LastPass Enterprise AD Agent

Customer forum for LastPass Enterprise

Moderators: admin, azitnay, anatoly_LP, chantieLP, JoeSiegrist, robyn

Super Admin role doesn't exist

Postby buffyg » Sun Apr 29, 2018 1:31 pm

You document that there is a Super Admin role. I have no evidence it exists: it's not in the roles page, the described privileges, which have to be enabled by policy, can only be assigned by enumerating users (and not roles) into the policy. The role page doesn't allow these privileges to be assigned to any role.
buffyg
 
Posts: 7
Joined: Sun Apr 29, 2018 1:28 pm

Help Desk role from documentation doesn't exist

Postby buffyg » Sun Apr 29, 2018 1:34 pm

You document a built-in but customisable Help Desk Admin role. It wasn't there, and I've checked for role deletions in the audit log and found none. It's not a huge problem, since the role can be customised, it can be created from scratch, but it caused great confusion that it wasn't there in the first place but is documented as though it should.
buffyg
 
Posts: 7
Joined: Sun Apr 29, 2018 1:28 pm

LastPass Enterprise Role assignment tab for User management

Postby buffyg » Sun Apr 29, 2018 1:37 pm

The LastPass Enterprise Role assignment tab for a User caches name information from the previous user. This is dangerously confusing.
buffyg
 
Posts: 7
Joined: Sun Apr 29, 2018 1:28 pm

LastPass Enteprise Okta integration

Postby buffyg » Sun Apr 29, 2018 1:43 pm

The documentation for LastPass Enterprise clearly states as the first FAQ item:

"Do groups in Okta sync to the LastPass admin dashboard?
"No. While you can assign LastPass provisioning to specific groups in the Okta dashboard, groups themselves are not synced from Okta to LastPass."

However, when I first sync a user from Okta, their group memberships are all removed.

How is LastPass meant to be behave with group memberships? Do you expect use of something like the AD Agent (which, incidentally, doesn't resemble the documentation in the install screens and doesn't appear to accept config changes because the service isn't run on install)?
buffyg
 
Posts: 7
Joined: Sun Apr 29, 2018 1:28 pm

LastPass Enterprise AD Agent

Postby buffyg » Sun Apr 29, 2018 1:57 pm

There are quite substantial problems: the first screen from the install doesn't match the documentation, and when I try to configure it, I constantly get COM errors with the string "The service is not operational". I see no evidence that the service exists in the first place, but the installer generated no errors before allowing configuration to proceed.
buffyg
 
Posts: 7
Joined: Sun Apr 29, 2018 1:28 pm

LastPass Enterprise silently removes empty groups from ACLs

Postby buffyg » Sun Apr 29, 2018 2:02 pm

One of the collateral casualties when enabling Okta provisioning reconciliation and attribute sync for the first time was that stripping group memberships emptied out all groups, which then silently removed all empty groups from ACLs. There are two bugs here:

1) no audit record of removing groups from ACLs
2) at minimum, there should be a policy option to prevent empty groups from being removed from an ACL because, if this can happen merely as an interim state in synchronisation, this is silent subtraction of privileges that can be assigned via that group, which then becomes impossible to account for in automating provisioning
buffyg
 
Posts: 7
Joined: Sun Apr 29, 2018 1:28 pm

Re: LastPass Enterprise AD Agent

Postby jpenny84 » Sun Apr 29, 2018 2:21 pm

I would file a support ticket and deal with their enterprise people directly. Unless LastPass has changed things, your enterprise license should also include telephone support.

https://lastpass.com/support.php?cmd=showfaq&id=5616
jpenny84
 
Posts: 8288
Joined: Tue Mar 06, 2012 9:10 pm

Re: LastPass Enterprise AD Agent

Postby buffyg » Sun Apr 29, 2018 2:35 pm

My experience so far with bug reports via support has been terrible. I don't get an authoritative response back from the product side, I get cases closed, sometimes with questions about what approach I'm supposed to take by design left unanswered, where variations from documented interfaces are so substantial that it's not clear whether the documentation isn't the problem and the question is what the intended behaviour is meant to be.
buffyg
 
Posts: 7
Joined: Sun Apr 29, 2018 1:28 pm


Return to LastPass Enterprise

Who is online

Users browsing this forum: No registered users and 6 guests