Skip to main content

LastPass Integration Guide (Authentication API)


Use this guide to enable Multi-Factor Authentication access via the SecureAuth IdP Authentication API to LastPass.


1. Have LastPass Enterprise Account

2. Create a New Realm or access an existing realm in the SecureAuth IdP Web Admin in which the directory integration, profile mapping, and registration methods are configured as required for the LastPass integration

3. Configure the Data tab in the realm before configuring for the LastPass integration, as an enterprise directory must be integrated with SecureAuth IdP, and appropriateProfile Property mappings must be in place

SecureAuth IdP Configuration Steps

Multi-Factor Methods


1. In the Multi-Factor Configuration section, select One-Time Passcode via SMS from one of the Phone field options

Typically, the end-user's mobile number is in Phone 2, but it can be any phone number that accepts text messages


At this time, only SMS / Text OTPs are supported for the LastPass integration

Authentication API


2. Check Enable from the API Settings section

3. Click Generate App ID / Key to create a new Application ID and Application Key to use in the integration

4. Click Select & Copy to copy these values, which are used in the LastPass configuration steps


Click Save once the configurations have been completed and before leaving the Registration Methods page to avoid losing changes

LastPass Configuration Steps

Administrative Configuration


1. Log into the LastPass Enterprise Admin Console, and click SETUP

2. Select SecureAuth under Other Enterprise Options

3. Paste the value of the Application ID from the SecureAuth IdP Web Admin (step 4) in the Application ID field

4. Paste the value of the Application Key from the SecureAuth IdP Web Admin (step 4) in the Application Key field

5. Set the Realm to the Fully Qualified Domain Name (FQDN) of the SecureAuth IdP appliance, followed by the LastPass-integrated realm, e.g.

6. Click Update

End-user Configuration


7. Have the end-user log into LastPass, and click on Account Settings in the left navigation panel

8. Select SecureAuth in the Multifactor Options section to edit the settings

9. Select Yes from the Enabled dropdown and click Update

10. Provide the Password on the next screen

11. Provide the SecureAuth Username, which is the username passed to SecureAuth IdP to validate against the directory

12. Once the setup is complete, a successful message appears

End-user Experience


1. With 2-Factor Authentication enabled, the end-user now sees this screen upon logging in

2. Click Send SMS Passcodes to receive one-time passcodes (OTPs) via text message, and a message alerting the end-user that the passcodes have been delivered appears


3. Type in the numeric OTP and click Authenticate


4. The end-user is now logged in successfully and securely to utilize LastPass as needed