LastPass SAML setup

Enable your LastPass users to access Trelica with Single-Sign-On (SSO).

Add Trelica to LastPass

Create the application

If you can't see the SSO and MFA menu item then check that you have a LastPass Enterprise Account.

Navigate to Applications > Web App and click Add Application:

Under Select your app, choose Custom and in the App Name field enter Trelica.

Download the metadata file

Expand the Identity Provider step and click Metadata at the bottom right. This will download the IdP metadata file that tells Trelica how to configure itself for LastPass:

Configure Trelica

You now need to put the IdP metadata you downloaded from LastPass into Trelica.

Open Trelica in a new browser tab, as you will need to switch back to LastPass shortly.
Log in to your Trelica site, and then go to Admin > Settings > Users > SAML providers:
Click New. The New SAML Identity Provider dialog is displayed.
In the Name field enter LastPass and ensure Metadata type is set to Metadata:
Open the IdP metadata that you downloaded from LastPass in a text editor (e.g. Notepad or Visual Studio Code), and cut Ctrl + Xand paste Ctrl + V the contents of the file into the Metadata field.
Click Create.

Finalize configuration in LastPass

The next step requires the ACS URL and the Entity ID from Trelica.

Copy each URL to the clipboard by clicking on the small copy icon next to each entry.
Return to LastPass and paste Ctrl + V the URLs into the ACS and Entity ID fields.
Expand Advanced Setup to move to the next step.
Set Identifier to Email and ensure that the SAML signature method is set to SHA256.
Finally, expand the Custom Attributes step.
Ensure that Sign Assertion is selected and that Sign Response is not selected.
Now add three attributes as follows:

Attribute Value

Email email

First Name given_name

Last Name family_name
Download a suitable Trelica logo and then upload it.
Click Save and assign to save the SAML configuration and assign some users to the application for testing.