MFA: Linking LastPass to Multi-factor Authentication

Symptoms

 **NOTE** - This process is for DUO Mobile with LastPass not for use with a YubiKey.

This process is for users who have a LastPass Premium account from Duke and would like to link multi-factor authentication via the Duo Mobile app or other options supported by LastPass.

LastPass Enterprise - If you are a LastPass Enterprise user then you will need to send an email to site@duke.edu, requesting that you be added to the the LastPass Enterprise Group that requires MFA

More information about obtaining a Premium account with LastPass is available at https://software.duke.edu/node/108

 


 

Cause

Dependent on what form of Multi-factor Authentication you are using


 

Resolution

The follow steps assume that you have already signed up for Duke’s multi-factor authentication service. If you have not, please do so by visiting https://oit.duke.edu/mfa. Make sure to register the Duo Mobile application on your smart phone.

Duo Key Generation Process

  1. Generate information to link LastPass to Duo
    1. Visit https://idms-mfa.oit.duke.edu/mfa/home.
    2. In the “LastPass Integration” section, click “Generate LastPass Keys.” You should see the keys displayed.
    3. Keep the information handy for the next steps.
  1. Link your LastPass and Duo accounts
    1. In a new browser window or tab, log in to your LastPass vault from https://lastpass.com/.
    2. On the left side click “Account Settings,” then click the “Multifactor Options” tab at the top.
    3. Under the “For Free Users” section (look on the red bars breaking up the sections), click the edit button to the far right of the “DUO” column.
    4. Set the following values:
      i.     Enabled = Yes
      ii.     Permit Offline Access = Allow
      Remember the LastPass keys from section 1? Have them handy for the next 3 items.
      iii.     Integration Key = Paste from “LastPass Section” in section 1
      iv.     Secret Key = Paste from “LastPass Section” in section 1
      v.     Hostname = Paste from “LastPass Section” in section 1
    5. Click “Update” and enter your master password when prompted.
    6. When prompted for a Duo Security user name, change the default entry of your email address to your Duke NetID and click OK.

Login Process

  1. Login to LastPass as you normally would.
  2. A window will open up requesting you to complete the multifactor authentication request on the Duo app on your phone (see below).
  3. Open the Duo app on your phone and either:
    1. Accept the Push notification,
    2. Click the key next to Duke University and enter the 6-digit random PIN code in the LastPass multi-factor authentication window.

Note that you may also choose to “remember this computer” so that you do not have to complete the multi-factor process on this particular computer. Only do this if it is your personal computer.

Other Multi-Factor Options

LastPass supports many other multi-factor authentication options. A complete list may be found here: https://helpdesk.lastpass.com/multifactor-authentication-options/. Technologies tested and recommended by the security offices include:

Google Authenticator: https://helpdesk.lastpass.com/multifactor-authentication-options/google-authenticator/

Microsoft Authenticator: https://helpdesk.lastpass.com/multifactor-authentication-options/microsoft-authenticator-app/

Yubikey: https://helpdesk.lastpass.com/multifactor-authentication-options/yubikey-authentication/

 

 

Article Number: KB0018801