How do I set up LastPass MFA for Microsoft AD FS?
To begin the setup process for using LastPass MFA for Microsoft AD FS as a LastPass Business admin, you must first provision your users via the LastPass AD Connector, then require those users to set up the LastPass Authenticator app to protect their vaults. Next, configure the LastPass AD FS MFA installer and distribute the MSI package to your AD FS server farm.
System requirements:
- The LastPass AD FS integration supports AD FS on Windows Server 2016 and 2019.
Before starting the deployment steps, familiarize yourself with passwordless login administration and verify that your AD FS Server is functional and working with all relying party applications.
End users are required to have an active LastPass Business + Advanced MFA add-on trial or paid user account that has enabled and enrolled the LastPass Authenticator app for multifactor authentication to protect their vault.
Step #1: Set up the LastPass AD Connector
- ad.samaccountname
- ad.objectguid
- email (lastpass account name)
To get started, see Set up the LastPass Active Directory Connector.
Step #2: End users set up the LastPass Authenticator app
Once your users are provisioned via the LastPass AD Connector, they must enable and enroll the LastPass Authenticator to use for multifactor authentication to protect their LastPass vault.
Instruct your end users to follow the steps to enable and enroll the LastPass Authenticator as their multifactor option for their LastPass vault.
Step #3: Prepare the LastPass AD FS integration installer package
Download the MSI installer package from the new Admin Console, then configure it with your designated integration key and integration secret so that it can be distributed to your AD FS farm.
Follow the steps to download and configure LastPass MFA for Microsoft AD FS.
Step #4: Distribute the LastPass AD FS integration to all your AD FS servers
Once configured, you can distribute the MSI installer (setup.msi).