Set Up Federated Login for LastPass using Google Workspace
Federated login for LastPass Business allows users to log in to LastPass using their organization's Google Workspace credentials without having to create and use a separate master password.
Note: In this set of instructions, Google Workspace is defined as the Identity Provider (IdP) used for authentication.
Please review the account requirements and limitations that apply to federated user accounts, then you can begin the setup process between the LastPass Admin Console and Google Workspace.
Restriction: LastPass directory integrations have limitations, including the use of different directory instances and/or multi-domain & multi-forest configurations. Learn more about federated login limitations.
Account and system requirements
Syncing your Google Workspace with LastPass requires the following:
- An active Google Workspace subscription
- An active trial or paid LastPass Business account
- An active LastPass Business admin account (required when activating your trial or paid subscription)
Limitations that apply to federated users
- Review the limitations that apply to federated user accounts.
- Additionally, linked personal accounts must be verified on every new device that a federated user will use for logging in to access their LastPass vault.
For frequently asked questions, see the following articles:
- Step #1: Create Directory Service API
- Step #2: Create Service Account
- Step #3: Delegate domain-wide authority to your service account
- Step #4: Integrate Directory in LastPass
- Step #5: Configure OAuth consent screen in Google Workspace
- Step #6: Configure OAuth Client ID in Google Workspace
- Step #7: Enable Federated Login in LastPass
In this section: