LastPass Enterprise

LastPass Enterprise combines enterprise password management with SAML 2.0–based SSO, MFA (incl. FIDO2/WebAuthn options), directory/SCIM provisioning, and a zero-knowledge encryption model. It acts as a SAML IdP for app SSO while storing and autofilling credentials for apps that don’t support federation.

Key Capabilities

  • Standards-based SSO: LastPass acts as a SAML 2.0 Identity Provider (IdP), enabling federated access to SaaS and web applications. It offers both prebuilt app templates and support for generic SAML integrations, with clear configuration guidance in its documentation.

  • Password management for non-SSO apps: Provides a secure vault for credentials that can’t be federated via SSO, with features like encrypted password storage, secure sharing, policy controls, and detailed audit trails.

  • MFA and passkey support: Administrators can enforce multiple MFA options, including FIDO2/WebAuthn-based passwordless authentication for vault access and passkey management for improved security.

  • Directory and SCIM provisioning: Supports inbound SCIM 2.0 provisioning from identity sources such as Microsoft Entra ID, Okta, and OneLogin, automating user onboarding and deactivation in LastPass.

Limitations

  • Protocol scope: Public admin documentation positions LastPass SSO as SAML-based; there is not enough public information to confirm native OpenID Connect/OAuth 2.0 provider capabilities.

  • Security incident history: In 2022, LastPass disclosed incidents involving theft of source code and subsequent exfiltration of customers’ encrypted vault data; the company reiterated its zero-knowledge design (no master passwords stored) in risk updates and communications.

  • FIDO2 nuances: While WebAuthn/passwordless features are documented, certain FIDO2 behaviors are product-specific; confirm current platform coverage and policy controls before rollout.

  • Not an IGA suite: LastPass provides SSO/MFA and provisioning into LastPass, but it does not offer full identity governance features such as access certifications or segregation of duties (SoD).

  • SaaS-only delivery: The service is operated by LastPass with no self-hosted IdP or on-prem vault server; integrations rely on directory bridges and SCIM.

Customer Identity, Simplified.

No Complexity. No Limits.
Thousands of businesses trust LoginRadius for reliable customer identity. Easy to integrate, effortless to scale.

See how simple identity management can be. Start today!
Free Trial
Contact Sales