SCIM Provisioning FAQs for LastPass Business Using Azure Active Directory

    Do groups in Azure AD sync to the LastPass Admin Console?

    • Yes, you can configure your Azure AD to sync user groups to LastPass, where they will appear in the User tab of the LastPass Admin Console. From there, the groups can be leveraged for assigning policies and shared folders.

    Can I assign more than one group to LastPass?

    • Yes, you can assign as many custom groups to LastPass in Azure AD as needed.

    If I update a group in Azure AD, are the changes reflected in LastPass?

    • If you add or remove users to a group in Azure AD, the change will be reflected in LastPass and an account will be provisioned or deprovisioned as needed.

    Can users log in to LastPass with their Azure AD password?

    • No, users are automatically provisioned and will appear as live users.

    How can I test that the integration is syncing correctly?

    • When first deploying LastPass Business with Azure AD, you can set up a small test group in Azure AD. Once you’ve confirmed that provisioning is working as expected, you can test adding and removing people in the test group. Once all testing is successful, you can then assign LastPass to all groups, or the specific groups that will be using LastPass.