LastPass offers SAML integration with NetScaler VPN. You can add NetScaler as a web app on LastPass Admin Dashboard.
Part 1 – Configuration on LastPass Dashboard
- Open the LastPass Admin Dashboard. Select “Applications” from the left side menu and then select “Web App” from the submenu.
- Click on “+ Add SSO App” button from the upper right corner.
- A pop-up window will appear. Under the section: “Select your app”, click on “Search…” and type NetScaler to search the LastPass Catalog. Select NetScaler from the drop-down menu.
- Under the section: “Identity Provider”, you will find the required information such as “SSO End Point”, and “Logout URL”. Also, you can download the LastPass Certificate file to your computer by clicking on the download arrow button next to “Certificate”.
- Expand the Service Provider tab and set the ACS by replacing vpn.netscaler.com with the FQDN of your VPN.
- Set your Entity ID and save this value for later us and click on “Save“.
Part 2 – SSO Configuration on NetScaler Gateway
- Open a new tab on your browser and log in to your NetScaler admin console and go to NetScaler Gateway > Policies > Authentication > SAML.
- Click on the “Servers” tab and the click on the “Add” button to add a new authentication SAML server.
- Set a name for the server.
- Add the LastPass certificate downloaded in the previous step by clicking on the IDP Certificate Name field. Click on the plus sign button to add the LastPass.
- Set the Certificate-Key Pair Name. Upload the certificate and click “Install“.
- On IDP Certificate Name field, select the certificate that you added.
- Paste the SSO End Point that you copied from LastPass Admin Dashboard in the Redirect URL field.
- Paste the Logout URL that you copied from LastPass Admin Dashboard in the Single Logout URL field.
- Paste the Entity ID that you copied from the Service Provider tab in NetScaler app setting on LastPass Admin Dashboard in the Issuer Name field.
- Click “Ok” to save changes.
- Select the “Policies” tab to create a new policy.
- Click on the “Add” button and set a Name for the policy.
- Select the Server that you created.
- Paste “ns_true” in the Expression field and click on the “Create” button.
- Switch the authentication policy of your NetScaler gateway to the LastPass SAML policy. Go to NetScaler Gateway > Virtual Servers.
- Click on the desired virtual server. Select the current authentication policy on the Basic Authentication section.
- Select the current policy and “Unbind” it. Click on “Close“.
- On the Basic Authentication section, click on the “Add” button, select “SAML“as policy and click on “Continue“.
- Select the LastPass SAML policy. Click on the “Select” button.
- Please make sure that the LastPass SAML policy is selected on the next screen and click on the “Bind” button.
- Click “Done” to finish the process. You can now assign users to NetScaler VPN.