I have set up federated login through this guide on my development environment. Provisioning users works but when the user tries to activate their account through the email they received they get this certificate error.
AADSTS500031: Cannot find signing certificate configured.
I can not find anything about certificates in the guide, or anything about the error on Google (except for SSO which I am not using).
Has anyone else experienced this error?
I contacted Lastpass and they gave me this workaround (which I can confirm works)
When creating the new enterprise application in Azure AD you will have to use the old interface by clicking:
Click here to switch back to the old app gallery experience
(continue following guide)
Yes very interesting, but it might also be recently introduced issue which did not exist when the manual was created. Lastpass has a bug report open.
Here's the original reply:
Hello Thomas, This seems to be stemming from a discrepancy between microsofts behavior on their new App gallery UI, where signing certificates are assumed for federated integrations. This is not the case in the old Microsoft App gallery. We have a bug report open currently for this issue and I will add your case to it. While our team addresses this issue, the workaround is to set this integration up using the old App gallery UI. I have attached screenshots displaying what the old and new gallery UI's look like for your review.
Im liking it so far, the guide was a bit intimidating at the beginning but I would be able to set it up in 20 minutes after trying it a few times.
(I tried it out in a free office365 development area)
Im planning on making a small guide for employees to set up their LastPass, but it seems to be simply activating and using LastPass.
From what I read SSO seems to have a big (permanent) impact, ie. if I set up SSO with LastPass, my users will have to login through Lastpass to access their Office 365 account, and apart from that none of the other services we use support SSO yet.
Upside from federated logins is that I can add employees in stages, so probably 1 department at a time.
Im now looking into federated logins with Google, allowing employees to use the same account to log in to Office365(main), Lastpass, and their Chromebooks. Where Office365 handles logins and 2FA.
Lastpass Federated login - Allows user to login to lastpass with their O365 credentials.
Keeper Cloud SSO - Similar to lastpass but the user will be logged into keeper automatically if already authenticated with O365. Also need to toggle the option to disable Single Sign OUT otherwise hitting sign-out on keeper would sign them out of O365.
I prefer the lastpass Same sign in method, not single sign in but either seems like they would work fine. It's nice how Keeper has an enterprise app in the catalog but with lastpass, we have to create a custom app. Downside of keeper is they have no community for discussions like this.
I prefer the LastPass method aswell, and keep in mind: You only have to set it up once 😉
Lastpass' 24/7 support line helped me great a few days ago, we're definately staying with LastPass