HELP FILE

Set Up Federated Login for LastPass Using Okta SSO and Active Directory

Set Up Federated Login for LastPass Using Okta SSO and Active Directory

    Option #2 (hybrid configuration)

    LastPass Business account admins can set up and configure federated login using Okta in a few different ways so that users can log in to LastPass without ever having to create a second Master Password. Once Okta federated login is set up, LastPass Business users can log in to LastPass using their Okta account (instead of a username and separate master password) to access their LastPass vault.

    Federated login using Okta can be set up in the following ways:

    Option Identity Provider Directory Provider Authorization Server Account requirements

    Option #1 (standard configuration, without an authorization server)

    For more information, see Set Up Federated Login for LastPass Using Okta Without an Authorization Server.

    Okta SCIM

    Okta SCIM

    All of the following:
    • Okta Single Sign-On
    • Okta Lifecycle Management
    • An active trial or paid LastPass Business account
    • An active LastPass Business admin (required when activating your trial or paid subscription)

    Option #2 (hybrid configuration)

    For more information, see instructions below.

    Okta SSO

    Active Directory

    All of the following:
    • Okta Single Sign-On
    • Active Directory
    • An active trial or paid LastPass Business account
    • An active LastPass Business admin (required when activating your trial or paid account)

    Option #3 (standard configuration, with an authorization server)

    For more information, see Set Up Federated Login for LastPass Using Okta With an Authorization Server.

    Okta SCIM

    Okta SCIM

    All of the following:
    • Okta Single Sign-On
    • Okta Lifecycle Management
    • API Access Management
    • An active trial or paid LastPass Business account
    • An active LastPass Business admin (required when activating your trial or paid subscription)
    Note: If you have not started a LastPass Business trial, contact our Sales team at lastpass.com/contact-sales for more information.

    This guide provides setup instructions for using LastPass with Okta SSO (single sign-on) as your Identity Provider (IdP) and Active Directory as your directory provider. This type of setup may be referred to as a “hybrid” configuration (Option #2).

    Before you begin

    Before you begin the setup process between the LastPass Admin Console and the Okta Admin portal, review the following important information that applies to federated users:

    Note: Firefox version 103 or newer does not support Okta PKCE Federated Login.
    Restriction: LastPass does not support the use of multiple domains for directory integrations and federated login.

    You are now ready to follow the step-by-step instructions indicated at the bottom of the page to set up federated login using Okta SSO as your Identity Provider and Active Directory as your directory provider.