HELP FILE

Federated Login Experience for LastPass Enterprise Users

Once a LastPass Enterprise admin has set up federated login for an organization, new users are provisioned with a LastPass account that allows them to log in to LastPass with their existing Active Directory account (AD FS or Azure AD) – no separate Master Password required!

The steps below outline the full user experience from the newly provisioned user's point of view.

Step #1: You receive a Welcome email

Once your new LastPass account has been created, you will receive a Welcome email.

If you are enabled to use federated login with your AD FS account, your Welcome email will include your LastPass username (email address) and activation instructions on how to log in to LastPass with your existing Active Directory account (detailed steps per platform below).

If you are enabled to use federated login with your Azure AD account, your Welcome email will include your LastPass username (email address) and a temporary password that you will use to log in with (only once) so that your Vault can be de-crypted and re-encrypted to utilize your Azure AD account going forward.

Step #2: Download and install LastPass

Next, you will need to download and install LastPass. If you are in a locked-down environment with limited privileges for downloading and installing applications, contact your admin to install LastPass for you.

Note: Logging in to your online Vault via the LastPass website at https://lastpass.com/?ac=1 is not supported for federated users. You must log in using a LastPass component (i.e., web browser extension, desktop app, or mobile app) in order to authenticate.

Step #3:  Log in to LastPass

Once installed, you will need to log in to LastPass using your Active Directory account. After you have authenticated, you will have continuous access to your LastPass Vault.

Note: The duration of an authenticated logon session will vary depending on your organization's policies.

Login instructions will vary depending on whether you are using an AD FS or Azure AD account and the platform you are using to log in to LastPass.

Using the web browser extension

For users with an AD FS account (your Welcome email does not include a temporary password):

  1. In your web browser toolbar, click the inactive LastPass icon .
  2. Enter your Active Directory email address.
  3. Once your email address has been filled in, navigate to the password field and a new web browser window or tab will open and redirect to your company's federated login page.
  4. Fill in your DOMAIN\username (e.g., LASTPASS\testuser) and password, then click Sign in.
  5. An active LastPass icon is displayed, and you can click on it to begin using LastPass.

Your organization's Identity Provider page

For users with an Azure AD account (your Welcome email includes a temporary password):

  1. Open the Welcome email you received, then click Activate LastPass (or the activation link) within the Welcome email.
  2. Once redirected to your company's federated login page, click to select your Azure AD account to proceed.
  3. Enter your Azure AD account password, then click Sign in.
  4. If desired, you can stay signed in to your Azure AD account. Select Yes or No based on your preference.
  5. Once redirected to the LastPass password reset page, your LastPass email address and old password are pre-populated for you. Click Save Master Password to proceed.
  6. Your LastPass Vault is then de-crypted and re-encrypted to use your Azure AD account going forward. On the confirmation page, you can click Install LastPass to install the LastPass web browser extension (if you haven't already installed it).
  7. Once your LastPass Vault has been re-encrypted with your Azure AD account, click the inactive LastPass icon in your web browser toolbar, then enter your Azure AD account email address.
  8. You are then redirected to your company's federated login page, where you can click to select your Azure AD account.
  9. Enter your Azure AD account password, then click Sign in.
  10. An active LastPass icon is displayed, and you can click on it to begin using LastPass.

Using the LastPass Mac app

  1. Open the LastPass Mac app on your desktop.
  2. Fill in your Active Directory email address.
  3. Once redirected to your company's federated login page, proceed to log in by doing one of the following:
    • For AD FS federated login users – Fill in your DOMAIN\username (e.g., LASTPASS\testuser) and password, then click Sign in.
    • For Azure AD federated login users – Click to select your Azure AD account, then enter your Azure AD password and click Sign in.
  4. Return to the desktop app, where you will be automatically logged in to your LastPass Vault. Learn more about using the LastPass Mac app.

Using the iOS app

  1. Tap to open the LastPass app for iOS.
  2. Fill in your Active Directory email address but do not enter your password.
  3. Tap Log In to continue the login process.
  4. Once redirected to your company's federated login page, proceed to log in by doing one of the following:
    • For AD FS federated login users – Enter your DOMAIN\username (e.g., LASTPASS\testuser) and password, then tap Sign in.
    • For Azure AD federated login users – Tap to select your Azure AD account, then enter your Azure AD password and tap Sign in.
  5. Return to the mobile app, where you will be automatically logged in to your LastPass Vault. Learn more about using LastPass for iOS.

Using the Android app

  1. Tap to open the LastPass app for Android.
  2. Fill in your Active Directory email address but do not enter your password.
  3. Select Log In to continue the login process.
  4. Once redirected to your company's federated login page, proceed to log in by doing one of the following:
    • For AD FS federated login users – Fill in your DOMAIN\username (e.g., LASTPASS\testuser) and password, then select Sign in.
    • For Azure AD federated login users – Select your Azure AD account, then enter your Azure AD password and select Sign in.
  5. Return to the mobile app, where you will be automatically logged in to your LastPass Vault. Learn more about using LastPass for Android.

Step #4: Start using LastPass!

Once you log in, you can begin saving new Sites, Secure Notes, and Form Fills to your LastPass Vault.

About Master Password resets

Please note, as a federated user, you are unable to reset your Master Password within LastPass Account Settings – this must be done by your LastPass admin or within your Active Directory environment. If your Master Password is ever reset (either by an admin, or yourself due to a forced Master Password reset), your account will be converted to a non-federated user account.

Related

Troubleshooting Federated Login for Active Directory Federation Services (AD FS)

Download and Install LastPass

Set Up Federated Login for LastPass Enterprise using AD FS

How do I confirm that my custom attribute is listed in my Active Directory?

How do I convert an existing LastPass Enterprise user to a federated (AD FS) user?