Universal Proxy

 

  • Add VPN and Legacy app on LastPass Admin Dashboard and download the LDAP agent.
  • Copy the “MFA Key“.

Prerequisites: Java 11

LDAP

  • Unzip the file lastpass-proxy.zip that you downloaded from the LastPass Admin Dashboard.
  • Execute the installation script lastpass-proxy/bin/install.bat as an administrator.
  • The service configuration screen will show up. Select the network protocol. Set a listening port. Select a certificate in pfx format if you wish to enable secure connections.
  • Set the “MFA Key” that you retrieved from the LastPass admin portal (Application > Legacy & VPN, copy the LastPass MFA key value and paste it here). 
  • Click on “Next“.

Windows Universal Proxy Installation

 

Protocol -network protocol to be used by service
Port – listening port
Auth URL – Authentication URL service endpoint
MFA Key – MFA key copied from the LastPass Admin Dashboard
Application Name – Set any value you like here if you wish to enable user authorization on LastPass side 
TLS Certificate – provides a certificate file if you wish to enable SSL/TLS connections
Overwrite Bind – makes all bind requests to succeed

  • Now select the Server Mode that better suits your needs.

LastPass for LastPass authentication only
Password or LastPass for password or LastPass authentication
2nd Factor Authentication for LastPass authentication along with password authentication

 

Domain – organization’s domain
Admin User – create an administrator user
Admin Password – set administrator password

  • If you selected Password or LastPass, or 2nd Factor Authentication, then you’ll be asked to provide your LDAP directory server parameters.

Host – LDAP directory server name or IP address
Port – LDAP directory server port
TLS – enables secure connections to LDAP server
Admin User – LDAP user with read permissions on directory users

  • Click on the “Install” button and you will get a confirmation message.
  • Go to the Windows Services management utility and check that LastPass Universal Proxy is running.

 

As an alternative, you can check if service is up and running by checking the listening port with the following command:
netstat -atn | findstr :<service_port_number>

 

RADIUS

Please note that only PAP and CHAP modes are supported. Authorization and Accounting are not supported by this service.

  • Unzip the file “lastpass-proxy.zip” that you downloaded from the LastPass Admin Dashboard.

  • Execute the installation script lastpass-proxy/bin/install.bat as an administrator.

  • The service configuration screen will show up. Select RADIUS as protocol. Set a listening port and click on “Next“.

  • Set the “MFA Key” that you retrieved from the LastPass admin portal (Application > Legacy & VPN, copy the LastPass MFA key value and paste it here).
  • Click on “Next“.

  • Set your organization’s domain name in Domain.
  • Set a Radius secret.
  • Click on the “Install” button. You’ll get a confirmation message. Go to the Windows Services management utility and check that LastPass Universal Proxy is running.

 

As an alternative, you can check if service is up and running by checking the listening port with the following command:
netstat -atn | findstr :<service_port_number>