HELP FILE

Step #3: Configure the Login App for LastPass in PingOne

    Create the Login App for LastPass, then capture both the Application ID and OpenID Connect metadata document values and then configure the API permissions for the app.

    About this task: The steps below are performed in the PingOne admin portal.
    • Create LastPass K1 User Attribute.
      1. In the PingOne portal, navigate to your home directory.
      2. Select your Environment, then select Identities > Attributes.
      3. Click Add Attribute.
      4. Select Declared in the Select Attribute Type window, then click Next.
      5. In the Set Attribute Properties window, enter the following information:
        1. Name: Enter LastPassK1.
        2. Display Name: Enter LastPassK1.
        3. Description: Enter any description or leave it empty.
      6. Uncheck both of the Enforce Unique Values and Allow Multiple Values settings.
      7. Click Save and Close.

        Creating LastPass K1 User Attribute

      8. Under User Attributes search for the LastPassK1 attribute to make sure that it is enabled.
    • Create Resource Profile.
      1. Select Connections > Resources
      2. Click plus sign Add Resource to create a Resource Profile.
      3. Enter the following information in the Create Resource Profile tab:
        1. Resource Name: Enter LastPass.
        2. Audience: Enter LastPass.
        3. Description: Enter any description or leave it empty.
      4. Click Save and Continue.

        Create Resource Profile

      5. On the Configure Scopes tab, select Add Scope.
      6. Enter lastpass as the Scope Name, and enter your desired information into the Description field.
      7. Click Next.
      8. View the Resource Summary on the Confirm and Publish tab, then click Publish and Save.

        Resource Summary

      9. In the Resources window, select next to the newly created LastPass resource, then click the Edit icon to edit it.
      10. Select the Access Token tab.
      11. Click + Add Attribute and select PingOne Attribute:
        1. Set the PingOne User Attribute to LastPassK1.
        2. Enter LastPassK1 to the User Attribute field.
        3. Click Save.

        Note: This is the user attribute you created in Step #5 above.

        Map your PingOne attributes

    • Create the Login App for LastPass.
      1. Select Connections > Applications in the left navigation.
      2. Click plus sign to create a new application.
      3. Enter a name and description for your Application (for example, LastPass Login App).

        Note: You can use the image below to upload as the App logo:

      4. Select OIDC Web App, then click Save.

        Select Application type

    • Prepare to configure the PingOne Login App with the LastPass Admin Console.
      1. Select the Configuration tab, then select Edit icon.
      2. Configure the following settings:

        • Response type: Enable the Code setting only.
        • Grant type: Enable the Authorization Code setting.
        • PKCE Enforcement: Select Required in the drop-down menu.
        • Leave the Implicit, Client Credentials and Refresh token settings unchecked.
        • In the "Redirect URLs" section, enter the following redirect URIs:
        • Token Endpoint Authentication Method: Select None.
        • Leave the Initiate Login URI, Target Link URI, Allow unsigned JWT requests empty and unchecked.

        General configuration

      3. Click Save.
      4. Select the Resources tab, then select Edit icon to edit the Scope Grants:

        • p1:update:user (PingOne API)
        • lastpass (LastPass)
        • email (openID)

      5. Click Save.