NetScaler Gateway App Integration

Set up an app integration so that your user can sign into this app using the same credentials that they use for LastPass.

Part 1 - Add the SSO App to LastPass

  1. Log in and access the LastPass Password Manager Admin Console by doing either of the following:
    • While logged in to LastPass, click the active LastPass icon in your web browser toolbar, then select Admin Console in the menu.
    • Log in at!/dashboard with your admin username and Master Password.
  2. Go to Applications > SSO apps.
  3. If you have not previously added SSO apps, click Add your first SSO app. Otherwise, click Add app in the upper-right navigation.
  4. In the Search field, under the Select app section, search for your app in the catalog.

    Note: If you cannot find your app click Add an unlisted app.

  5. Click Continue.
  6. Go to this app’s settings to enable single sign-on. Make sure your app recognizes LastPass as the Identity Provider. Some apps allow you to upload settings in an XML file, while others require you to copy and paste the information below.

    Entity ID
    SSO endpoint
    Logout URL
    Default is selected, or select another
    Certificate fingerprint
    Certificate fingerprint (SHA256)

  7. Optional: If needed, you can click the Download icon to download and save the LastPass Certificate (TXT) and/or Metadata (XML) files.
  8. Open a new web browser window or tab to proceed with the next steps.

Part 2 - App Configuration

  1. Open a new tab on your browser and log in to your NetScaler admin console and go to NetScaler Gateway > Policies > Authentication > SAML.
  2. Click on the Servers tab and the click on the Add button to add a new authentication SAML server.
  3. Set a name for the server.
  4. Add the LastPass certificate downloaded in the previous step by clicking on the IDP Certificate Name field. Click on the plus sign button to add LastPass.

    Install server certificate window

  5. Set the Certificate-Key Pair Name. Upload the certificate and click Install.
  6. On IDP Certificate Name field, select the certificate that you added.
  7. Paste the SSO End Point that you copied from LastPass Admin Dashboard in the Redirect URL field.
  8. Paste the Logout URL that you copied LastPass Admin Dashboard in the Single Logout URL field.
  9. Paste the Entity ID that you copied from the Service Provider tab in NetScaler app setting on LastPass Admin Dashboard in the Issuer Name field.
  10. Click Ok to save changes.

    Configure Authentication SAML Server

  11. Select the Policies tab to create a new policy.
  12. Click on the Add button and set a Name for the policy.
  13. Select the Server that you created.
  14. Paste ns_true in the Expression field and click Create.

  15. Switch the authentication policy of your NetScaler gateway to the LastPass SAML policy. Go to NetScaler Gateway > Virtual Servers.
  16. Click on the desired virtual server. Select the current authentication policy on the Basic Authentication section.
  17. Select the current policy and Unbind it. Click on Close.

  18. On the Basic Authentication section, click on the Add button, select SAML policy and click on Continue.
  19. Select the LastPass SAML policy. Click on the Select button.
  20. Please make sure that the LastPass SAML policy is selected on the next screen and click on Bind
  21. Click Done to finish the process. You can now assign users to NetScaler VPN.