Consider how many applications you access on a daily basis. Now consider how many times you log into and navigate between those applications. It’s a lot. And remembering each credential for every individual application is not only frustrating, but can also present a risk if the credentials are not managed securely.
Identity and access management (IAM) technologies work to eliminate the friction of the login experience without compromising security. One example is federated login, which provides users access to multiple applications with only a single password.
Microsoft Active Directory Federation Services: Available to All LastPass Enterprise Customers
Today we are excited to announce that Microsoft Active Directory Federation Services (ADFS) is available to all users of LastPass Enterprise, eliminating the LastPass Master Password so your users only have one password to unlock all their work applications: their Microsoft Active Directory password.
Organizations using Microsoft Active Directory can enable ADFS directly in the LastPass Admin Console to automatically migrate existing users to federated users, and provision all newly created users as federated users. ADFS coupled with LastPass Enterprise can help your organization improve:
- Productivity: Streamline your employee’s login experience and boost productivity through a single password to unlock access. By federating Microsoft Active Directory to LastPass Enterprise, your employees only have one password to remember for a simplified login.
- Security: Integrate your existing identity providers for a unified view of your users to strengthen security without increasing friction, all built on LastPass’ zero-knowledge security model where no one knows your passwords – not even LastPass.
- Automation: Automatically federate and eliminate manual onboarding to reduce the amount of administration, as well as ensure no data leaves the organization when the employee does.
- Adoption: Simplify how you manage access in your organization to alleviate login frustrations, so your business will benefit from higher adoption rates and meet your password security goals faster.
Federated Login: Integrating the Existing Infrastructure
But, why should you consider federated login in the first place? Well first, federated login reduces the number of passwords your employees must remember which makes accessing their daily work easier. Second, federated login is one of the first steps of integrating your existing IAM infrastructure for a single view of your user identities.
A single source of truth for managing identity is a must as the number of users, applications and devices you are faced with managing increases. Federated login can help by automatically syncing your apps to your user directory for a cohesive and integrated IAM stack that reduces the amount of administration, while simultaneously increasing security.
Federated Login vs Single Sign-On
You may also be wondering, how does federated login differ from single sign-on? Federated login can even be considered a subset of single sign-on because each share the same goal: enable users to access multiple applications in a network with a single set of credentials.
Federated login builds a direct relationship between an application and a user directory. When a user logs into the directory, the integration between the directory and the application allows the user to access both with only the corporate credentials. An obvious example is if your LastPass Enterprise account is federated to your Microsoft Active Directory, you would only need to access your Active Directory and LastPass would already be authenticated.
While similar, single sign-on solutions create a relationship between an identity provider and a service provider through a protocol. When a user requests access from their service provider, the identity provider will provide a security assertion to the service provider and authenticate the user identity. This communication happens through the single sign-on protocol and enables the user to log into only the identity provider and gain access multiple applications. An everyday example is when you log into your Gmail account, and are automatically authenticated into all your other Google products on the network.
LastPass Enterprise and ADFS: Unifying Identity
Both single sign-on and federated login are core components of managing your user identities. We are excited to deliver ADFS for all users LastPass Enterprise so you can take the first step of creating a unified view of your user identities. If you’re an existing LastPass Enterprise customer, review the documentation to begin using Active Directory Federation Services today. If you’re not yet using LastPass Enterprise for your business, get started with a free trial.
thanks and nice to know about this update
Will the SAML SSO method with Azure AD ever be upgraded to provide for such features? (The current SAML implementation only syncs usernames). AD FS requirement kinda knocks out the small-medium sized businesses.
Hi,
We are considering future federated integrations. I appreciate the feedback.
Thanks,
Leah
Do you have any documentation about how you actually implemented this? IE, what key/token/password do you use to encrypt the vault if you enable ADFS? What are the attack vectors with ADFS enabled? How does this integrate with 2nd factor things like YubiKey?
Hi Terry,
Here is the documentation you can take a look at: https://support.logmeininc.com/lastpass/help/how-do-i-convert-an-existing-lastpass-enterprise-user-to-a-federated-ad-fs-user-lp010103
Thanks!
Leah
How soon will we be able to federate directly with third-party identity providers like Okta?
Hi Jeff,
I’m sorry I don’t have a date to provide you at this time.
How soon will we be able to leverage Okta for federated sign on? I have many clients who utilize Okta and could leverage this integration.