HELP FILE

Federated Login Experience for LastPass Users

Once a LastPass Enterprise or LastPass Identity admin has set up federated login for an organization, new users are provisioned with a LastPass account that allows them to log in to LastPass with their existing Active Directory account (AD FS, Azure AD, or Okta) – no separate Master Password required!

The steps below outline the full user experience from the newly provisioned user's point of view.

Step #1: Download and install LastPass

First, you will need to download and install LastPass. If you are in a locked-down environment with limited privileges for downloading and installing applications, contact your admin to install LastPass for you.

Note: Logging in to your online Vault via the LastPass website at https://lastpass.com/?ac=1 is not supported for federated users. You must log in using a LastPass component (i.e., web browser extension, desktop app, or mobile app) in order to authenticate.

Step #2: Activate LastPass via your Welcome email

Once your new LastPass account has been created, you will receive a Welcome email, which will include your LastPass username (email address) and a temporary Activation code that you will use to log in with (only once) so that your Vault can be de-crypted and re-encrypted to utilize your AD FS, Azure AD, or Okta account going forward.

  1. Open the Welcome email you received.
  2. Copy the Activation code to your clipboard or a text editor application.
  3. Click Activate LastPass.
  4. Once redirected to the "Finish account creation" page, paste the Activation code into the field (your LastPass username is already pre-populated for you).
  5. Click Continue.
  6. You are redirected to your company's federated login page, where you can proceed to log in.
  7. Your LastPass Vault is then de-crypted and re-encrypted to use your Azure AD, AD FS, or Okta account to log in to LastPass going forward.
    • If you already have LastPass installed, click OK on the confirmation page, and you are redirected to your LastPass Vault.
    • If you do not have LastPass installed, you can click Install LastPass on the confirmation page to install the LastPass web browser extension.

Your LastPass account is now activated to use federated login.

Step #3: Verify your linked personal account (if applicable)

If you have a linked personal account associated with your LastPass Enterprise or LastPass Identity account, you must verify your personal account before you can access your personal Vault.

Note: For security purposes, this verification process must be done for every new device that you use to log in to LastPass using federated login.

Step #4: Log in to LastPass

Once installed, you will need to log in to LastPass using your Active Directory account. After you have authenticated, you will have continuous access to your LastPass Vault, unless otherwise configured within your organization's Active Directory and/or LastPass policies.

Login instructions will vary depending on whether you are logging into LastPass using the web browser extension, mobile app, or desktop application.

Using the LastPass web browser extension

  1. In your web browser toolbar, click the inactive LastPass icon .
  2. Enter your Active Directory email address, which will redirect you to your company's federated login page.
  3. Log in with your Active Directory credentials.

An active LastPass icon is now displayed in your web browser toolbar to indicate a successful federated login. Learn more about using the LastPass web browser extension.

Using the LastPass Mac app

  1. Open the LastPass Mac app on your desktop.
  2. Enter your Active Directory email address.
  3. Once redirected to your company's federated login page, proceed to log in.
  4. Return to the desktop app, where you will be automatically logged in to your LastPass Vault.

Learn more about using the LastPass Mac app.

Using the iOS app

  1. Tap to open the LastPass app for iOS.
  2. Enter your Active Directory email address but do not enter your password.
  3. Tap Log In to continue the login process.
  4. Once redirected to your company's federated login page, proceed to log in by doing one of the following:
    • For AD FS federated login users – Enter your DOMAIN\username (e.g., LASTPASS\testuser) and password, then tap Sign in.
    • For Azure AD or Okta federated login users – Tap to select your Azure AD or Okta account, then enter your Azure AD or Okta password and tap Sign in.
  5. Return to the mobile app, where you will be automatically logged in to your LastPass Vault.

Learn more about using LastPass for iOS.

Using the Android app

  1. Tap to open the LastPass app for Android.
  2. Fill in your Active Directory email address but do not enter your password.
  3. Select Log In to continue the login process.
  4. Once redirected to your company's federated login page, proceed to log in by doing one of the following:
    • For AD FS federated login users – Fill in your DOMAIN\username (e.g., LASTPASS\testuser) and password, then select Sign in.
    • For Azure AD or Okta federated login users – Select your Azure AD or Okta account, then enter your Azure AD or Okta password and select Sign in.
  5. Return to the mobile app, where you will be automatically logged in to your LastPass Vault.

Learn more about using LastPass for Android.

Step #5: Start using LastPass!

Once you log in, you can begin saving new Sites, Secure Notes, and Form Fills to your LastPass Vault.

About Master Password resets

Please note, as a federated user, you are unable to reset your Master Password within LastPass Account Settings – this must be done by your LastPass admin or within your Active Directory environment. If your Master Password is ever reset (either by an admin, or yourself due to a forced Master Password reset), your account will be converted to a non-federated user account.

Related

Troubleshooting Federated Login for Active Directory Federation Services (AD FS)

Download and Install LastPass

Set Up Federated Login for LastPass using AD FS

How do I confirm that my custom attribute is listed in my Active Directory?

How do I convert an existing LastPass user to a federated (AD FS) user?

How do I verify my linked personal account?