HELP FILE

Set Up Federated Login for LastPass Using Okta Without an Authorization Server

    Option #1 (standard configuration, without an authorization server)

    LastPass Business account admins can set up and configure federated login using Okta in a few different ways so that users can log in to LastPass without ever having to create a second Master Password. Once Okta federated login is set up, LastPass Business users can log in to LastPass using their Okta account (instead of a username and separate master password) to access their LastPass vault.

    Federated login using Okta can be set up in the following ways:

    Option Identity Provider Directory Provider Authorization Server Account requirements

    Option #1 (standard configuration, without an authorization server)

    For more information, see instructions below.

    Okta SCIM

    Okta SCIM

    All of the following:
    • Okta Single Sign-On
    • Okta Lifecycle Management
    • An active trial or paid LastPass Business account
    • An active LastPass Business admin (required when activating your trial or paid subscription)

    Option #2 (hybrid configuration)

    For more information, see Set Up Federated Login for LastPass Using Okta SSO and Active Directory.

    Okta SSO

    Active Directory

    All of the following:
    • Okta Single Sign-On
    • Active Directory
    • An active trial or paid LastPass Business account
    • An active LastPass Business admin (required when activating your trial or paid account)

    Option #3 (standard configuration, with an authorization server)

    For more information, see Set Up Federated Login for LastPass Using Okta With an Authorization Server.

    Okta SCIM

    Okta SCIM

    All of the following:
    • Okta Single Sign-On
    • Okta Lifecycle Management
    • API Access Management
    • An active trial or paid LastPass Business account
    • An active LastPass Business admin (required when activating your trial or paid subscription)
    Note: If you have not started a LastPass Business trial, contact our Sales team at lastpass.com/contact-sales for more information.

    This guide provides setup instructions for using LastPass with Okta SCIM as your Identity Provider (IdP) and directory provider, but without the need for API Access Management nor using the LastPass AD Connector (Option #1).

    LastPass supports the following provisioning features:

    • Create Users
    • Update User Attributes
    • Deactivate Users
    • Push Groups

    Before you begin

    Before you begin the setup process between the LastPass Admin Console and the Okta Admin portal, review important information that applies to federated users.

    Note: Firefox version 103 or newer does not support Okta PKCE Federated Login.
    Restriction: LastPass does not support the use of multiple domains for directory integrations and federated login.

    You are now ready to follow the step-by-step instructions indicated at the bottom of the page to set up federated login using Okta SCIM as your Identity Provider and directory provider (without an authorization server). Complete all steps one by one.