User Directory Integration
Automate and scale password management when you connect LastPass with your User Directory.
Your identity provider (IDP) remains your single source of truth when establishing a directory integration with LastPass.
This is an incredible time-saver for IT admins, as the integration automates account creation, user termination, group management and more – all from your user directory.
Utilize your source of truth
By integrating LastPass with your identity provider, you establish a trust relationship between your identity provider (IDP) and us. The IDP – your single source of truth – will check a user’s credentials against its database, verifying their identity before granting access to their password vault.
It’s an incredible time-saver for IT departments, as they can grant and revoke access to LastPass and all the applications within a user's vault through your user directory.
Integrate with all major identity providers
We support the most popular directories so you can save your IT staff valuable time and keep your data more secure.
Microsoft™ Active Directory
A configurable, lightweight client that syncs user profiles from your on-premise AD.
Microsoft™ Azure AD
Through a SCIM API, our Azure AD endpoint syncs user profiles from your consolidated cloud directory.
Automate and scale password management, while saving time for IT, with Google Directory Integration.
Automatically provision and deprovision from your single sign-on provider through a SCIM API.
Manage and provision both users and groups by establishing integration with PingOne or Ping Federate.
Manage onboarding, offboarding, and group assignments by utilizing a SCIM API for your OneLogin directory.
Larger enterprises with complex onboarding needs can take advantage of our flexible, powerful API.
Implementing and onboarding LastPass Business is easy with a user directory. We help you automate oversight of business password management by automatically testing and recognizing a user's identity.
Microsoft Active Directory (AD)
Businesses using AD can create a directory integration with LastPass through the LastPass AD Connector – configurable client that syncs profiles from your user directory to LastPass. When new users are created in your AD, we can automatically provision them with a LastPass Business account.
Cloud-based IDPs – e.g., Google Workspace – seamlessly integrate with LastPass, requiring no extra tools. You can onboard and offboard users whenever they're created or disabled/deleted in your IDP.
Benefits of a directory Integration
A configurable, lightweight client that syncs user profiles from your on-premise user directory.
Simply sync user profiles from your consolidated cloud directory.
Automate with groups
Automate and scale password management while saving IT time.
Build a foundation for federation
Once integrated, federate users so they can log in to their vault using just their directory password.
We've designed LastPass to protect what you store, so you can always trust us with your sensitive data.
Our zero-knowledge infrastructure ensures neither LastPass nor your user directory possesses enough information to access a user’s vault. We make sure only a user knows just what their LastPass password is, such that only they can encrypt and decrypt their password vault and data.
Your password vault and data are encrypted and decrypted at the device level. So, your users’ passwords will never be shared with our servers.
Strongest encryption standard
LastPass uses AES-256-bit encryption with PBKDF2 SHA-256 and salted hashes to ensure complete account security in the cloud.
SOC 2 Type 2 compliance
LastPass remains compliant with the “gold standard” of security and reliability – we safeguard user data and ensure our security measures remain up to date.