cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
New Contributor

AD Sync, AD FS or Azure AD Sync.....which to choose?

I have a brand new LastPass Identity roll out and I'm at the point of adding AD, but don't know which way to go.

 

From the docs that I have found so far it would seem that there are three choices and I can/have to pick only one? If this is the case, can someone recommend to me which direction I should go?

 

I am thinking that I should go in the direction of Azure AD Sync to allow the users one less headache of no master passwords? If this is the way, how painful is it to setup? Having 20 odd users in LastPass already, is there going to be an issue in turning this on?

 

Thanks in advance for any help anyone can give.

1 REPLY 1
Highlighted
New Contributor

Re: AD Sync, AD FS or Azure AD Sync.....which to choose?

Federated login is super convenient, but there are limitations you should be aware of. See this page: https://support.logmeininc.com/lastpass/help/what-are-the-limitations-for-federated-ad-fs-lastpass-e...

Most notably of which is that federated users dont have "offline access" so if you have employees that must be able to work offline, federated login isnt for you. (Granted, if they are offline, odds are they arent logging into many websites in the first place, but still something to think about.)

Regarding federated login with ADFS vs Azure AD, consider this: If your ADFS server goes down, federated users wont be able to login. On the flip side, if Office 365 is having a bad day, they wont be able to login via Azure either. 

In my opinion, non-federated is often the easier way to go. There is something to be said for not having all of your proverbial eggs in one basket, and if users go from juggling ~50 passwords down to just 2, thats still pretty great. Plus, I dont wanna worry that Azure or ADFS will go down and lock out my users...