product icon

How do I upgrade the AD FS plugin for LastPass federated login?

    In order to support TLS 1.2, admins who have set up federated login for LastPass using AD FS must upgrade to the latest version (v1.5.765 or later) of the "LastPass ADFS Plugin" that is installed.

    Note: A reboot of the AD FS server is required, so it is recommended that you restart after business hours.

    Check your "LastPass ADFS Plugin" version

    1. On the primary AD FS server, navigate to Control Panel > Programs > Programs and Features in Windows.
    2. Locate the LastPass ADFS Plugin in the list.
    3. Check the Version column.
      • Upgrade Not Required: Version 1.5.765 or later.
      • Upgrade Required: All versions earlier than 1.5.765. Follow the instructions below to upgrade.
      LastPass ADFS Plugin in Programs and Features

    Upgrade the "LastPass ADFS Plugin" to the latest version

    1. Open a text editor application and prepare the following fields:
      • Active Directory Custom Attribute:
      • LastPass Assertion Consumer Service (ACS) URI:
    2. Log in and access the Admin Console at https://admin.lastpass.com/.
    3. Go to Users > Federated login.
    4. Copy the value of the Active Directory Custom Attribute and paste it into the text editor.
    5. Copy the value of the LastPass Assertion Consumer Service (ACS) URI and paste it into the text editor.
    6. In the "LastPass Custom Attribute Store" section at the bottom of the page, click one of the following:
      • Download for ADFS Server 3.0 (For Windows Server 2012 R2)
      • Download for ADFS Server 4.0 (for Windows Server 2016)
    7. Save the .MSI file.
    8. Log in to your primary Active Directory Federation Services (AD FS) server, then transfer the .MSI file onto the desktop of your AD FS server. Right-click on the file and select Run as Administrator, or execute the .MSI installer from an elevated command prompt. Click Yes if prompted by the User Account Control prompt.
      Note:  The AD FS plugin .MSI installer must be run as an administrator or with elevated permissions, even if you are logged in as a domain admin.
    9. Click Next.
    10. Enter your LastPass Assertion Consumer Service (ACS) URI from your text editor.
    11. Enter your Active Directory Custom Attribute from your text editor.
    12. Click Next.
    13. Click Finish when registration is complete.
    14. Restart the AD FS Windows service. This is required.

    Additional steps for AD FS farm environments

    1. On the AD FS server, navigate to C:\Windows\ADFS where you installed the LastPass .MSI file.
    2. Copy the following files to all AD FS secondary servers' C:\Windows\ADFS folder:
      • LastPassADFS.dll
      • LastPassConfig.dll
      • LastPassLib.dll
      • LastPassLogger.dll
      • LastPassSettings.dll
      • BouncyCastle.Crypto.dll
      • NLog.dll
    3. Restart the AD FS Windows service on the secondary AD FS nodes. This is required.