HELP FILE

How do I download and configure LastPass MFA for Microsoft AD FS?

    As a LastPass admin, get the integration key and integration secret, then download the LastPass AD FS integration installer package and configure it with your designated integration key and integration secret.

    Note: This feature requires an account with the LastPass Business + Advanced MFA add-on. How do I upgrade my LastPass Business account with an add-on?
    • Add the Microsoft AD FS app for Windows.
      1. Log in with your email address and master password to access the new Admin Console at .
      2. Go to Applications > MFA Apps.
      3. If you have not previously added MFA apps, click Get started. Otherwise, click Add app in the upper-right navigation.
      4. Enter a Name for your app.
      5. Select Microsoft AD FS.
      6. Click Save & continue.
    • Save the integration key and integration secret.
      1. In the Set up integration window, copy and save the integration key.

        Tip: On another web browser window or tab, you can open your LastPass vault and create a new secure note for saving the integration key and integration secret.

      2. In the Set up integration window, copy and save the integration secret.

        Warning: These two values will be required in configuring the LastPass AD FS integration installer and/or upgrading to new versions in the future. If you do not save the integration secret, you will need restart the setup process to generate a new integration key and integration secret.

    • Download the LastPass AD FS integration installer.
      1. In the Set up integration window, click Download the installer.
      2. Save the file to your desired location.
      3. Click Finish.
    • Run the installer.
      1. On the primary AD FS server run the setup.msi file to launch the installer.
      2. In PowerShell, run the generated script:

        c:\Program Files (x86)\MfaAuthProvider\registerDllToAdfs.ps1

      3. Paste the integration key (that you copied in Step 7).
      4. Paste the integration secret (that you copied from Step 8).
      5. Open the AD FS Management console and in the explorer select Service > Authentication Methods.

      6. Click Edit Multi-factor Authentication Method in the Actions toolbar.
      7. On the Multi-factor tab select LastPass Multi-factor.
      8. Click Apply.

      9. Click OK.
      10. On the Primary tab make sure only Forms Authentication is selected.

      11. Click Apply and close the dialog.
      12. Apply Multi-factor Authentication for relying party applications under Relying Party Trusts.

      13. Run setup.msi on each secondary server.
    You have configured the LastPass MFA service for Microsoft AD FS and your users will be prompted for secondary authentication with LastPass Authenticator when authenticating to a relying party application.