Step #1: Capture your Identity Provider URL and Identity Provider Public Key

    Log in to your PingFederate server and obtain your full Identity Provider URL (Federation Service name + Endpoint Token Issuance URL Path), and your Identity Provider Public Key.

    • Get the Identity Provider URL.
      1. Log in to your PingFederate admin console.
      2. Select System > Server > Protocol settings.
      3. On the Federation info tab, copy the URL within the "Base URL" field (for example, and paste it into a text editor.

        Note: Be sure that the Federation Service URL name you enter into your text editor begins with https:// as it is required to be a secure protocol (for example,

        Copy Federation Service Name

      4. Open the PingFederate official documentation and copy the Single Sign-on Service (SAML 2.0) URL, then paste it into your text editor at the end of the Identity Provider URL path, so that it looks like this: https://< Federation Service name> + <SSO URL>.

        Example: Both components combined would be as your full Identity Provider URL.

    • Get the Identity Provider Public Key.
      1. Select Security > Signing & Decrypton Keys & Certificates.

        Public Key from Details of Token-signing Certificate Properties

      2. Locate the certificate which you will use during the LastPass Service Provider configuration and copy the certificate public key.
      3. Highlight and copy the entire Public Key, then paste it into your text editor.