product icon

Step #1: Capture your Identity Provider URL and Identity Provider Public Key

    Log in to your PingFederate server and obtain your full Identity Provider URL (Federation Service name + Endpoint Token Issuance URL Path), and your Identity Provider Public Key.

      Get the Identity Provider URL.

      1. Log in to your PingFederate admin console.
      2. Select System > Server > Protocol settings.
      3. On the Federation info tab, copy the URL within the "Base URL" field (for example, and paste it into a text editor.
        Note: Be sure that the Federation Service URL name you enter into your text editor begins with https:// as it is required to be a secure protocol (for example,

        Copy Federation Service Name

      4. Open the PingFederate official documentation and copy the Single Sign-on Service (SAML 2.0) URL, then paste it into your text editor at the end of the Identity Provider URL path, so that it looks like this: https://< Federation Service name> + <SSO URL>.

        Example: Both components combined would be as your full Identity Provider URL.

      Get the Identity Provider Public Key.

      1. Select Security > Signing & Decrypton Keys & Certificates.

        Public Key from Details of Token-signing Certificate Properties

      2. Locate the certificate which you will use during the LastPass Service Provider configuration and copy the certificate public key.
        Important: LastPass requires an SHA-256 Fingerprint in hex format (without colons) in order to enable Ping Federate.
      3. Highlight and copy the entire Public Key, then paste it into your text editor.