Creating an extended integration for LastPass users

Let Oomnitza be your single source of truth!

You'll get complete visibility of your users as data from LastPass is automatically transformed into consumable information and actionable insights.

Connect Oomnitza and LastPass in minutes

Get the information and insights that you need to reduce costs and the time that you spend on administration tasks such as:

• Configurable dashboards and list views of key user information
• Configurable reports to share information about users with your colleagues and management
• Workflows that can be used to onboard and offboard employees  
  • Workflows for deactivating and deleting users
  • Workflows for changing master passwords and resetting passwords
  • Workflows for re-inviting users
• Workflows for getting a SaaS user's role and deactivating SaaS users

Navigation

Add credentials

Create the user integration

Create workflows

Before you start

To stream LastPass user data into Oomnitza, you use basic authorization.

Best practice
For the integration with Oomnitza, create a dedicated user account.

Add credentials to the vault in Oomnitza

1. Log into Oomnitza.
2. Click Configuration > Security > Credentials, and then click Add new credential (+).
3. Add the information details.
4. Click the AUTHORIZATION tab.
5. Select Basic Auth as the authorization type.
6. Enter a username and password.
7. Click CREATE.

Next

You use the credentials that you added to create and customize your LastPass user integration with Oomnitza.

You'll also need the following information to create the integration:

• Client ID (LastPass account number)
• Provisioning hash (API secret) 

Useful links

LastPass Authentication API 

CID (LastPass account number) and API secret (provisioning hash) 

Create the user integration

Info and connect details

1. 1. 1. From the menu, click Configuration > Integrations and then click Integrations List View .
      2. On the Integrations page, scroll down to the Extended section for User Integrations.
      3. Click NEW INTEGRATION.
      4. In the New User Integration sidebar, click LastPass.
      5. Click APPLY and then click NEXT twice.

Connect page

Best practice
To ensure that only live user records are streamed from LastPass to Oomnitza, choose Update only as your integration preference. When you run the integration, you can check the error logs to see which user records weren't uploaded and why they weren't uploaded. You can then decide whether to upload the user records that were skipped by changing your integration preference to create and upload. See Access error logs.

1. Enter a descriptive name for the integration such as LastPass Users. That'll be the name of the user integration that is shown on the Integrations page.
2. From the User Selection list, select User plus SaaS User or User only.
3. If you select User plus SaaS User and you have multiple instances of the same SaaS application, select the application from the SaaS Selection list. If you have a single instance of the SaaS application, skip this step.
4. From the installation type list, select Cloud.
5. From the Credentials list, select the credentials for LastPass.
6. From the Integration Preferences list, select Update only.   
7. Enter the name of the user of the integration.
8. Enter your client ID.
9. Enter the API secret (provisioning hash).
10. Click Next.

Mappings

Map the LastPass fields to Oomnitza fields and create custom mappings to get the user information that you need.

Important
You must create custom mappings for the following date fields:
- Created
- Last Login
- Last Password Change
To make the labels are more readable, you change the names of the Created field to LastPass Users Created, the name of the Last Login field to LastPass Users Last Login, and the name of the Last Password Change field to LastPass Users Last Password Change. Make sure that the data type for these fields is set to short text.

Create custom fields

1. 1. 1. Create custom mappings to map the LastPass fields to Oomnitza:
         1. Click the down arrow on the field that you want to map.
         2. Select Add new Oomnitza users field.
         3. Change the name of the field.
         4. Click CREATE. 
      2. Assign a sync key to one of the fields such as the Username field.
      3. Assign an Oomnitza role to the users such as Employee.
      4. Click NEXT.  

Custom LastPass to Oomnitza mappings

The following LastPass fields can be mapped to Oomnitza:

Admin
Applications
Attachments
Created
Disabled
Duo Username
Formfills
Fullname
Last Login
Last Password Change
MP Strength
Never Logged In
Notes
Password Reset Required
Sites
Totalscore
User Load Connector Sync Time
Username

Want to map more fields to Oomnitza?
Contact Support, or see Mapping extended connectors.

When you've completed mapping the LastPass fields, click NEXT.

Schedule

By default, user data is streamed to Oomnitza once every day.

You can configure the schedule to meet your needs such as changing the interval or changing the time so that the data is streamed when your system isn't busy.

1. Configure your schedule.
2. Click FINISH.

Result

A new tile is created for the integration on the Integrations page. 

What to do next

If you want to see what information is collected now, click the tile on the Integrations page and click RUN.

Figure: Mock-up for illustration purposes

If you want to change the integration settings, you can click a navigation link on the page, such as 4 Mappings, and edit the settings. 

Create workflows

To reduce your workload and automate complex and repetitive tasks, you can use the following API presets:   

• Deactivate user
• Delete user
• Change master password and reset password
• Re-invite user

1. Click Configuration > Workflows >SaaS Users.
2. Click Add (+). The Begin and End blocks are automatically added to the sandbox.
3. Enter the name and a description of the workflow. 
4. Edit the Begin block by choosing a schedule and adding the rules that will trigger the workflow. For example, add the rule Name equals LastPass, and a rule to trigger the workflow.
5. Click the Blocks tab, and  drag and drop the API block onto the canvas.
6. Click the Edit button.
7. Enter LastPass in the search field and and choose one of the following presets:
   • LastPass Deactivate User
   • LastPass Delete User
   • LastPass Master Password Change
   • LastPass Re-invite User
   • LastPass Reset Password 
8. Make your changes. You'll be prompted to select your credentials, enter your CID (LastPass account number), your provisioning hash (API secret), and your username.
9. Click SAVE.
10. Connect the blocks.
11. Validate, launch, and save your workflow.

SaaS User Role Retrieval

1. Click Configuration > Workflows >SaaS Users.
2. Click Add workflow (+).  The Begin and End blocks are automatically added to the canvas.
3. Enter the name of the workflow and a description.
4. Edit the Begin block. For example, you can complete these actions:
   • Create a schedule for running the workflow.
   • Use a rule to identify the SaaS software such as Name equals LastPass.
   • Add rules to trigger the workflow . For example, you can add a rule to deactivate users who haven't logged in for a specified period. 
5. From the Integrations section, drag and drop the SaaS User Role Retrieval block onto the canvas.
6. Edit the SaaS User Role Retrieval block.
   1. To find the preset, type LastPass.
   2. Click the right arrow (>) next to LastPass User Role.
   3. Select your credentials and enter your LastPass CID and API secret. (The API secret is also known as the provisioning hash in LastPass).
7. Connect the workflows.
8. Validate, save, and launch the workflow.

SaaS user roles 

 Understanding workflows

 Workflow block overview

Unleash the power of Oomnitza

To get valuable actionable insights that help you manage your assets, learn how to:

• Configure dashboards for your users and software
• Configure custom reports about your users and software
• Create workflows to automate tasks

 Getting started