Set Up Federated Login for LastPass Using Okta SSO and Active Directory
Option #2 (hybrid configuration)
LastPass Business account admins can set up and configure federated login using Okta in a few different ways so that users can log in to LastPass without ever having to create a second Master Password. Once Okta federated login is set up, LastPass Business users can log in to LastPass using their Okta account (instead of a username and separate master password) to access their LastPass vault.
Federated login using Okta can be set up in the following ways:
Option | Identity Provider | Directory Provider | Authorization Server | Account requirements |
---|---|---|---|---|
Option #1 (standard configuration, without an authorization server) For more information, see Set Up Federated Login for LastPass Using Okta Without an Authorization Server. |
Okta SCIM |
Okta SCIM |
✘ |
All of the following:
|
Option #2 (hybrid configuration) For more information, see instructions below. |
Okta SSO |
Active Directory |
✘ |
All of the following:
|
Option #3 (standard configuration, with an authorization server) For more information, see Set Up Federated Login for LastPass Using Okta With an Authorization Server. |
Okta SCIM |
Okta SCIM |
✔ |
All of the following:
|
This guide provides setup instructions for using LastPass with Okta SSO (single sign-on) as your Identity Provider (IdP) and Active Directory as your directory provider. This type of setup may be referred to as a “hybrid” configuration (Option #2).
Before you begin
Before you begin the setup process between the LastPass Admin Console and the Okta Admin portal, review the following important information that applies to federated users:
- Ensure you have set up the LastPass AD Connector.
- Review the limitations that apply to federated user accounts.
- Additionally, linked personal accounts must be verified on every new device that a federated user will use for logging in to access their LastPass vault.
You are now ready to follow the step-by-step instructions indicated at the bottom of the page to set up federated login using Okta SSO as your Identity Provider and Active Directory as your directory provider.
- Step #1: Create a Single-Page Application for LastPass to Enable Login with Okta
- Step #2: Enable the Authorization Code Grant Type
- Step #3: Add a Company-Wide Key as a Group Claim
- Step #4: Enable CORS for LastPass
- Step #5: Set Up Okta Federated Login in LastPass with PKCE Flow
- Step #6: Provision Users to LastPass Using the LastPass AD Connector
- Step #7: Assign the User to the Single-Page Application
In this section: