Create the Login App for LastPass, then capture both the Application ID and OpenID Connect metadata document values and then configure the API permissions for the app.

• Create the Login App for LastPass.
  1. In the Azure AD portal, navigate to your home directory at https://portal.azure.com/#home.
  2. Select App registrations > New registration.
  3. Enter a name for your Login App (e.g., LastPass Login App).
  4. Select the radio button for the Accounts in this organizational directory only setting.
  5. Click Register.
• Now that you have created the Login App, capture the values needed for the LastPass Admin Console later.
  6. Copy the Application (client) ID by doing the following:
     1. With Overview selected in the left navigation, click Essentials to expand the section below.
     2. Copy the Application (client) ID and paste it into your text editor.
     Remember: You will be using this value in later steps.

     

  7. Copy the OpenID Connect metadata document by doing the following:
     1. With Overview still selected in the left navigation, select Endpoints to expand the menu on the right.
     2. Copy the OpenID Connect metadata document and paste it into your text editor.
     3. Close the menu in the right navigation.
     Remember: You will be using this value in later steps.

     

• Configure authentication the Login App for LastPass.
  8. Select Authentication in the left navigation.
  9. Click Add a platform.
  10. Select Web.

      

  11. In the "Redirect URIs" section, enter one of the following that applies to your LastPass environment:
      • For LastPass accounts using US data centers: https://lastpass.com/passwordreset.php
      • For LastPass accounts using EU data centers: https://lastpass.eu/passwordreset.php
  12. In the "Implicit grant" section, check the boxes for both of the following settings:
      • Access tokens
      • ID tokens
  13. Click Configure.

      

  14. Within the "Web" section under Redirect URIs, click Add URI.
  15. Enter the second Redirect URI as follows:
      • https://accounts.lastpass.com/federated/oidcredirect.html
  16. Click Save.
• Configure API permissions for the Login App for LastPass.
  17. Select API permissions in the left navigation.
  18. Click Add a permission, then select Microsoft Graph.

      

  19. In the right menu, select Delegated permissions.
  20. Under Select permissions, check the boxes to enable the following permission names:

      Permission Type	Permission Name
      OpenId permissions	email openid profile
      User	User.Read User.ReadWrite

  21. Click Add permissions.
  22. Click Grant admin consent for <your company name>.
  23. Click Yes to confirm.

You have created and configured the Login App for LastPass (including API permissions), as well as captured both the Application ID and OpenID Connect values for later use.