HELP FILE

Step #3: Configure the Login App for LastPass in Azure AD

Create the Login App for LastPass, then capture both the Application ID and OpenID Connect metadata document values and then configure the API permissions for the app.

The steps below are performed in the Azure AD portal.
  • Create the Login App for LastPass.
    1. In the Azure AD portal, navigate to your home directory at https://portal.azure.com/#home.
    2. Select App registrations > New registration.
    3. Enter a name for your Login App (e.g., LastPass Login App).
    4. Select the radio button for the Accounts in this organizational directory only setting.
    5. Click Register.
  • Now that you have created the Login App, capture the values needed for the LastPass Admin Console later.
    1. Copy the Application (client) ID by doing the following:
      1. With Overview selected in the left navigation, click Essentials to expand the section below.
      2. Copy the Application (client) ID and paste it into your text editor.

      Remember: You will be using this value in later steps.

    2. Copy the OpenID Connect metadata document by doing the following:
      1. With Overview still selected in the left navigation, select Endpoints to expand the menu on the right.
      2. Copy the OpenID Connect metadata document and paste it into your text editor.
      3. Close the menu in the right navigation.

      Remember: You will be using this value in later steps.

  • Configure authentication in the Login App for LastPass.
    1. Select Authentication in the left navigation.
    2. Click Add a platform.
    3. Select Web.

    4. In the "Redirect URIs" section, enter one of the following that applies to your LastPass environment:
    5. In the "Implicit grant" section, check the boxes for both of the following settings:
      • Access tokens
      • ID tokens
    6. Click Configure.

    7. Within the "Web" section under Redirect URIs, click Add URI.
    8. Enter the second Redirect URI as follows:
    9. Click Save.
  • Configure API permissions for the Login App for LastPass.
    1. Select API permissions in the left navigation.
    2. Click Add a permission, then select Microsoft Graph.

    3. In the right menu, select Delegated permissions.
    4. Under Select permissions, check the boxes to enable the following permission names:
      Permission Type Permission Name
      OpenId permissions
      • email
      • openid
      • profile
      User
      • User.Read
      • User.ReadWrite
    5. Click Add permissions.
    6. Click Grant admin consent for <your company name>.
    7. Click Yes to confirm.
You have created and configured the Login App for LastPass (including API permissions), as well as captured both the Application ID and OpenID Connect values for later use. Grant admin consent for the LastPass Login app
Previous article: Step #2: Configure the Provisioning App for LastPass in Azure AD
Next article: Step #4: Configure Federated Login Settings for Azure AD in LastPass