure AD portal during the setup process for LastPass federated login.


    The "active" user attribute was deleted from your Azure AD environment.


    The LastPass admin who is setting up federated login can add the "active" user attribute back in the Azure AD portal by doing the following:

    1. Log in to your Azure AD portal with your administrator account credentials at
    2. Click Enterprise applications.
    3. Select the LastPass Provisioning App you created.
    4. Go to Mappings > Provision Azure Active Directory Users.
    5. Scroll down and check the box for Show advanced options.
    6. Click Edit attribute list for customappsso.
    7. Scroll to the bottom, then enter active in the first empty field.
    8. For the "Type" drop-down menu select Boolean.
    9. Click Add Attribute, then click Save.
    10. Back on the Attribute Mapping page, below your existing user attributes, click Add New Mapping.
    11. On the Edit Attribute menu in the right navigation, enter the following:
      For this setting: Enter or select this:
      Mapping type Expression
      Expression Switch([IsSoftDeleted], ,"False", "True","True","False")
      Target attribute active
      Match objects using this attribute No
      Apply this mapping Always
    12. Click OK.

      Result: You have successfully added the "active" user attribute back to Azure AD.