How do I confirm that my custom attribute is listed in my Active Directory?
When setting up Federation Services for LastPass Enterprise, it is required that you create a custom attribute field in your Active Directory (both non-production and live environments) and set it as a confidential bit as one of the preliminary steps.
Once your custom attribute has been created and set accordingly, you can confirm that it is listed in your Active Directory as follows:
- Log in to your Active Directory server.
- Open the Active Directory Users and Computers manager tool.
- Go to View and ensure Advanced Features is enabled, or click the Advanced Features menu option to enable it.
- In the left navigation, go to Users.
- Right-click on a user, then click Properties.
- Click the Attribute Editor tab, then confirm that the custom attribute you created is listed in the "Attribute" column (e.g., lastPassCustomTest01).
- Record the name of the custom attribute and enter it into a text editor application, which will be used when you set up the Active Directory Federated Login Service with your LastPass Enterprise account.
Note: The name of the custom attribute is case-sensitive, and should be recorded exactly as it appears in the Active Directory Attribute Editor.