HELP FILE

Set Up Federated Login for LastPass using PingOne

Set Up Federated Login for LastPass using PingOne

    LastPass Business account admins can set up and configure federated login so that users can log in to LastPass without ever having to create a second master password.

    Review the account requirements and limitations that apply to federated users, then you can begin the setup process between the LastPass new Admin Console and the PingOne Admin portal.

    Federated Login with PingOne selected in the new Admin Console

    Summary

    Federated login for LastPass Business accounts allows users to log in to LastPass using their PingOne account (instead of a username and separate master password) to access their LastPass vault.

    System Requirements

    To enable federated login for LastPass using PingOne, the following is required:

    • An active PingOne account
    • An active trial or paid LastPass Business account
    • An active LastPass Business admin (required when activating your trial or paid account)
      Note: If you have not started a LastPass Business trial, contact our Sales team at lastpass.com/contact-sales for more information.

    Limitations

    To enable federated login for LastPass using PingOne, the following is required:

    Before you begin

    • It is required that you enable the “Permit super admins to reset master passwords” policy for at least one LastPass admin who is also a non-federated admin, in the LastPass new Admin Console. This ensures that all LastPass user accounts can still be recovered via master password reset, if a critical setting is misconfigured or changed for federated login after setup is complete.
    • It is helpful to open a text editor application so that you can copy and paste values that will be used between your LastPass new Admin Console and the PingOne Admin portal.

    Part #1: Follow the related instructions

    Follow the instructions to set up federated login using PingOne as your Identity Provider and directory provider starting with Step #1: Create a Provisioning Token and Capture the Connection URL for PingOne in LastPass and ending with Step #4: Configure Federated Login Settings for PingOne in LastPass.

    Part #2: Set up multifactor authentication for PingOne (optional)

    If desired, you can set up multifactor authentication at the PingOne (Identity Provider) level described in the official PingOne documentation.

    Setup is complete!

    You have successfully set up your LastPass Business account to use federated login with PingOne.

    All of your newly populated federated users will receive a Welcome email informing them that they can now log in to use LastPass. Please note that your LastPass users must log in using the LastPass browser extension in order to use federated login for their PingOne account with LastPass.