OneLogin SCIM Table of Contents Summary... 2 System Requirements... 2 Installation & Setup... 2 Contact Us... 6 1
This guide provides set-up instructions for using LastPass with OneLogin as your Identity Provider (IdP). Summary LastPass supports the following provisioning features: Create Users Update User Attributes Deactivate Users Please note, the integration with OneLogin s user directory does not allow users to log in to LastPass with their OneLogin password. Completing the account set-up steps for LastPass requires that the user create and remember a separate LastPass master password, which is used to create the unique encryption key to their LastPass vault. System Requirements Syncing the OneLogin user directory to LastPass requires: An active OneLogin provisioning subscription An active trial or paid LastPass Enterprise account An active LastPass Enterprise admin (required when activating your trial) The LastPass OneLogin SCIM endpoint does not require any software installation. Installation & Setup This Configuration Guide can be opened from the LastPass Enterprise admin dashboard (under the Settings tab, choose Directory Integrations). 2
The two pieces of information you will need to provide to OneLogin to complete the integration on the OneLogin side, are: 1. URL 2. The Provisioning Hash Both the URL and the Provisioning Hash can be located in the LastPass Enterprise admin dashboard. This dashboard is accessible to any LastPass Enterprise user designated as an admin. To access the LastPass Enterprise admin dashboard: 1. Log in to the LastPass browser extension with an admin account. 2. Click on the extension icon to bring up the LastPass menu. 3. Click on the admin dashboard menu option near the bottom. NOTE: Once the admin leaves the Provisioning page, the Provisioning Hash will no longer be accessible through the admin dashboard. If the Hash is lost, a new one can be generated, but this will invalidate the previous code. Any process that used the old Hash will need to be updated with the new one. A new Provisioning Hash can be generated by revisiting the Provisioning page and clicking the Reset Provisioning Hash button. 3
Once you have acquired the URL and Provisioning Hash, you will need to enter those pieces of information into the OneLogin interface with the following steps: 1) From the OneLogin Admin Dashboard, select Apps, and then Add App. 2) Search for and select SCIM Provisioner with SAML (SCIM v2). 3) Give it a name such as LastPass Sync. 4) Click Save. 5) Select the Configutation tab. 4
6) Enter the URL from the first steps into the SCIM Base URL field. 7) Enter the Token from the first steps into the SCIM Bearer Token field. 8) Click the ENABLE button under the API Connection heading. 5
9) Select the Provisioning tab. 10) Check the Enable provisioning for SCIM Provisioner with SAML (SCIM v2) box. 11) Determine and check or uncheck the Require admin approval boxes depending on the needs of your organization. Contact Us If you haven t started a trial, contact our team today at lastpass.com/contact-sales for more information. If you re in trial or deployed, contact our support team today at lastpass.com/supportticket.php. 6