Once you have acquired the Connection URL and Provisioning Token, you will need to create the Provisioning App for LastPass and enter those values.

First, create the Provisioning App for LastPass.

1. Log in to your PingOne portal with your administrator account credentials.
2. Select Environment > Connections > Provisioning.
3. Click and select New Connection.
   
4. Select SCIM in the Create a New Connection window, then select Next.
   
5. Enter a name and description for your Provisioning App (for example, LastPass Provisioning App), then click Next.
   Note: You can use the image below to upload as the App logo:

   

Configure Authentication.

6. Configure the settings for the LastPass Provisioning App:

   Configuration Settings	Instructions
   SCIM Base URL	Paste the URL copied from the LastPass Admin Console in Step #1: Create a Provisioning Token and Capture the Connection URL for PingOne in LastPass.
   User Resource	Enter /Users as the directory for users.
   SCIM Version	Select 2.0.
   Authentication Method	Select OAuth 2 Bearer Token.
   OAuth Access Token	Paste your Provisioning Token copied from the LastPass Admin Console in Step #1: Create a Provisioning Token and Capture the Connection URL for PingOne in LastPass.
   Auth Type Header	Select Bearer.

7. Click Test Connection to have PingOne attempt to connect to your LastPass Admin Console.
   Troubleshooting: If the connection attempts fail, error information is displayed.

   
8. Click Continue after the connection is successfully tested.

Configure Preferences.

9. Configure settings for the LastPass Provisioning App:

   Configuration settings	Instructions
   User Filter Expression	Enter userName Eq "%s"
   User Identifier	Select workEmail
   Remove Action	Select Disable

10. Enable the following settings:
    • Allow users to be created
    • Allow users to be updated
    • Allow users to be disabled
    • Allow users to be Deprovisioned

    
11. Set Remove action to Disable.
12. Click Finish.
    Note: Do not enable the provisioning app yet. This is required only in Step #4: Configure Federated Login Settings for PingOne in LastPass.

Create new rule.

13. Click next to Provisioning and select New Rule.
    
14. Enter a name and description for your rule (for example, LastPass Rule), then click Create Rule.
15. Select next to the LastPass Provisioning App in Available Connections, then click Save.
    

Connect the Populations.

16. On the Rules tab, select the Provisioning Rule you created, and select the Configuration tab.
17. Click Custom Filter.
18. Select Population Name in the Attribute drop-down menu.
19. Set the Value to your desired population.
20. Click Save.
    

Map the attributes.

21. On the Rules tab, select the Provisioning Rule you created, and select the Configuration tab.
22. Select Attribute Mapping, then click .
23. Under PingOne Directory, select Email Address for the userName attribute under LastPass Provisioning App.
    Note: The remaining mappings are used as default.
24. Click Save.
    

    Note: Do not enable the rule yet. This is required only in Step #4: Configure Federated Login Settings for PingOne in LastPass.