Federated login for LastPass Business accounts allows users to log in to LastPass using their PingOne account (instead of a username and separate master password) to access their LastPass vault.

To enable federated login for LastPass using PingOne, the following is required:

• An active PingOne account
• An active trial or paid LastPass Business account
• An active LastPass Business admin (required when activating your trial or paid account)
  Note: If you have not started a LastPass Business trial, contact our Sales team at lastpass.com/contact-sales for more information.

To enable federated login for LastPass using PingOne, the following is required:

• Review the limitations that apply to federated user accounts.
  Restriction: LastPass does not support the use of multiple domains for directory integrations and federated login, including the use of different directory instances and/or multi-domain & multi-forest configurations. Learn more about federated login limitations.
• Additionally, linked personal accounts must be verified on every new device that a federated user will use for logging in to access their LastPass vault.

• It is required that you enable the “Permit super admins to reset master passwords” policy for at least one LastPass admin who is also a non-federated admin, in the LastPass new Admin Console. This ensures that all LastPass user accounts can still be recovered via master password reset, if a critical setting is misconfigured or changed for federated login after setup is complete.
• It is helpful to open a text editor application so that you can copy and paste values that will be used between your LastPass new Admin Console and the PingOne Admin portal.

Follow the instructions to set up federated login using PingOne as your Identity Provider and directory provider starting with Step #1: Create a Provisioning Token and Capture the Connection URL for PingOne in LastPass and ending with Step #4: Configure Federated Login Settings for PingOne in LastPass.

If desired, you can set up multifactor authentication at the PingOne (Identity Provider) level described in the official PingOne documentation.

You have successfully set up your LastPass Business account to use federated login with PingOne.

All of your newly populated federated users will receive a Welcome email informing them that they can now log in to use LastPass. Please note that your LastPass users must log in using the LastPass browser extension in order to use federated login for their PingOne account with LastPass.

• To learn more about deploying the LastPass browser extension to your organization, please see How do I install LastPass software for users in the new Admin Console?.
• To see your end users' experience, please see Federated Login Experience for LastPass Business Users.
• If your end users have linked personal accounts associated with their federated login account, please see How do I verify my linked personal account for federated login in LastPass?
• To convert a non-federated user to a federated user, please see How do I convert an existing LastPass user to a federated (Azure AD, Okta, Google Workspace, PingOne, or OneLogin) user?