In this article we will outline setting up LastPass as a SAML Identity Provider so that we can utilize Telnyx's Single Sign-On feature. LastPass is a password manager that stores encrypted passwords online. It is one of the many SAML providers that Telnyx supports for our SSO feature.
NOTE: If you experience technical difficulties while attempting to set up your LastPass SSO with Telnyx, its possible your provider is experiencing outages/maintenance. You can check the status of LastPass features at https://status.lastpass.com/.
To begin, navigate to your LastPass admin portal by visiting https://admin.lastpass.com/dashboard. On the navbar click Applications →SSO Apps and click Add your first SSO App.
On the pop-up screen, click on Add unlisted app. You'll be prompted to choose a name for your app, then you will be presented with the "Configure App" page. Click "Expand" on the "Set up App" tab and you'll be provided with the below information:
Next, navigate to your Organization section of the Telnyx Mission Control Portal and create an Organization if you have not already. Once created, navigate to the Single Sign-On section of the portal and click the green Enable Single Sign-On button.
You will be presented with the following fields:
Fill in the Authentication Provider name and Short Name with the values you desire. Please note that the Short Name will be part of the SSO URLs.
Select Manually enter configuration.
On the IdP Certificate Fingerprint field, copy the data from the Certificate Fingerprint:(SHA256) in the LastPass portal.
On the IdP Certificate Fingerprint Algorithm field select sha256.
On the IdP Entity ID field, copy the data from Entity ID in the LastPass portal.
On the IdP SSO Target URL field, copy the URL of the SSO End Point in the LastPass portal.
Click on Save Changes.
Once your changes are saved, scroll down to the “Authentication Provider Generated Config” section and take note of the values for Assertion Consumer Service URL and Service Provider Entity ID.
Back to the LastPass admin page, click Expand on the "Set up LastPass" tab and click the "Advanced Settings" drop down. You'll be presented with the following fields.
Use the value generated for Assertion Consumer Service URL on the Telnyx Mission Control Portal and paste it in the ACS field.
Use the value generated for Service Provider Entity ID on the Telnyx Mission Control Portal to fill in the Entity ID.
Make sure that the identifier drop down is set to "Email", your SAML signature method is set to "SHA256" and that "Sign Response" is enabled. When your configuration is complete, click Save & Assign to users.
On the next page, click on Assign users, groups and roles.
Select all appropriate users you would like to assign this app to using the check boxes beside their email IDs. When all users are selected, click Assign.
Once you are ready to enable the configs, on the Telnyx Mission Control Portal, click on “Enable Single Sign-On” and “Save Changes”.
Your chosen settings are now in effect! This will send all users in your organization an email informing them that SSO is now enabled. Your users will still be able to login using username/password for the next 72 hours. After that, they will be required to use SSO.