HELP FILE

Step #4: Configure Federated Login Settings for Azure AD in LastPass

    Enter the Application (client) ID and OpenID Connect metadata document from Azure AD in to the LastPass Admin Console.

    These steps below are performed in the LastPass Admin Console.
    1. Return to the LastPass Admin Console, then select Users > Federated login.
    2. Select the Azure AD tab, then enter the following values:
      • OpenID Connect metadata document (copied from Step #7, Substep B in the previous article)
      • Application (client) ID (copied from Step #6, Substep B in the previous article)
    3. Check the box for the Enabled setting.
    4. Optional: If desired, check the box for the Don't send username/email hint to IdP setting, which will prevent the username/email field from populating automatically upon user login.
    5. Optional: Check the box for the Enable Conditional Access Policies setting.

      Important: If you have conditional access policies enforced in Azure AD, you must enable this setting (and complete Steps #24 – 31 in the previous article) in order to allow users to sign in using federated login via the LastPass app for iOS or Android.

    6. Click Save Changes.
    You have added the Azure AD values to the federated login settings for Azure AD in the LastPass Admin Console.
    Previous article: Step #3: Configure the Login App for LastPass in Azure AD
    Next article: Step #5: Add Users/Groups to the Provisioning and Login Apps in Azure AD