Create the Login App for LastPass, then capture both the Application ID and OpenID Connect metadata document values and then configure the API permissions for the app.

Create LastPass K1 User Attribute.

1. In the PingOne portal, navigate to your home directory.
2. Select your Environment, then select Identities > Attributes.
3. Click Add Attribute.
4. Select Declared in the Select Attribute Type window, then click Next.
5. In the Set Attribute Properties window, enter the following information:
   1. Name: Enter LastPassK1.
   2. Display Name: Enter LastPassK1.
   3. Description: Enter any description or leave it empty.
6. Uncheck both of the Enforce Unique Values and Allow Multiple Values settings.
7. Click Save and Close.

   

8. Under User Attributes search for the LastPassK1 attribute to make sure that it is enabled.

Create Resource Profile.

9. Select Connections > Resources
10. Click Add Resource to create a Resource Profile.
11. Enter the following information in the Create Resource Profile tab:
    1. Resource Name: Enter LastPass.
    2. Audience: Enter LastPass.
    3. Description: Enter any description or leave it empty.
12. Click Save and Continue.
    
13. On the Configure Scopes tab, select Add Scope.
14. Enter lastpass as the Scope Name, and enter your desired information into the Description field.
15. Click Next.
16. View the Resource Summary on the Confirm and Publish tab, then click Publish and Save.

    

17. In the Resources window, select next to the newly created LastPass resource, then click the to edit it.
18. Select the Access Token tab.
19. Click + Add Attribute and select PingOne Attribute:
    1. Set the PingOne User Attribute to LastPassK1.
    2. Enter LastPassK1 to the User Attribute field.
    3. Click Save.
    Note: This is the user attribute you created in Step #5 above.

    

Create the Login App for LastPass.

20. Select Connections > Applications in the left navigation.
21. Click to create a new application.
22. Enter a name and description for your Application (for example, LastPass Login App).
    Note: You can use the image below to upload as the App logo:

    

23. Select OIDC Web App, then click Save.

    

Prepare to configure the PingOne Login App with the LastPass Admin Console.

24. Select the Configuration tab, then select .
25. Configure the following settings:
    • Response type: Enable the Code setting only.
    • Grant type: Enable the Authorization Code setting.
    • PKCE Enforcement: Select Required in the drop-down menu.
    • Leave the Implicit, Client Credentials and Refresh token settings unchecked.
    • In the "Redirect URLs" section, enter the following redirect URIs:
      • https://lastpass.com/passwordreset.php
      • https://accounts.lastpass.com/federated/oidcredirect.html
      • To allow federated login for LastPass Password Manager Mobile app on Android: com.lastpass.lpandroid://pingoneauth
      • To allow federated login for LastPass Password Manager Mobile app on iOS: com.lastpass.ilastpass://auth
      • To allow federated login for LastPass for Windows Desktop application: com.lastpass.ulastpass://auth
    • Token Endpoint Authentication Method: Select None.
    • Leave the Initiate Login URI, Target Link URI, Allow unsigned JWT requests empty and unchecked.

    

26. Click Save.
27. Select the Resources tab, then select to edit the Scope Grants:
    • p1:update:user (PingOne API)
    • lastpass (LastPass)
    • email (openID)

    
28. Click Save.