• Review the available endpoints and determine which resources you want to protect with multifactor authentication via the LastPass Authenticator app.
  Note: If you are interested in federated login using third-party Identity Providers, please see Which Identity Providers are supported for LastPass Federated Login?
• Multifactor authentication via the LastPass Authenticator app (LastPass MFA) will serve as an additional security layer for your protected endpoint.
• During your test group creation for initial testing, focus on creating a small testing group that includes people from multiple departments across your organization for a more accurate picture of end user experience. Additionally, create a department or group of "Super Admins" that will have permissions assigned to assist others during the full rollout (e.g., resetting master passwords for users).

Explore Admin Console Features

1. Determine which endpoints you want to protect with multifactor authentication via the LastPass Authenticator app (LastPass MFA), which can include any of the following MFA Apps:
   • Workstation MFA (for Windows and Mac workstations)
   • AD FS
   • Azure AD
   • Universal Proxy/VPNs
2. Create user groups and assign users.
3. Assign users and groups to admin levels based on permissions you want to give them.

Explore Integrations with Directories and/or SSO Providers

1. Determine whether you have an existing SSO provider you plan to integrate with for protecting apps.
2. Review our resources for directory integrations:
   • Set up the LastPass Active Directory Connector
   • Set Up SCIM Provisioning for LastPass Using Azure Active Directory
   • Set Up SCIM Provisioning for LastPass Using Okta
   • Set Up SCIM Provisioning for LastPass Business Using OneLogin

Set Up Your Test Group (Super User Pilot Group)

Testing by the Project Team