Step #5: Register your company-wide key with LastPass
Register the Company-wide key with LastPass by running the AD FS Plugin installer on your AD FS server.
- Log in and access the LastPass new Admin Console at https://admin.lastpass.com/.
- Go to .
- In the "LastPass Custom Attribute Store" section at the bottom of the page, select either Download for ADFS Server 3.0 (For Windows Server 2012 R2) or Download for ADFS Server 4.0 (for Windows Server 2016, Windows Server 2019, or Windows Server 2022) and save the LastPass .MSI file.
- Log in to your primary Active Directory Federation Services (AD FS) server, then transfer the .MSI file onto the desktop of your AD FS server and execute the .MSI installer from an elevated command prompt. Select Yes if prompted by the User Account Control prompt.
Note: The AD FS plugin .MSI installer must be run with elevated permissions, even if you are logged in as a domain admin.
- Select Next.
- Enter your LastPass Assertion Consumer Service (ACS) URL (from Step #3), then enter your Company-wide key (from Step #4) and click Next.
- Select Finish when registration is complete.
- Restart the AD FS Windows service.
Additional steps for AD FS farm environments
- On the AD FS server, navigate to C:\Windows\ADFS where you installed the LastPass .MSI file.
- Copy the following files to all AD FS secondary servers' C:\Windows\ADFS folder:
- Restart the AD FS Windows service on the secondary AD FS nodes.
Parent article: Set up simplified federated login for LastPass using AD FS
Previous article: Step #4: Install the LastPass Active Directory Connector
Next article: Step #6: Apply access control policy changes