HELP FILE

How do I integrate Duo Security with my LastPass Enterprise account?

LastPass Enterprise supports Duo Security integration, which allows admins to configure policies and authentication methods when using Duo Security.

For more information about all Duo Security offers for LastPass, please see the LastPass & Duo Security Overview.

Required for setup:

  • Duo Security account
    • You can create a Duo account (be sure to select LastPass as your integration type during account creation)
  • LastPass Enterprise account

Step #1: Set up the LastPass application in Duo Security

  1. Log in to the Duo Admin Panel at https://admin.duosecurity.com.
  2. Select Applications > Protect an Application in the left navigation.
  3. Search for LastPass in the list, then select Protect this Application.
  4. Under Details, copy the following values and save them to a text editor:
    • Integration key
    • Secret key (you must click to view)
    • API hostname
  5. If desired, you can also configure additional settings (e.g., Group policies, Username Normalization, etc.). Learn more about Duo Security Application Options.

Step #2: Set up the Duo Security integration in LastPass Enterprise

  1. Log in and access the Admin Console at https://lastpass.com/company/#!/dashboard.
  2. Go to Advanced OptionsEnterprise Options in the left navigation.
  3. Select the Duo Security tab.
  4. Enter Duo Security data (you captured from Step #4 in the previous section) into the following fields :
    • Duo Security integration key
    • Duo Security secret key
    • Duo Security API hostname
  5. Click Update to save your changes.

Configure Duo Security Integration

Step #3: Enable Duo Security as a Multifactor Option

  1. From within the Admin Console, go to Advanced OptionsEnterprise Options in the left navigation.
  2. Select the Enabled Multifactor Options tab.
  3. Check the box to enable the Duo Security option, then click Update.

Step #4: Add and configure Multifactor Authentication policies for Duo Security

  1. From within the Admin Console, go to SettingsPolicies in the left navigation.
  2. Click Add Policy, then choose from the following policies:
    • Under Multifactor, select Require use of Duo Security.
      1. To require Duo Security to be used X amount of days after the user account is created, enter a number in the Value field (optional).
      2. Enter the Duo Security integration key, secret key, and API hostnames in the respective fields.
      3. Select your desired user list for which this policy should be applied.
      4. Enter Notes for additional information about this policy (optional).
    • Under Multifactor, select Require use of any multifactor option.
      1. Enter the Duo Security integration key, secret key, and API hostnames in the respective fields.
      2. Select your desired user list for which this policy should be applied.
      3. Enter Notes for additional information about this policy (optional).
    • Under Multifactor, select Use username portion of email address as Duo Security username.
      1. Enter the Duo Security integration key, secret key, and API hostnames in the respective fields.
      2. Select your desired user list for which this policy should be applied.
      3. Enter Notes for additional information about this policy (optional).
    • Under Multifactor, select Use Duo Web SDK when possible.
      1. Enter the Duo Security integration key, secret key, and API hostnames in the respective fields.
      2. Select your desired user list for which this policy should be applied.
      3. Enter Notes for additional information about this policy (optional).
  3. Click Save when finished.

Step #5: Advise your users to set up Multifactor Authentication

Once you have completed the steps above, your users can set up and enable Multifactor Authentication for their LastPass Enterprise account.

Related

Advanced LastPass Admin Options

Enable Multifactor Authentication (Admins)