--- title: LastPass API Integration on Truto slug: lastpass category: Default canonical: "https://truto.one/integrations/detail/lastpass/" --- # LastPass API Integration on Truto **Category:** Default **Status:** Beta ## Unified APIs ### Unified User Directory API - **Roles** — The Role object represents a role of a User. - **Users** — The User object represents a User. ## How it works 1. **Link your customer's LastPass account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach LastPass.** The Proxy API is a 1-to-1 mapping of the LastPass API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Automate employee provisioning and deprovisioning in LastPass** — HRIS and onboarding platforms can sync employee lifecycle events to automatically provision LastPass vaults for new hires and instantly disable accounts upon termination, ensuring credentials are secured without manual IT intervention. - **Verify password manager adoption for compliance audits** — Compliance automation platforms need to prove that all employees have active LastPass vaults with MFA enabled to satisfy SOC 2 and ISO 27001 controls. Pulling user directory data from LastPass provides auditable evidence of security policy enforcement. - **Centralize identity visibility across IAM tools** — Security and IT operations platforms can aggregate user and role data from LastPass alongside other identity providers to build a unified view of access across the organization, identifying orphaned accounts and privilege drift. - **Streamline MSP client credential management** — Managed Service Providers operating across dozens of client environments can integrate their IT management consoles with LastPass to programmatically manage user accounts and group assignments per client, reducing manual overhead and access control errors. ## What you can build - **Automated vault provisioning on employee onboarding** — Automatically create a LastPass user and assign them to the correct group when an employee is marked active in your platform. - **Real-time account deactivation on offboarding** — Instantly disable a user's LastPass account when their employment status changes to terminated, revoking access to all shared credentials. - **Unified user directory dashboard** — Display LastPass users and their roles alongside data from other identity providers in a single normalized view using Truto's Unified User Directory API. - **Password manager coverage report** — Generate a compliance-ready report showing which employees have active LastPass vaults and which are missing, mapped against your HR system's active headcount. - **Bulk group assignment sync** — Push department or team changes from your platform into LastPass groups in batch, keeping credential-sharing boundaries aligned with org structure. ## FAQs ### How does authentication work with the LastPass Enterprise API? LastPass Enterprise API authenticates using a Company ID (CID) and a Provisioning Hash, which are generated by the LastPass Business admin. Truto handles storing and managing these credentials securely on behalf of your end users. ### What data can I access through Truto's Unified User Directory API for LastPass? You can read and manage Users and Roles. This maps to LastPass operations like retrieving user data, creating users, disabling users, and managing group assignments. ### Does disabling a user via the API delete their vault? No. Disabling a user through the LastPass API (or SCIM) revokes their access but does not fully delete the vault. This is consistent with LastPass's security model for data retention. ### Are there specific tools already built for LastPass on Truto? LastPass tools are built on request. Truto supports LastPass through the Unified User Directory API for Users and Roles. If you need additional operations like event log ingestion or shared folder data, contact Truto to scope a custom build. ### Does LastPass support SCIM for user provisioning? Yes, LastPass offers SCIM endpoints in addition to their Enterprise API. Truto can work with either method to normalize user directory operations into a consistent interface across all your integrations. ### What security defaults apply when creating users via the API? Users created through the LastPass Enterprise API default to 600,000 PBKDF2 password iterations, which meets current security best practices for key derivation.