Step #1: Generate a Provisioning Token and obtain the Connection URL in LastPass

To begin the setup process, capture both the Connection URL and Provisioning Token from the LastPass Admin Console.

Before you begin: It is required that you enable the “Permit super admins to reset Master Passwords” policy for at least one LastPass admin (who is also a non-federated admin) in the LastPass Admin Console. This ensures that all LastPass user accounts can still be recovered via master password reset, if a critical setting is misconfigured or changed for federated login after setup is complete.

Tip: Open a text editor application so that you can save the values that will be used to connect LastPass and OneLogin.

About this task: The steps below are performed in the LastPass new Admin Console.

Log in and access the Admin Console at https://admin.lastpass.com/.
Enter your LastPass admin email address and master password, then click Log In.
Select Users > Directories.
Select OneLogin.
Copy the URL and paste it into your text editor application.
Click Create token to generate it, then copy the Token and paste it into your text editor application.

Note: If you navigate away from the OneLogin tab within the Directory Integrations page, the Provisioning Token will no longer be accessible through the LastPass Admin Console. If the Token is lost, a new one can be generated, but this will invalidate the previous code. Any process that used the old Token will need to be updated with the new one. A new Provisioning Token can be generated by navigating back to the OneLogin tab and clicking Reset provisioning token.

Results: You have captured both the Connection URL and Provisioning Token from the LastPass Admin Console.

OneLogin directory integration in LastPass Admin Console

Parent article: Set Up Federated Login for LastPass Using OneLogin

Next article: Step #2: Add the LastPass Provisioning app in OneLogin