Part 1 – Configuration on LastPass Dashboard
  • Open the LastPass Admin Dashboard. Select “Applications” from the left side menu and then select “Web App” from the submenu.

LastPass Web Applications

 

  • Click on “+ Add SSO App” button from the upper right corner.

Add SSO application

 

  • A pop-up window will appear. Under the section: “Select your app”, click on “Search…” and type Salesforce to search the LastPass Catalog. Select Salesforce from the drop-down menu.

SSO App Catalog

 

  • Under the section: “Identity Provider”, you will find the required information such as “Entity ID”, “SSO End Point”, and “Logout URL”. Also, you can download the LastPass Metadata xml or Certificate file to your computer by clicking on the download arrow button next to “Metadata” or “Certificate”.

SSO Identity Provider

 

Part 2 – Configuration on Salesforce
  • Open a new tab on your browser and log into Salesforce as an administrator using the following hyperlink: https://login.salesforce.com.
  • On your top right side of the page, click on the setup icon and then choose “Setup from the drop-down menu.

Salesforce Setup

 

  •  From the left side menu, select “Security Controls” and then “Single Sign-on Settings”.

Salesforce SSO

 

  • With the lightening experience, Select “Identity” and then “Single Sign-on Settings”.

Salesforce SSO Lightening

 

  • Click “Edit” on Single Sign-On Settings. Check the “SAML enabled” checkbox and click “Save“.

Salesforce SAML SSO

 

  •  To add a new entry for “SAML Single Sign-on Settings” – click on the “New from Meta Data” button.

Salesforce New from Metadata

 

  • Upload the Meta Data file that you downloaded from LastPass dashboard.

Upload Salesforce Metadata

 

  • Most of the information is already filled in using the Meta Data. Please add the following information: 
    Identity Provider Certificate: Upload the certificate file you’ve just downloaded from LastPass dashboard
    Identity Provider Login URL: https://identity.lastpass.com/SAML/SSOService (SSO End Point copied from LastPass dashboard)
    Identity Provider Logout URL: https://identity.lastpass.com/Login/Logout (Logout URL copied from LastPass dashboard)
  •  Click on “Save“.

Salesforce SAML Setting

 

  • Copy the Salesforce Login URL. You will use it to configure your ACS URL on your LastPass dashboard.

Salesforce SAML ACS copy

 

By completing the steps above, your users will be able to access SalesForce from LastPass Cloud Apps portal.  In order for users to be able to directly log in from Salesforce with the same LastPass user experience, please continue the next 2 optional steps and set up a customized Salesforce domain. Your users can login directly from that domain to Salesforce.

  • From the left side menu select “Domain Management” and then “My Domain”. 
  • If you don’t have a domain setup already, provide a name for your organization (https://yourworkdomain.my.salesforce.com), check availability,  and select “Register Domain“. It will take a few mins for your domain to get ready.
  • Then, scroll down and click on the “Edit” button next to “Authentication Configuration”. 

Domain management

 

  •  Uncheck the Login Page checkbox and check the LastPass checkbox instead. Click on “Save“.

Salesforce Authentication Service

 

Part 3 – Finalizing SSO Configuration
  • Go back to the browser tab where you have the LastPass Admin Dashboard open.
  • Expand the “Service Provider” section and paste the “Salesforce Login URL” that you copied to the “ACS” field. 
  • Click on “Save”.

SSO app Service Provider

 

Salesforce is now configured! Please see the Assign Users page for instructions on assigning users to Salesforce.