Simplifying User Access with Federation to Microsoft Azure AD 

Today, we are excited to announce a new way to securely simplify user access with LastPass for your organization: Federated identity with Microsoft Azure AD is now available to all LastPass Enterprise and LastPass Identity customers. 

With this integration, Azure AD remains as the organization’s identity provider and is able to eliminate the LastPass Master Password, so employees have only one password to unlock all their work: their Azure AD password. This integration is in addition to the ability to federate LastPass with MicrosofActive Directory Federation Services. 

Beginning today, organizations using Azure AD can automatically migrate existing LastPass users to federated users, and provision all newly created LastPass users as federated users. You can view the full documentation here to enable federation with Azure AD for your LastPass account. 

Federated Identity with Azure vs LastPass Single Sign-On 

You may be asking: what’s the difference between this new integration with Azure and LastPass Enterprise’s new single sign-on functionality? Which one is right for me?  

Federation integrates LastPass into your existing identity provider (like Azure AD or Active Directory). This identity provider is your source of truth for managing users. All users added to your identity provider will automatically be provisioned and deprovisioned from LastPass – no additional steps required. Because the two technologies are securely synced, the LastPass Master Password is no longer neededFederation eliminates the manual onboarding and offboarding of users for Admins and alleviates login frustrations for employees. 

On the other hand, LastPass can be used as an identity provider using single sign-on in LastPass Enterprise. You can automatically add users to LastPass and use LastPass as your source of truth for managing users in your business. Once users are provisioned to LastPass, they can be assigned the appropriate applications for their role through our single sign-on app catalog. Once assigned, employees can access all of their resources without an additional password. Our single sign-on app catalog leverages the protocol SAML 2.0, which builds the relationship between LastPass and the given application, allowing employees to access multiple resources with a single password: their LastPass Master Password. 

Flexibility Is Critical in Managing User Access 

Regardless of the identity provider you’re using – Azure, AD or LastPass – you’re able to offer a streamlined login experience for employees, and simplified management for admins. Choosing the right option for your business depends completely on how you choose to manage user access – if you want to integrate LastPass with your existing infrastructure or use LastPass as your identity provider. 

Whether you’re using federation or single sign-on to manage access, having a holistic view and granular control over what your employees are accessing is the ultimate goal. But, the simplest way to manage user access varies by organization, the solutions you already have in place, and your overall security strategy.  

Our mission at LastPass is to make security effortless for everyone, regardless of your IT ecosystem. That’s why we are building LastPass to offer complete flexibility in managing user access depending on what works best for you. We are excited to introduce federated identity with Azure AD in addition to Active Directory Federation Services to our list of supported federated identity providers and look forward to expanding this list to continue to help you achieve your security goals through simplified access.