Step #5: Create a new Service Provider (SP) Connection
Once you have configured the LastPass Data Store, create a new Service Provider connection.
About this task:
Note: After performing the instructions below, all of your newly populated federated users will receive a Welcome email informing them that they can now log in to use LastPass.
Configure Browser SSO.
Configure Assertion Creation.
Map new adapter instance.
Add the Active Directory attribute source.
Add the LastPass Data Store Directory attribute source.
Configure the Attribute Contract Fulfillment mapping.
Configure the Protocol settings.
Set the credentials.
Results:
The setup is complete! You have successfully set up your
LastPass Business account to use federated login with PingFederate.
All of your newly populated federated users will receive a Welcome email informing them that they can now log in to use LastPass. Please note that your LastPass users must log in using the LastPass browser extension in order to use federated login for their PingFederate account with LastPass.
What to do next:
- If you have not done so yet, you can deploy the LastPass browser extension across your organization.
- If desired, you can set up Multifactor Authentication at the PingFederate (Identity Provider) level.
- To see your end users' experience, please see Federated Login Experience for LastPass Business Users.
- If you need to convert non-federated users to federated users, please see How do I convert an existing LastPass user to a federated (Azure AD, Okta, Google Workspace, PingOne, or OneLogin) user?
Parent article:
Set Up Federated Login for LastPass using PingFederate
Previous article:
Step #4: Register your Company-wide key with LastPass