- 23 Nov 2022
- 3 Minutes to read
- Updated on 23 Nov 2022
- 3 Minutes to read
LastPass is a password manager that stores encrypted passwords online.
Types of Assets Fetched
This adapter fetches the following types of assets:
Account Type (required, default: LastPass API) - Select the Account Type from the dropdown.
If the Account Type selected is LastPass API, the following parameters are displayed:
- Host Name or IP Address (required, default: https://identity-api.lastpass.com) - The hostname or IP address of the LastPass server that Axonius can communicate via the Required Ports.
- API Key (required) - An API Key associated with a user account that has the Required Permissions to fetch assets.
- Public Key File and Private Key File (required) - Click Choose file to upload the Public key file and Private key file, used for authentication. For more information, refer to Generating Keys.
If the Account Type selected is LastPass Business API, the following parameters are displayed:
- Host Name or IP Address (required, default: https://lastpass.com) - The hostname or IP address of the LastPass server that Axonius can communicate via the Required Ports.
- CID (Account number) (required) - Specify the CID (account number) used to make requests to the LastPass Business API.
- Provisioning hash (required) - Specify the provisioning hash used to make requests to the LastPass Business API.
To obtain the CID and provisioning hash, see Generating the CID and Provisioning Hash.
Verify SSL - Select to verify the SSL certificate offered by the value supplied in Host Name or IP Address. For more details, see SSL Trust & CA Settings.
HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to the value supplied in Host Name or IP Address.
HTTPS Proxy User Name (optional, default: empty) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.
HTTPS Proxy Password (optional, default: empty) - The password to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.
For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.
From Version 4.6, Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to Advanced Configuration for Adapters.
- Fetch only Enabled Accounts - Select whether to only fetch accounts that are enabled.
To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.
Axonius integrates with APIs for LastPass Personal and LastPass Business accounts.
- If you have a LastPass Personal account, you can use the legacy LastPass Plain Auth API.
- If you have a LastPass Business account, use the LastPass Business API.
Axonius must be able to communicate with the value supplied in Host Name or IP Address via the following ports:
- TCP port 443
The value supplied in API Key must be associated with credentials that have permissions to fetch assets.
To generate key files
- Navigate to the LastPass Portal LastPass Portal.
- From the left pane, select Advanced Options.
- From the submenu, select Keys. The Keys Management page is displayed.
- Under Existing Keys, from the Generic API row, click Refresh (1). When requested to download public-key.cer, save this file to your system.
- Click the yellow Download (2) button. When requested to save the private-key.cer, save this file to your system.
- Click the green Copy (3) button to copy the API key.
Generating the CID and Provisioning Hash
To generate the CID and provisioning hash
- Log in with your email address and master password to access the new Admin Console at the LastPass Login Page.
- Navigate to the Dashboard tab. The CID (account number) is located at the top of the page, preceded by the words "Account number". Jot down the CID information, as you will subsequently need it.
- Navigate to Advanced > Enterprise API.
- Do one of the following:
- If you have not previously created your provisioning hash, click Create provisioning hash > OK. The provisioning hash appears at the top of the page.
- If you previously created your provisioning hash but have since forgotten it, generate a new one.
If you have already created a provisioning hash, then generating a new hash will invalidate the previous hash, and will require you to update all integrations with the newly generated hash.
To proceed with creating a new provisioning hash, click Reset your provisioning hash > OK. Your new provisioning hash is displayed at the top of the page.
Update all integrations that used the previous provisioning hash.