LastPass SAML support allows you to utilize your LastPass account as the single sign on point for a growing number of domains and associated services.
SAML will allow your employees to access their favorite services simply by being logged into LastPass. Once logged into LastPass, and navigating to the service's URL, the user will not be presented with an additional login screen - they can immediately use the apps they need every day.
Using SAML does not prevent you from logging in with previous domain password, or prevent your mobile device from accessing via the account password.
Setting up SAML in LastPass Enterprise
To set up SAML in LastPass Enterprise, first go to your Enterprise Console, and select the SAML tab at the top of the console. You will then be taken to the main SAML page:
Then, click on the associated App icon that you would like to setup LastPass and SAML. Upon clicking on the icon, you will then be shown a page with specific instructions on how to setup SAML for that app:
Once you use the instructions to set up LastPass SAML for the service of your choice, you can use the tools under that service's specific tab to pre-populate your users' vaults with a link to login to the service. While setting up SAML ensure that your users will no longer need to enter any other credentials after logging into LastPass, in some cases, they may need to go to a specific URL in order to be automatically logged into the service. In the example above, while mapping SAML for Google app services, users may need to navigate to specific URL on the the google.com domain. Setting up SAML will give you the specific URLs that you may need to use depending on the service you're using. Once you have established which URL you need, you can push to all users. To learn more about pushing a site to your users and pre-populating their Vaults, please see our specific Push Sites to Users page.
After using the initial set up instructions, you can then go to the SAML user Map subtab for the particular app you're setting up. From this tab, you are able to map the application username to the LastPass usernames of your employees:
By clicking Edit on a specific username, you can edit the individual mapping of the usernames from LastPass account name to the service account name:
We are working to support new apps with LastPass SAML all the time. We currently support Box, Citrix Share File, Egnyte, Google Apps, Manits Bug Tracker, Microsoft Office 365, Moin Moin, SalesForce, Success Factors, WordPress, Xmarks, Zendesk, ADP, Atlassian, Concur, Joomla!, phpBB, Shibboleth and Workday. We also allow custom services. However, if you have a specific application you would like to see supported by LastPass SAML, please let us know by sending feedback through our support channels!