product icon

Step #6: Apply access control policy changes in LastPass

    The LastPass Custom Attribute Store installed “LastPass Trust” Relying Party Trust on your AD FS server(s).

    1. Log in to your primary Active Directory Federation Services (AD FS) server
    2. Navigate to your AD FS Management Settings.
    3. Go to Trust Relationships > Relying Party Trust in the left navigation, then follow the next steps based on your AD FS server version:
      • AD FS Server 3.0 – Windows Server 2012 R2
        1. In the "LastPass Trust" section in the right navigation, click Edit Claim Rules....
        2. Select the Issuance Authorization Rules tab and set your desired rule, which will define how users are authenticated when logging in to LastPass via federated log in using AD FS.
      • AD FS Server – 4.0 Windows Server 2016 or Windows Server 2019 or Windows Server 2022
        1. In the "LastPass Trust" section in the right navigation, click Edit Access Control Policy....
        2. Set your desired policy, which will define how users are authenticated when logging in to LastPass via federated log in using AD FS.
    Results:

    You have successfully set up Active Directory Federation Services (AD FS) for your LastPass Business account. All of your newly populated federated users will receive a Welcome email informing them that they can now log in and use LastPass.

    What to do next:
    Parent article: Set up federated login for LastPass using AD FS
    Previous article: Step #5: Register your custom attribute with LastPass