> ## Documentation Index
> Fetch the complete documentation index at: https://conductorone-docs-iga-1271.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Set up LastPass connector

> ConductorOne provides identity governance and just-in-time provisioning for LastPass. Integrate your LastPass instance with ConductorOne to run user access reviews (UARs) and enable just-in-time access requests.

## Capabilities

| Resource      | Sync                                                          | Provision |
| :------------ | :------------------------------------------------------------ | :-------- |
| Account       | <Icon icon="square-check" iconType="solid" color="#65DE23" /> |           |
| Shared Folder | <Icon icon="square-check" iconType="solid" color="#65DE23" /> |           |

**Additional functionality:**

*None.*

## Gather LastPass configuration information

Configuring the connector requires you to pass in information from LastPass. Gather these configuration details before you move on.

Here's the information you'll need:

* LastPass CID
* LastPass Provhash

See the LastPass docs for information on how to acquire credentials: [View the documentation](https://support.lastpass.com/s/document-item?language=en_US\&bundleId=lastpass\&topicId=LastPass/t_cid_and_hash_locate.html&_LANG=enus)

## Configure the LastPass connector

<Warning>
  To complete this task, you'll need:

  * The **Connector Administrator** or **Super Administrator** role in ConductorOne
  * Access to the set of LastPass configuration information gathered by following the instructions above
</Warning>

<Tabs>
  <Tab title="Cloud-hosted">
    **Follow these instructions to use a built-in, no-code connector hosted by ConductorOne.**

    <Steps>
      <Step>
        In ConductorOne, navigate to **Integrations** > **Connectors** and click **Add connector**.
      </Step>

      <Step>
        Search for **LastPass** and click **Add**.
      </Step>

      <Step>
        Choose how to set up the new LastPass connector:

        * Add the connector to a currently unmanaged app (select from the list of apps that were discovered in your identity, SSO, or federation provider that aren't yet managed with ConductorOne)

        * Add the connector to a managed app (select from the list of existing managed apps)

        * Create a new managed app
      </Step>

      <Step>
        Set the owner for this connector. You can manage the connector yourself, or choose someone else from the list of ConductorOne users. Setting multiple owners is allowed.

        If you choose someone else, ConductorOne will notify the new connector owner by email that their help is needed to complete the setup process.
      </Step>

      <Step>
        Click **Next**.
      </Step>

      <Step>
        Find the **Settings** area of the page and click **Edit**.
      </Step>

      <Step>
        Enter the configuration information from the previous section.
      </Step>

      <Step>
        Click **Save**.
      </Step>

      <Step>
        The connector's label changes to **Syncing**, followed by **Connected**. You can view the logs to ensure that information is syncing.
      </Step>
    </Steps>

    **That's it!** Your LastPass connector is now pulling access data into ConductorOne.
  </Tab>

  <Tab title="Self-hosted">
    **Follow these instructions to use the LastPass connector, hosted and run in your own environment.**

    When running in service mode on Kubernetes, a self-hosted connector maintains an ongoing connection with ConductorOne, automatically syncing and uploading data at regular intervals. This data is immediately available in the ConductorOne UI for access reviews and access requests.

    ### Resources

    [Contact ConductorOne's support team](mailto:support@conductorone.com) to download the latest version of the connector.

    ### Step 1: Set up a new LastPass connector

    <Steps>
      <Step>
        In ConductorOne, navigate to **Integrations** > **Connectors** > **Add connector**.
      </Step>

      <Step>
        Search for **Baton** and click **Add**.
      </Step>

      <Step>
        Choose how to set up the new LastPass connector:

        * Add the connector to a currently unmanaged app (select from the list of apps that were discovered in your identity, SSO, or federation provider that aren't yet managed with ConductorOne)

        * Add the connector to a managed app (select from the list of existing managed apps)

        * Create a new managed app
      </Step>

      <Step>
        Set the owner for this connector. You can manage the connector yourself, or choose someone else from the list of ConductorOne users. Setting multiple owners is allowed.

        If you choose someone else, ConductorOne will notify the new connector owner by email that their help is needed to complete the setup process.
      </Step>

      <Step>
        Click **Next**.
      </Step>

      <Step>
        In the **Settings** area of the page, click **Edit**.
      </Step>

      <Step>
        Click **Rotate** to generate a new Client ID and Secret.

        Carefully copy and save these credentials. We'll use them in Step 2.
      </Step>
    </Steps>

    ### Step 2: Create Kubernetes configuration files

    Create two Kubernetes manifest files for your LastPass connector deployment:

    #### Secrets configuration

    ```yaml expandable theme={null}
    # baton-lastpass-secrets.yaml
    apiVersion: v1
    kind: Secret
    metadata:
      name: baton-lastpass-secrets
    type: Opaque
    stringData:
      # ConductorOne credentials
      BATON_CLIENT_ID: <ConductorOne client ID>
      BATON_CLIENT_SECRET: <ConductorOne client secret>

      # LastPass config
      BATON_LAST_PASS_CID: <LastPass CID>
      BATON_LAST_PASS_PROVHASH: <LastPass Provhash>

    ```

    See the connector's README or run `--help` to see all available configuration flags and environment variables.

    #### Deployment configuration

    ```yaml expandable theme={null}
    # baton-lastpass.yaml
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: baton-lastpass
      labels:
        app: baton-lastpass
    spec:
      selector:
        matchLabels:
          app: baton-lastpass
      template:
        metadata:
          labels:
            app: baton-lastpass
            baton: true
            baton-app: lastpass
        spec:
          containers:
          - name: baton-lastpass
            image: ghcr.io/conductorone/baton-lastpass:latest
            imagePullPolicy: IfNotPresent
            env:
            - name: BATON_HOST_ID
              value: baton-lastpass
            envFrom:
            - secretRef:
                name: baton-lastpass-secrets
    ```

    ### Step 3: Deploy the connector

    <Steps>
      <Step>
        Create a namespace in which to run ConductorOne connectors (if desired), then apply the secret config and deployment config files.
      </Step>

      <Step>
        Check that the connector data uploaded correctly. In ConductorOne, click **Apps**. On the **Managed apps** tab, locate and click the name of the application you added the lastpass connector to. lastpass data should be found on the **Entitlements** and **Accounts** tabs.
      </Step>
    </Steps>

    **That's it!** Your LastPass connector is now pulling access data into ConductorOne.
  </Tab>
</Tabs>
