HELP FILE
Set Up Federated Login for LastPass Using Okta
LastPass Enterprise and LastPass Identity account admins can set up and configure federated login in two different ways so that users can log in to LastPass without ever having to create a second Master Password:
- Option #1: Using Okta SCIM as the Identity Provider and directory provider
- Option #2 (hybrid configuration): Using Okta SSO as the Identity Provider and Active Directory as the directory provider
Please review the account requirements and limitations that apply to federated users, then you can begin the setup process between the LastPass Admin Console and the Okta Admin portal.
Account requirements for Option #1
To enable federated login for LastPass using Okta SCIM as the Identity Provider and directory provider, the following is required:
- You must be using all of the following:
- Okta Single Sign-On
- Okta Lifecycle Management
- API Access Management
- An active trial or paid LastPass Enterprise or LastPass Identity account
- An active LastPass Enterprise or LastPass Identity admin (required when activating your trial or paid subscription)
Account requirements for Option #2 (hybrid configuration)
To enable federated login for LastPass using Okta SSO as your Identity Provider and Active Directory as your directory provider, the following is required:
- You must be using all of the following:
- Okta Single Sign-On
- Active Directory
- An active trial or paid LastPass Enterprise or LastPass Identity account
- An active LastPass Enterprise or LastPass Identity admin (required when activating your trial or paid subscription)
Limitations that apply to federated users for both Option #1 and Option #2
- Review the limitations that apply to federated user accounts.
- Additionally, linked personal accounts must be verified on every new device that a federated user will use for logging in to access their LastPass Vault.
Step #1: Follow all steps in the Setup Guide
- Option #1: Follow the instructions to set up federated login using Okta SCIM as your Identity Provider and directory provider within the Federated Login for LastPass Using Okta Guide.
- Option #2 (hybrid configuration): Follow the instructions to set up federated login using Okta SSO as your Identity provider and Active Directory as your directory provider within the Federated Login for LastPass Using Okta SSO and Active Directory Guide.
Step #2: Set up Multifactor Authentication on Okta (optional)
If desired, you can set up Multifactor Authentication at the Okta (Identity Provider) level.
You're all set!
You have successfully set up your LastPass Enterprise or LastPass Identity account to use federated login with your Okta directory. All of your newly populated federated users will receive a Welcome email informing them that they can now log in to use LastPass. Please note that your LastPass users must log in using the LastPass web browser extension in order to use federated login for their Okta account with LastPass.
- To learn more about deploying the LastPass web browser extension to your organization, please see Install LastPass Software Using the Admin Console.
- To see your end users' experience, please see Federated Login Experience for LastPass Users.
- If your end users have linked personal accounts associated with their federated login account, please see How do I verify my linked personal account?
- To convert a non-federated user to a federated user, please see How do I convert an existing LastPass user to a federated (Azure AD or Okta) user?
- To learn how to migrate from using AD FS to a cloud-based federated login (Okta or Azure AD), please see How do I migrate from using AD FS to a cloud-based federated login for LastPass?