MFA: Linking LastPass to Multi-factor Authentication
**NOTE** - This process is for DUO Mobile with LastPass not for use with a YubiKey.
This process is for users who have a LastPass Premium account from Duke and would like to link multi-factor authentication via the Duo Mobile app or other options supported by LastPass.
LastPass Enterprise - If you are a LastPass Enterprise user then you will need to send an email to email@example.com, requesting that you be added to the the LastPass Enterprise Group that requires MFA
More information about obtaining a Premium account with LastPass is available at https://software.duke.edu/node/108
Dependent on what form of Multi-factor Authentication you are using
The follow steps assume that you have already signed up for Duke’s multi-factor authentication service. If you have not, please do so by visiting https://oit.duke.edu/mfa. Make sure to register the Duo Mobile application on your smart phone.
Duo Key Generation Process
- Generate information to link LastPass to Duo
- Visit https://idms-mfa.oit.duke.edu/mfa/home.
- In the “LastPass Integration” section, click “Generate LastPass Keys.” You should see the keys displayed.
- Keep the information handy for the next steps.
- Link your LastPass and Duo accounts
- In a new browser window or tab, log in to your LastPass vault from https://lastpass.com/.
- On the left side click “Account Settings,” then click the “Multifactor Options” tab at the top.
- Under the “For Free Users” section (look on the red bars breaking up the sections), click the edit button to the far right of the “DUO” column.
- Set the following values:
i. Enabled = Yes
ii. Permit Offline Access = Allow
Remember the LastPass keys from section 1? Have them handy for the next 3 items.
iii. Integration Key = Paste from “LastPass Section” in section 1
iv. Secret Key = Paste from “LastPass Section” in section 1
v. Hostname = Paste from “LastPass Section” in section 1
- Click “Update” and enter your master password when prompted.
- When prompted for a Duo Security user name, change the default entry of your email address to your Duke NetID and click OK.
- Login to LastPass as you normally would.
- A window will open up requesting you to complete the multifactor authentication request on the Duo app on your phone (see below).
- Open the Duo app on your phone and either:
- Accept the Push notification,
- Click the key next to Duke University and enter the 6-digit random PIN code in the LastPass multi-factor authentication window.
Note that you may also choose to “remember this computer” so that you do not have to complete the multi-factor process on this particular computer. Only do this if it is your personal computer.
Other Multi-Factor Options
LastPass supports many other multi-factor authentication options. A complete list may be found here: https://helpdesk.lastpass.com/multifactor-authentication-options/. Technologies tested and recommended by the security offices include:
Google Authenticator: https://helpdesk.lastpass.com/multifactor-authentication-options/google-authenticator/
Microsoft Authenticator: https://helpdesk.lastpass.com/multifactor-authentication-options/microsoft-authenticator-app/