Federated Login: One Password to Unlock Your Work

Animated image of lock and key

Consider how many applications you access on a daily basis. Now consider how many times you log into and navigate between those applications. It’s a lot. And remembering each credential for every individual application is not only frustrating, but can also present a risk if the credentials are not managed securely 

Identity and access management (IAM) technologies work to eliminate the friction of the login experience without compromising securityOne example is federated login, which provides users access to multiple applications with only a single password.  

Microsoft Active Directory Federation Services: Available to All LastPass Enterprise Customers 

Today we are excited to announce that Microsoft Active Directory Federation Services (ADFS) is available to all users of LastPass Enterprise, eliminating the LastPass Master Password so your users only have one password to unlock all their work applications: their Microsoft Active Directory password. 

Organizations using Microsoft Active Directory can enable ADFS directly in the LastPass Admin Console to automatically migrate existing users to federated users, and provision all newly created users as federated users. ADFS coupled with LastPass Enterprise can help your organization improve: 

  • Productivity: Streamline your employee’s login experience and boost productivity through a single password to unlock access​. By federating Microsoft Active Directory to LastPass Enterprise, your employees only have one password to remember for a simplified login. 
  • Security: Integrate your existing identity providers for a unified view of your users to strengthen security without increasing friction, all built on LastPass’ zero-knowledge security model where no one knows your passwords – not even LastPass. 
  • Automation: Automatically federate and eliminate manual onboarding to reduce the amount of administration, as well as ensure no data leaves the organization when the employee does. 
  • AdoptionSimplify how you manage access in your organization to alleviate login frustrations, so your business will benefit from higher adoption rates and meet your password security goals faster.  

Federated Login: Integrating the Existing Infrastructure 

But, why should you consider federated login in the first place? Well first, federated login reduces the number of passwords your employees must remember which makes accessing their daily work easier. Second, federated login is one of the first steps of integrating your existing IAM infrastructure for a single view of your user identities. 

A single source of truth for managing identity is a must as the number of users, applications and devices you are faced with managing increases. Federated login can help by automatically syncing your apps to your user directory for a cohesive and integrated IAM stack that reduces the amount of administration, while simultaneously increasing security. 

Federated Login vs Single Sign-On 

You may also be wondering, how does federated login differ from single sign-on? Federated login can even be considered a subset of single sign-on because each share the same goal: enable users to access multiple applications in a network with a single set of credentials.  

Federated login builds a direct relationship between an application and a user directory. When a user logs into the directory, the integration between the directory and the application allows the user to access both with only the corporate credentials. An obvious example is if your LastPass Enterprise account is federated to your Microsoft Active Directory, you would only need to access your Active Directory and LastPass would already be authenticated. 

While similar, single sign-on solutions create a relationship between an identity provider and a service provider through a protocol. When a user requests access from their service provider, the identity provider will provide a security assertion to the service provider and authenticate the user identity. This communication happens through the single sign-on protocol and enables the user to log into only the identity provider and gain access multiple applications. An everyday example is when you log into your Gmail account, and are automatically authenticated into all your other Google products on the network. 

LastPass Enterprise and ADFS: Unifying Identity  

Both single sign-on and federated login are core components of managing your user identities. We are excited to deliver ADFS for all users LastPass Enterprise so you can take the first step of creating a unified view of your user identities. If you’re an existing LastPass Enterprise customer, review the documentation to begin using Active Directory Federation Services today. If you’re not yet using LastPass Enterprise for your business, get started with a free trial.