Today we’re announcing two new directory sync options, with support for Okta and Microsoft Azure Active Directory. By expanding our suite of user directory integrations, we’re making it easier not only to get employees on board with LastPass, but to give IT the ability to instantly grant or revoke an employee’s access to the corporate systems managed through LastPass. Employee onboarding and offboarding often presents challenges for IT teams, but when you can automate your user management with your directory of choice, your company benefits from stronger security and more productive employees.
Onboarding needs to be painless
The reality is, your IT team has already invested in infrastructure and services to manage day-to-day business operations. At LastPass, we believe it’s essential to not only integrate with those systems, but also help you better leverage them.
Onboarding needs to be smooth from start to finish. When you integrate LastPass with your user directory of choice, LastPass is triggered to create new employee accounts as-needed. Employees can be instantly assigned to a group, with access to shared items relevant to their role, before they’ve even logged in for the first time. Once they’ve activated their account, it’s also seamless to start storing their logins as they go.
Offboarding needs to be instant
When an employee leaves, or changes roles, they should no longer have access to corporate systems. Any delay in which an account sits idle opens the company up to both internal and external threats. The process must be automated and real-time, to eliminate inefficiencies and insecurities.
LastPass instantly reflects status changes from your preferred user directory, so access to LastPass is given and revoked in real-time. By effect, everything managed through LastPass is also instantly secured.
Offering the right choice for you
LastPass provides deep integration with many popular directories for effective onboarding, efficient day-to-day management, and real-time account revocation. Available integrations now include:
LastPass AD Connector: Our lightweight client can be installed on any Windows machine and is used to connect to on-premises AD/LDAP for user provisioning, deprovisioning, and syncing of groups for assigning policies, shared passwords, and SAML apps. Custom filtering, whitelisting, and detection of nested groups provides complete customization of the deployment.
Microsoft Azure AD Sync: Through a SCIM API, our Azure AD endpoint can be configured for automatic provisioning of existing or new user profiles to create LastPass accounts, automatic deprovisioning of disabled or deleted profiles to deactivate LastPass accounts, and automatic syncing of user groups for assigning users to policies and shared folders.
Okta Sync: Through a SCIM API, our Okta endpoint can be configured for automatic provisioning and deprovisioning of LastPass accounts for easy, secure administration. Integrating LastPass with your Okta directory simplifies identity management across the business and offers convenient co-existence of the two services.
Custom Provisioning API: For larger enterprises with more complex onboarding needs, our powerful API can be used to create users, deprovision users, manage groups, and auto-add users to shared folders.
Even if you’ve already deployed LastPass in your organization, you can still take advantage of our user directory integrations to automate and better scale your deployment going forward, without disrupting employee access to LastPass.