HELP FILE

NetScaler Gateway App Integration

    Set up an app integration so that your user can sign into this app using the same credentials that they use for LastPass.

    Part 1 - Add the SSO App to LastPass

    About this task:
    1. Log in and access the LastPass new Admin Console by doing either of the following:
      • While logged in to LastPass, click the active LastPass icon active LastPass icon in your web browser toolbar, then select Admin Console in the menu.
      • Log in at https://admin.lastpass.com with your admin email address and master password.
    2. Go to Applications > SSO apps.
    3. Select Add app in the upper-right navigation (or Search the catalog if you're adding your first app).
    4. Search for and select your app from the catalog (or Add an unlisted app if you can't find your app).
    5. Click Continue, and you are taken to the Set up LastPass section of the app configuration.

      Fastpath: LastPass automatically fills out all required information in the Set up app section for you. Some apps allow you to upload settings in an XML file, while others require you to copy and paste the following information:
      Name in LastPass Value
      Entity ID 
      https://identity.lastpass.com
      SSO Endpoint 
      https://identity.lastpass.com/SAML/SSOService
      Logout URL 
      https://identity.lastpass.com/Login/Logout
      Certificate fingerprint Provided in the Set up app section of the SSO app. If needed, download the LastPass certificate in PEM, DER, or Download metadata (XML) format.
      Certificate fingerprint (SHA256)
      Certificate (PEM)

    6. For the next steps, open a new web browser window or tab. Go to the app's settings to enable single sign-on, and make sure your app recognizes LastPass as the Identity Provider.

    Part 2 - App Configuration

    1. Open a new tab on your browser and log in to your NetScaler admin console and go to NetScaler Gateway > Policies > Authentication > SAML.
    2. Click on the Servers tab and the click on the Add button to add a new authentication SAML server.
    3. Set a name for the server.
    4. Add the LastPass certificate downloaded in the previous step by clicking on the IDP Certificate Name field. Click on the plus sign button to add LastPass.

      Install server certificate window

    5. Set the Certificate-Key Pair Name. Upload the certificate and click Install.
    6. On IDP Certificate Name field, select the certificate that you added.
    7. Paste the SSO End Point that you copied from LastPass Admin Dashboard in the Redirect URL field.
    8. Paste the Logout URL that you copied LastPass Admin Dashboard in the Single Logout URL field.
    9. Paste the Entity ID that you copied from the Service Provider tab in NetScaler app setting on LastPass Admin Dashboard in the Issuer Name field.
    10. Click Ok to save changes.

      Configure Authentication SAML Server

    11. Select the Policies tab to create a new policy.
    12. Click on the Add button and set a Name for the policy.
    13. Select the Server that you created.
    14. Paste ns_true in the Expression field and click Create.

    15. Switch the authentication policy of your NetScaler gateway to the LastPass SAML policy. Go to NetScaler Gateway > Virtual Servers.
    16. Click on the desired virtual server. Select the current authentication policy on the Basic Authentication section.
    17. Select the current policy and Unbind it. Click on Close.

    18. On the Basic Authentication section, click on the Add button, select SAML policy and click on Continue.
    19. Select the LastPass SAML policy. Click on the Select button.
    20. Please make sure that the LastPass SAML policy is selected on the next screen and click on Bind
    21. Click Done to finish the process. You can now assign users to NetScaler VPN.