Set Up Federated Login for LastPass Using Azure Active Directory
Federated login for LastPass Business allows users to log in to LastPass using their organization's Active Directory (Azure AD or on-premise Active Directory) without having to create and use a separate master password.
Please review the account requirements and limitations that apply to federated users, then you can begin the setup process between the LastPass Admin Console and the Azure AD portal.
Note: In this set of instructions, Azure AD is defined as the Identity Provider (IdP) used for authentication.
Account and system requirements
Syncing your Azure Active Directory with LastPass requires the following:
- A Premium tier subscription for Microsoft Azure Active Directory
- An active trial or paid LastPass Business account
- An active LastPass Business admin account (required when activating your trial or paid subscription)
Note: The LastPass Azure AD SCIM endpoint for federated login does not require any software installation.
Restriction: LastPass directory integrations have limitations, including the use of different directory instances and/or multi-domain & multi-forest configurations. Learn more about federated login limitations.
Note: LastPass clients (e.g., browser extension, mobile apps) receive an OAuth Access Token that can read and write only the LastPassK1 attribute (user.readwrite access). However, if you have other Azure AD apps with user.read.all or user.readwrite.all access, then these applications can also read the LastPassK1 attribute.
Limitations that apply to federated users
- Review the limitations that apply to federated user accounts.
- Additionally, linked personal accounts must be verified on every new device that a federated user will use for logging in to access their LastPass vault.
- Step #1: Create a Provisioning Token and Capture the Connection URL in LastPass
- Step #2: Configure the Provisioning App for LastPass in Azure AD
- Step #3: Configure the Login App for LastPass in Azure AD
- Step #4: Configure Federated Login Settings for Azure AD in LastPass
- Step #5: Add Users/Groups to the Provisioning and Login Apps in Azure AD
In this section: