HELP FILE

Step #2: Configure the Provisioning App for LastPass in PingOne

    Once you have acquired the Connection URL and Provisioning Token, you will need to create the Provisioning App for LastPass and enter those values.

    About this task: The steps below are performed in the PingOne admin portal.
    Note: The stand-alone PingOne SCIM Provisioning App for LastPass is the same as the app you will create below.
    • First, create the Provisioning App for LastPass.
      1. Log in to your PingOne portal with your administrator account credentials.
      2. Select Environment > Connections > Provisioning.
      3. Click plus sign and select New Connection.

      4. Select SCIM in the Create a New Connection window, then select Next.

      5. Enter a name and description for your Provisioning App (for example, LastPass Provisioning App), then click Next.

        Note: You can use the image below to upload as the App logo:

    • Configure Authentication.
      1. Configure the settings for the LastPass Provisioning App:

        Configuration Settings Instructions
        SCIM Base URL Paste the URL copied from the LastPass Admin Console in Step #1: Create a Provisioning Token and Capture the Connection URL for PingOne in LastPass.
        User Resource Enter /Users as the directory for users.
        SCIM Version Select 2.0.
        Authentication Method Select OAuth 2 Bearer Token.
        OAuth Access Token Paste your Provisioning Token copied from the LastPass Admin Console in Step #1: Create a Provisioning Token and Capture the Connection URL for PingOne in LastPass.
        Auth Type Header Select Bearer.

      2. Click Test Connection to have PingOne attempt to connect to your LastPass Admin Console.

        Troubleshooting: If the connection attempts fail, error information is displayed.
        SCIM connection configuration for the LastPass Provisioning App

      3. Click Continue after the connection is successfully tested.
    • Configure Preferences.
      1. Configure settings for the LastPass Provisioning App:

        Configuration settings Instructions
        User Filter Expression Enter userName Eq "%s"
        User Identifier Select workEmail
        Remove Action Select Disable

      2. Enable the following settings:

        • Allow users to be created
        • Allow users to be updated
        • Allow users to be disabled
        • Allow users to be Deprovisioned
        SCIM settings for the LastPass Provisioning App

      3. Set Remove action to Disable.
      4. Click Finish.

        Note: Do not enable the provisioning app yet. This is required only in Step #4: Configure Federated Login Settings for PingOne in LastPass.

    • Create new rule.
      1. Click plus sign next to Provisioning and select New Rule.

      2. Enter a name and description for your rule (for example, LastPass Rule), then click Create Rule.
      3. Select plus sign next to the LastPass Provisioning App in Available Connections, then click Save.

        Adding LastPass Provisioning App to Selected Connection

    • Connect the Populations.
      1. On the Rules tab, select the Provisioning Rule you created, and select the Configuration tab.
      2. Click Custom Filter.
      3. Select Population Name in the Attribute drop-down menu.
      4. Set the Value to your desired population.
      5. Click Save.

        Configuring Populations

    • Map the attributes.
      1. On the Rules tab, select the Provisioning Rule you created, and select the Configuration tab.
      2. Select Attribute Mapping, then click Edit icon.
      3. Under PingOne Directory, select Email Address for the userName attribute under LastPass Provisioning App.

        Note: The remaining mappings are used as default.

      4. Click Save.

        Map attribute settings for the LastPass Provisioning App

        Note: Do not enable the rule yet. This is required only in Step #4: Configure Federated Login Settings for PingOne in LastPass.

    Results: You have created and configured your LastPass Provisioning App for LastPass in PingOne and enabled synchronization for provisioning.