We are having some issues, maybe with the custom attribute's permissions. Both LastPass and Microsoft instructions are somewhat unclear to say the least for configuring the environment correctly. Would appreciate some help.
1. Created a new custom attribute in the AD with correct syntax
2. Marked the custom attribute as confidential
3. Assigned the custom attribute to User class in our AD
4. Modified the CONTROL ACCESS permissions for both the ADFS service account and AD Connector service account
The users are synced to LastPass, but the custom attribute field does not get populated by AD Connector for some reason.
Also, the ADFS plugin installer does not bring any LastPass settings to the ADFS management console, even though they have been installed as per instructed.
Our user accounts are under different OU structures in the AD, can that cause issues? What about CONTROL ACCESS inheritance, are there any requirements for this? Any hints what to look for next? We are running out of ideas.
I have contacted their support, but maybe someone here knows something too.