# Lastpass enterprise

SureCloud connects to LastPass Enterprise to retrieve user provisioning records, shared folder access assignments, and admin event log data. This allows SureCloud to verify that access to shared credentials in LastPass is managed through appropriate folder permissions, that user accounts are current and provisioned correctly, and that administrative changes are captured in the event log.

## Authentication and setup

LastPass Enterprise authenticates API requests using a Company ID and a provisioning hash (API secret). SureCloud uses these credentials to access the LastPass Provisioning API.

{% stepper %}
{% step %}
**Retrieve your LastPass API credentials**

Log in to the LastPass Admin Console at [lastpass.com/enterprise\_console.php](https://lastpass.com/enterprise_console.php). Navigate to **Advanced → Enterprise API** and note the **Company ID**. Click **Generate API Secret** to create a provisioning hash. Copy both values.
{% endstep %}

{% step %}
**Enter the credentials in SureCloud**

Navigate to **SureCloud → Integrations → LastPass Enterprise → Connect**. Enter the **Company ID** and the **API Secret (provisioning hash)**. Click **Save** and then **Test Connection**.
{% endstep %}
{% endstepper %}

{% hint style="warning" %}
Store the API Secret securely. SureCloud encrypts it at rest, but treat it as a sensitive credential. Rotate it every 90 days in the LastPass Admin Console under **Advanced → Enterprise API** and update it in **SureCloud → Integrations → LastPass Enterprise → Edit Connection**.
{% endhint %}

## Endpoints

LastPass Enterprise uses a REST-style API with action parameters. SureCloud uses the following:

| API Call                                            | Use Case                                                      |
| --------------------------------------------------- | ------------------------------------------------------------- |
| `POST /enterpriseapi.php` — `getuserdata`           | Retrieve all user accounts including status and last login    |
| `POST /enterpriseapi.php` — `getsharedfolderdata`   | Retrieve shared folder inventory and their access assignments |
| `POST /enterpriseapi.php` — `reporting` (event log) | Retrieve admin event log entries for audit evidence           |

## Pagination

LastPass API responses return all results in a single response for most account sizes. For accounts with very large user counts, SureCloud pages through results using the `pagesize` and `pagenum` parameters where supported.

```json
POST /enterpriseapi.php
{
  "cid": "<company_id>",
  "provhash": "<api_secret>",
  "cmd": "getuserdata",
  "data": { "pagenum": 2, "pagesize": 500 }
}
```

## Required permissions

LastPass API credentials are account-scoped and associated with the admin account that generated the provisioning hash. The credentials must be generated by an account with **Super Admin** or **Admin** rights to access user data and event logs.

## Polling frequency

| Data Type                        | Interval       |
| -------------------------------- | -------------- |
| User accounts and status         | Every 24 hours |
| Shared folder access assignments | Every 24 hours |
| Admin event log                  | Every 6 hours  |

## Troubleshooting

<details>

<summary>Connection test returns "Invalid credentials" or authentication error</summary>

The Company ID or API Secret is incorrect, or the secret has been regenerated without updating SureCloud. Navigate to **LastPass Admin Console → Advanced → Enterprise API**, confirm the values are correct, and regenerate the secret if necessary. Update both values in **SureCloud → Integrations → LastPass Enterprise → Edit Connection**.

</details>

<details>

<summary>User data returns incomplete records</summary>

LastPass returns users based on the admin account's visibility scope. If the API credentials were generated by a sub-admin with a restricted user scope, some users may not appear. Ensure the credentials were generated by a Super Admin account to access the full user directory.

</details>

<details>

<summary>Event log returns empty</summary>

LastPass retains event log data for a period dependent on your plan. SureCloud queries within the available retention window. If the event log is consistently empty, confirm that event logging is enabled for your LastPass Enterprise account in **Admin Console → Dashboard → Event Log**.

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://surecloud.gitbook.io/surecloud-docs/integrations/ccm-and-evidence-collection-integrations/lastpass-enterprise.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.