SSO with LastPass

Introduction

This guide will take you through the steps required to perform integration of LastPass with Kaseya BMS.

Prerequisite

You should select the appropriate business plan in pricing (one that says Expandable with SSO and MFA add-ons) in LastPass to facilitate this integration.

Steps

Stage 1: Logging into LastPass

  1. Log into LastPass.
  2. Click on Cloud Apps. You will be redirected to a different page.
    BMS_LastPass_Int1.PNG
  3. Right-click Admin Portal and open it in a new tab.
    BMS_LastPass_Int2.PNG
  4. Click Applications > Web App > Add Application.
    BMS_LastPass_Int3.PNG
    BMS_LastPass_Int4.PNG

Stage 2: Creating the application in LastPass

  1. Once you click Add Application, you will be redirected to a window called Add custom SSO App.
  2. Under Select Your App, click Custom.
    BMS_LastPass_Int5.PNG
  3. Select Customer and provide a name for the application.
  4. Click the Identity Provider section. Copy the SSO endpoint URL and paste it on a notepad. This URL will be used in BMS.
    BMS_LastPass_Int6.PNG
  5. Download the certificate and convert the certificate to a file with .cer extension.
  6. Click the Service Provider section.
  7. Fill in the details below in the Service Provider section.
    BMS_LastPass_Int7.PNG
    • ACS: https:/<BMS server>/SAML/Connect.aspx
    • Entity ID:https://<BMS server>
    • Nickname: Name of your choice
  8. Click the Advanced Setup section.
    BMS_LastPass_Int8.PNG
    • IDP: Enter the following - https://<BMS server>
    • SAML Signature Method: Select the checkbox SHA256.
  9. Click the Custom Attributes section.
  10. Select or enter the custom attributes as shown in the image.
    BMS_LastPass_Int9.PNG
  11. Below are the attributes used in LastPass.
    IdP AttributeSAML Response AttributeNote
    Last NameLastName
    First NameFirstName
    User ID userPrincipalName
    EmailEmail
    CompanyNameYour tenant nameNeed to create a custom attribute (Select constant value)

    BMS_LastPass_Int10.PNG
  12. Click Save. The app will now be created in the logged in page.
    BMS_LastPass_Int11.PNG

Stage 3: Adding the user to the LastPass

  1. Once the app is created, you should add the user to the app.
  2. Under Applications > Web App, click the edit icon of the newly created app as shown in the image.
    BMS_LastPass_Int12.PNG
    The Assign members page opens. 
    BMS_LastPass_Int13.PNG
  3. Select the user or group and click Save.

Stage 4: Configuration setup on the BMS side

The following steps have to be performed in BMS.

  1. Keep the URL ready to paste in the BMS.
  2. Keep the downloaded certificate in .cer format.
  3. Enter the URL and upload the certificate by navigating to Admin > My Company > Auth & Provision.
    BMS_LastPass_Int15.PNG
    1. Paste the SSO URL that was copied from the LastPass.
    2. Upload the certificate with the .cer extension.
    3. Click Save.
  4. Enable the SSO for the user in BMS. Go to HR > Employees.
  5. Select the particular employee who was previously selected as the user in LastPass. Click the Edit/Open icon of the employee's record. The employee's page opens.
  6. On the employee's page, under External Authentication Type in the left bottom corner, select SAML SSO and click Save.
    BMS_LastPass_Int16.PNG

Stage 5: Logging into BMS successfully with the help of LastPass

Now, go back to the logged in page in LastPass and click the application. It will redirect you to BMS directly without asking for your credentials.