• An active LastPass Business account that includes:
  • At least one (1) admin account enabled
  • A user license count that matches (or exceeds) the user count that will be synced with your Active Directory (both non-production and live environments)
    Note:  If you are testing in your non-production environment, it is recommended to set up a separate LastPass Business test account, which you can register for here.
• Active Directory server environments (both non-production and live) that meet the following requirements:
  • Both environments are set up and configured to use Federation Services (AD FS 3.0 for Windows Server 2012 R2 or AD FS 4.0 for either Windows Server 2016 or Windows Server 2019 or Windows Server 2022) with the latest updates installed, including .Net Framework
  • Your firewall settings are configured to reach https://www.lastpass.com and its subdomains and you confirmed they are not blocked by any firewall rule on all of your AD FS servers.
• The "Permit super admins to reset master passwords" policy enabled
  • It is required that you enabled the "Permit super admins to reset master passwords" policy for at least one LastPass admin (who is also non-federated admin) in the LastPass Admin Console. This ensures that all LastPass user accounts can be still be recovered (via master password reset) if a critical setting is misconfigured or changed for federated login after setup is complete.

Once you have completed all of these requirements, you will need to capture several key pieces of information during the setup process.  Open a text editor application and prepare the following fields:

• Company-wide key:
• Identity Provider URL:
• Identity Provider Public Key:
• LastPass Assertion Consumer Service (ACS) URL:

After these fields have been prepared in your text editor, proceed to the next step.