product icon

Step #5: Register your company-wide key with LastPass

    Register the Company-wide key with LastPass by running the AD FS Plugin installer on your AD FS server.

    1. Log in and access the LastPass new Admin Console at
    2. Go to Users > Federated login > Active Directory Federated Services (ADFS).
    3. In the "LastPass Custom Attribute Store" section at the bottom of the page, select either Download for ADFS Server 3.0 (For Windows Server 2012 R2) or Download for ADFS Server 4.0 (for Windows Server 2016, Windows Server 2019, or Windows Server 2022) and save the LastPass .MSI file.
    4. Log in to your primary Active Directory Federation Services (AD FS) server, then transfer the .MSI file onto the desktop of your AD FS server and execute the .MSI installer from an elevated command prompt. Select Yes if prompted by the User Account Control prompt.
      Note:  The AD FS plugin .MSI installer must be run with elevated permissions, even if you are logged in as a domain admin.
    5. Select Next.
    6. Enter your LastPass Assertion Consumer Service (ACS) URL (from Step #3), then enter your Company-wide key (from Step #4) and click Next.
    7. Select Finish when registration is complete.
    8. Restart the AD FS Windows service.
      AD FS Plugin configuration window

    Additional steps for AD FS farm environments

    1. On the AD FS server, navigate to C:\Windows\ADFS where you installed the LastPass .MSI file.
    2. Copy the following files to all AD FS secondary servers' C:\Windows\ADFS folder:
      • LastPassADFS.dll
      • LastPassConfig.dll
      • LastPassLib.dll
      • LastPassLogger.dll
      • LastPassSettings.dll
      • BouncyCastle.Crypto.dll
      • NLog.dll
    3. Restart the AD FS Windows service on the secondary AD FS nodes.