How can I change the SAML certificate of an application?

Create a new certificate in the LastPass Admin Console, then upload the new certificate to the SSO app's Service Provider settings.

To create a new SAML certificate, do the following:

  1. If using this Do this
    SSO & MFA Admin Console
    1. While logged in to LastPass, click the active LastPass icon in your web browser toolbar and select Admin Console.
    2. Select MFA Console or SSO & MFA Console in the left navigation.
    3. Go to Advanced Options > Keys.
    new Admin Console
    1. Log in with your email address and Master Password to access the new Admin Console at
    2. Go to Advanced > Keys.
  2. Under SAML, click Create new key.

    Result: A new SAML key is created.

  3. Optional: To delete a SAML key, click the Delete Key icon .

    Warning: Deleting a SAML Key will invalidate any SSO integration you have set up that is currently using this SAML Key.

What to do next: You can download the Public Key and the Public Certificates for the key, and upload them to your SSO app's Service Provider settings.