User Directory Integration

Automate and scale password management when you connect LastPass with your User Directory.

img-icon-scroll-light-anim-svg
illustration_6col_enterprise-endusers-integrations-svg

What is a directory integration?

Your identity provider (IDP) remains your single source of truth when establishing a directory integration with LastPass.
This is an incredible time-saver for IT admins, as the integration automates account creation, user termination, group management and more – all from your user directory.

  • img_icon_illustrative_deployment-layers-secure-deployment-svg

    Utilize your source of truth

    By integrating LastPass with your identity provider, you establish a trust relationship between your identity provider (IDP) and us. The IDP – your single source of truth – will check a user’s credentials against its database, verifying their identity before granting access to their password vault.

  • It’s an incredible time-saver for IT departments, as they can grant and revoke access to LastPass and all the applications within a user's vault through your user directory.

    Integrate with all major identity providers

    We support the most popular directories so you can save your IT staff valuable time and keep your data more secure.

    img_icon_illustrative_brand-windows-final-svg

    Microsoft™ Active Directory

    A configurable, lightweight client that syncs user profiles from your on-premise AD.

    icon-s-light_illustrative_brand-azure-svg

    Microsoft™ Entra ID

    Through a SCIM API, our Microsoft Entra ID endpoint syncs user profiles from your consolidated cloud directory.

    img_icon_illustrative_brand-google-final-svg

    Google Workspace

    Automate and scale password management, while saving time for IT, with Google Directory Integration.

    img_icon_illustrative_brand-okta-final-svg

    Okta

    Automatically provision and deprovision from your single sign-on provider through a SCIM API.

    img_icon_illustrative_brand-pingfederate-svg

    PingOne/PingFederate

    Manage and provision both users and groups by establishing integration with PingOne or Ping Federate.

    img_icon_illustrative_brand-onelogin-final-svg

    OneLogin

    Manage onboarding, offboarding, and group assignments by utilizing a SCIM API for your OneLogin directory.

    img_icon_illustrative_brand-lastpass-final-svg

    Custom API

    Larger enterprises with complex onboarding needs can take advantage of our flexible, powerful API.

    illustration_6col_directory-integration-providers-svg

    How Does a Directory Integration Work with LastPass?

    Implementing and onboarding LastPass Business is easy with a user directory. We help you automate oversight of business password management by automatically testing and recognizing a user's identity.

  • img_icon_directory-user-info-employee-info-svg

    Microsoft Active Directory (AD)

    Businesses using AD can create a directory integration with LastPass through the LastPass AD Connector – configurable client that syncs profiles from your user directory to LastPass. When new users are created in your AD, we can automatically provision them with a LastPass Business account.

  • img_icon_illustrative_cloud-soc2-svg

    Cloud-based IDPs

    Cloud-based IDPs – e.g., Google Workspace – seamlessly integrate with LastPass, requiring no extra tools. You can onboard and offboard users whenever they're created or disabled/deleted in your IDP.

  • Benefits of a directory Integration

    icon-s-light_illustrative_unified-access-end-point-lock-svg

    Centralize onboarding

    A configurable, lightweight client that syncs user profiles from your on-premise user directory.

    icon-s-light_illustrative_employee-user-identity-svg

    One-click offboarding

    Simply sync user profiles from your consolidated cloud directory.

    icon-s-light_illustrative_user-directory-integration-svg

    Automate with groups

    Automate and scale password management while saving IT time.

    icon-s-light_illustrative_secure-deployment-lock-svg

    Build a foundation for federation

    Once integrated, federate users so they can log in to their vault using just their directory password.

    illustration_6col_directory-integration-federated-login-vault-svg

    Never share your data with us

    We've designed LastPass to protect what you store, so you can always trust us with your sensitive data.

    Our zero-knowledge infrastructure ensures neither LastPass nor your user directory possesses enough information to access a user’s vault. We make sure only a user knows just what their LastPass password is, such that only they can encrypt and decrypt their password vault and data.

  • img_icon_illustrative_zero-knowledge-security-final-svg

    Zero-knowledge infrastructure

    Your password vault and data are encrypted and decrypted at the device level. So, your users’ passwords will never be shared with our servers.

  • img_icon_illustrative_file-storage-encrypted-storage-final-svg

    Strongest encryption standard

    LastPass uses AES-256-bit encryption with PBKDF2 SHA-256 and salted hashes to ensure complete account security in the cloud.

  • img_icon_illustrative_security-shield-final-svg

    SOC 2 Type 2 compliance

    LastPass remains compliant with the “gold standard” of security and reliability – we safeguard user data and ensure our security measures remain up to date.

  • lastpass-logo-icon

    Save IT time while increasing security

    Give IT greater control over provisioning and deprovisioning by integrating your user directory with LastPass.