lpass login to laspass enterprise which is connected to Azure AD gives invalid master password error

[mfarrokhnia]

Hi, I'm using the following command to connect to a lastpass enterprise account which is connected to Azure AD. After asking for Master password and entering my AD password, it gives error: Invalid password. I am able to login to the Lastpass using browser however I need to use a bash script to login to lastpass using lpass command which doesn't work. Does anyone know how to use lpass login command for connecting to LastPass using federated login? As I found when the Lastpass is connected to Azure AD it would not use Master Password anymore, so in this case how does lpass login command works?

$ lpass login $LASTPASS_USERNAME

[ogxm]

I'm facing the same issue described here. No one else has experienced the problem or found a workaround?

[jnewbigin]

I have login working for Okta SSO. Other federated login flows are a bit different but could be supported - if you are interested in helping me with some testing.

[bergemalm]

Same issue here. Need to get this working, have some scripting to do... I can help out with testing if needed.

[ogxm]

my condition got "fixed". It had happened that the security team had changed the settings to force a password change on all users. Lastpass-cli didn't sense or communicate clearly that it was being presented with an additional login case, and it'd fail on me. I changed my password on the app. I opened a new Terminal window and lastpass-cli worked well, like before.

[hueami]

Same Issue here. Since Azure AD connection replaces the master password (at least in my case) ogxm's solution doesn't work. Is this feature missing or do i just need some special configuration?

[farfromunique]

I have login working for Okta SSO. Other federated login flows are a bit different but could be supported - if you are interested in helping me with some testing.

@jnewbigin How did you get Okta SSO to work?

[jnewbigin]

@farfromunique there are 2 requirements.

1. this patch for lpass https://github.com/lastpass/lastpass-cli/pull/580
2. my electron app which can perform the Okta login flow. I will invite you to that repo The setup is still a bit fiddly but I need some testers for the beta. I hope to make my repo public real soon now. Given the sensitive nature of this I don't want to open the floodgates too early.

[gitcos]

@jnewbigin I would like to get lastpass-cli working with Okta as well. Can you show me how you did it?

[n3rdly]

I'm also working on trying to figure out lastpass-cli with okta but would like do it via a bash script if possible.

[jnewbigin]

https://github.com/jnewbigin/lpass-sso/releases/tag/v1.0.6

[12ozcannon]

It's been 2 years and there's still nothing for this huh? My company switched to federated and now that I want to use cli, it's now a no go.

[missingcharacter]

@12ozcannon you may want to look at bitwarden https://bitwarden.com/help/cli/#using-sso it does not seem like this is a priority to LastPass

[12ozcannon]

@missingcharacter Unfortunately I have no control over the matter as this is a corporate enterprise account and I don't manage it. I have my own personal account with bitwarden but this situation is out of my hands.

[missingcharacter]

@12ozcannon sorry for the suggestion that doesn't solve your problem. 😢

[Sappharad]

Using @jnewbigin 's code as an example last year I implemented Azure ADFS SSO in .NET 6. https://github.com/Sappharad/Lastpass-SSO-DotNET

Sorry that it took me so long to post it publicly. I intended to release it last year but most of the delay was me being busy. The sample code (provided without help/support, use at your own risk) will get you the password and fragment needed to login with John's lastpass-cli fork. The behavior for Okta is not identical to Azure, I have to make an additional server call and there's a minor difference with the password calculation.

I was never able to get John's code to run on my machine due to odd problems with electron and WSL (running windows) and due to issues with corporate proxies I couldn't use lastpass-cli either. I did successfully use the SSO fragment with a fork of an unofficial LastPass library for .NET, so I can at least confirm that the code works. I'm still looking into how I'm going to release my changes to that library since I found today that the same developer had deprecated it and built a new library to replace it.

[dhayhak]

I'm using the latest (current v1.3.4) and it is not working with OKTA. Any plans to support it?