product icon
Set Up SCIM Provisioning for LastPass Using Okta

Set Up SCIM Provisioning for LastPass Using Okta

    IT admins can easily benefit from secure administration of LastPass Business accounts by using our Okta integration.

    The Okta integration offers:
    • Secure configuration and deployment of LastPass
    • Automated provisioning of LastPass user accounts
    • Real-time deprovisioning of LastPass user accounts
    • Assigning LastPass access to groups in Okta

    Summary

    LastPass supports the following provisioning features:

    • Create Users
    • Update User Attributes
    • Deactivate Users
    • Push Groups

    Completing only the SCIM Provisioning steps for Okta (outlined in this guide) will still require the user to create and remember a separate master password to log in to LastPass, which is used to create the unique encryption key for their LastPass vault.

    Account requirements

    Syncing your Okta user directory with LastPass requires the following:

    • An active Okta provisioning subscription
    • An active trial or paid LastPass Business account
    • An active LastPass Business admin (required when activating your trial)
      Note: If you have not started a LastPass Business trial, contact our Sales team at lastpass.com/contact-sales for more information.

    The SCIM endpoint used to integrate LastPass with Okta does not require any software installation.

    Completing only the SCIM Provisioning steps for Okta will still require the user to create and remember a separate master password to log in to LastPass, which is used to create the unique encryption key for their LastPass vault.

    LastPass does support federated login with Okta, which allows users to log into LastPass using their Okta account. To set up federated login with Okta, please see Set Up Federated Login for LastPass Using Okta With an Authorization Server.

    Before you begin

    • It is strongly recommended that you enable the “Permit super admins to reset Master Passwords” policy for at least one LastPass admin in the LastPass Admin Console. This ensures that all LastPass user accounts can still be recovered (via master password reset) if a critical setting is misconfigured or changed after setup is complete.
    • It is helpful to open a text editor application so that you can copy and paste values that will be used between your LastPass Admin Console and the Okta Admin portal.

    Set up and configure

    To register and integrate your LastPass Business account with Okta, complete all of the steps in this guide.

      In this section:

    1. Step #1: Generate a Provisioning Token and Copy the Connection URL
    2. Step #2: Create the LastPass Provisioning Application in Okta
    3. Step #3: Enter the Provisioning Token and Connection URL into the LastPass Provisioning App
    4. Step #4: Enable Provisioning to the LastPass Provisioning Application in Okta
    5. Step #5: Assign Users to the LastPass Provisioning Application