Also beware, in my case I had to set the attribute "active" to "accountEnabled" during Step #2,14.
If I did not set this, my users would automatically be disabled when Azure AD auto provisioned, this is now not the case. Accounts do get disabled when I block logins through Office365 for a user.
It is possible, I do this all the time 🙂
Azure AD > Enterprise Application > *Lastpass app you created* > Provisioning > Provision on demand > A user (That is also added to Users and Groups) > Provision.
Well I finally got it to work with a second user account. I've deleted the first user that I was testing with before I had to redo the setup but even when I add it back in, it doesn't work. I still get the provisioning error shown above and when I go to lastpass, I see the user in invited users but the user never gets the activation code and I cannot log in.
The second user shows up under active user licenses right away and the user gets the activation code in their email. Not sure how to fix the first user yet.
This is the exact way I want it to be used, users log into O365 (with 2FA) for their LastPass (and chromebook) and autofill services that dont offer a similar option.
It looks like you would only want LastPass > Users > Add Users > Upload CSV to invite all your users and have them have a seperate password for LastPass?
Seems unclear why you would need federated login at all in your case
No, I don't want them to have a separate password. I just don't want Single Sign On. Basically I'd just want password sync. That way the log out timers in LastPass would still work and they wouldn't be logged into lastpass constantly. It makes it a bit more secure in case the user leaves the computer unattended briefly for example.