Step #5: Register your custom attribute with LastPass
Register the custom attribute (that you created or re-purposed and configured in Step #1) with LastPass by running the AD FS Plugin installer on your AD FS server.
Note: The name of the custom attribute must be alphanumeric characters only (no special characters or spaces). It is also case-sensitive, and should be recorded exactly as it appears in the Active Directory Attribute Editor.
- Log in and access the Admin Console at https://admin.lastpass.com/.
- Go to .
- In the "LastPass Custom Attribute Store" section at the bottom of the page, click either Download for ADFS Server 3.0 (For Windows Server 2012 R2) or Download for ADFS Server 4.0 (for Windows Server 2016 or Windows Server 2019) and save the LastPass .MSI file.
- Log in to your primary Active Directory Federation Services (AD FS) server, then transfer the .MSI file onto the desktop of your AD FS server. Right-click on the file and select Install, or execute the .MSI installer from an elevated command prompt. Click Yes if prompted by the User Account Control prompt.
Note: The AD FS plugin .MSI installer must be run as an administrator or with elevated permissions, even if you are logged in as a domain admin.
- Click Next.
- Enter your LastPass Business Service Provider URL (from Step #3), then enter your custom attribute value (from Step #1) and click Next.
- Click Finish when registration is complete.
- Restart the AD FS Windows service. This is required.
Additional steps for AD FS farm environments
- On the AD FS server, navigate to C:\Windows\ADFS where you installed the LastPass .MSI file.
- Copy the following files to all AD FS secondary servers' C:\Windows\ADFS folder:
- Restart the AD FS Windows service on the secondary AD FS nodes. This is required.
Parent article: Set up federated login for LastPass using AD FS
Previous article: Step #4: Install the LastPass Active Directory Connector in LastPass
Next article: Step #6: Apply access control policy changes in LastPass