Configure LastPass Universal Proxy 4.x with the server.properties configuration file without using the CLI tool on Windows

Before you begin: Check Set up LastPass Universal Proxy v4.x for information on downloading and installing LastPass Universal Proxy.

About this task:

Note: This feature requires an account with the LastPass Business + Advanced MFA add-on. How do I upgrade my LastPass Business account with an add-on?

Important: In order to use LastPass Universal Proxy 4.x, an Active Directory Connector must be installed and an Active Directory must be present.

Note:

We recommend using the CLI tool when configuring Universal Proxy for the first time, as it generates an initial version of the server.properties file. This file is human-readable. Therefore, for further configurations you can edit the server.properties configuration file with any of your text editors.

Also, if you made a mistake when editing the configuration file, you can always start fresh from the CLI tool, and create a new one.

Tip:

To check the current content of the server.properties file without the sensitive data, open PowerShell and execute the following command:
```
uproxy -showConfig
```
To open the server.properties file in the default text editor, open PowerShell and execute the following command:
```
uproxy -editConfig
```

Universal Proxy 4.2 does not support the -showconfig and -editconfig commands.

For more information on the configuration settings, see Configure LastPass Universal Proxy 4.x using command line interface (CLI) on Windows.

Go to the C:\Program Files\LastPass\Universal Proxy\conf folder, and save server_template.properties as server.properties.
Open the server.properties file with a text editor and edit the properties.

Save the server.properties file.

The server-template.properties file in C:\Program Files\LastPass\Universal Proxy\conf contains all the possible attributes and their descriptions.

###
### This configuration file contains the settings for the Universal Proxy.
### It has four sections
### 	* Server settings
### 	* LastPass API settings
### 	* LDAP settings
### 	* RADIUS settings
### Fill Server settings and LastPass API settings first. Then fill LDAP settings if you plan to use
### Universal Proxy using LDAP or LDAPS or fill RADIUS settings if you are going to use RADIUS.
### If a value is not applicable for your case leave it as it is.
### For further information see the online documentation:
### 	https://support.lastpass.com/help/what-is-lastpass-universal-proxy
###
### Note, that it is also possible to configure Universal Proxy using the command line tool.
### Issue the following command in PowerShell to start the command line configuration tool:
### 	uproxy -configurationTool
### Online documentation for the configuration tool:
### 	https://support.lastpass.com/help/how-do-i-configure-the-lastpass-universal-proxy-via-command-line
###


#######################################
#######################################
###                                 ###
### Universal Proxy Server settings ###
###                                 ###
#######################################
#######################################
##
## Server settings: set these values to configure how the Universal Proxy handles incoming authentication
## requests. Choose the authentication protocol (LDAP, LDAPS or RADIUS), specify the ports and domains and
## set the server mode (LP, PLP, SFA).
## For an explanation about server modes see the documentation:
## 	https://support.lastpass.com/help/what-is-lastpass-universal-proxy#server_modes
##

# The protocol to authenticate users. [LDAP | LDAPS | RADIUS]
server.protocol=

# The mode in which Universal Proxy should run [LP | PLP | SFA].
server.mode=

# The port on which Universal Proxy listens on.
server.port=

#Accounting port is used if Radius protocol is selected.
#The accounting port Universal Proxy listens on.
server.accounting.port=

# The name of your company. This value appears to end users in the MFA app.
company.name=

# The name of your company. This value appears to end users in the MFA app.
company.name=

#################################################################
#################################################################
###                                                           ###
### Authentication server settings: Common Login Service      ###
###                                                           ###
#################################################################
#################################################################
##
##

cli.cls.integration.key=
cli.cls.integration.secret=
default.cls.auth.method=

###################################################
###################################################
###                                             ###
### Authentication server settings: LDAP server ###
###                                             ###
###################################################
###################################################
##
## LDAP settings: set these values to configure Universal Proxy to be able to communicate with a LDAP server.
## Leave these values blank if you are not planning to use Universal Proxy for LDAP authentication.
## The ldap.admin.password field is applicable only if the server mode is LP.
## The ldap.address, ldap.port and ldap.tls fields can only be used if the server mode is either PLP or SFA.
## For an explanation about server modes see the documentation:
## 	https://support.lastpass.com/help/what-is-lastpass-universal-proxy#server_modes
## For the current server mode see the value of the server.mode variable in this file.
## Leave any value blank which is not applicable for your current setup.
##

# The address of the AD. Applies to server modes: [PLP | SFA]
ldap.address=

# The port on which the AD expects authentication messages (default: LDAP: 389, LDAPS: 636). Applies to server modes: [PLP | SFA]
ldap.port=

# The distinguished name of the LDAP admin user. Example: CN=admin,CN=Users,DC=domain,DC=com
ldap.admin=

# The password of the LDAP admin user. Applies to server modes: [LP] only.
ldap.admin.password=

# LDAP naming attribute: the name of the LDAP field in which the Windows user logon name is stored. Possible values: [cn | uid | userPrincipalName | sAMAccountName]
# ldap.attribute.login=sAMAccountName
ldap.attribute.login=

# Password of the Keystore and Truststore files containing the SSL certificates. Applies only if you chose LDAPS protocol in Universal Proxy Server settings.
keystore.password=

#####################################################
#####################################################
###                                               ###
### Authentication server settings: Radius server ###
###                                               ###
#####################################################
#####################################################
##
## RADIUS settings: set these values to configure Universal Proxy to be able to communicate with a real RADIUS server.
## Leave these values blank if you are not planning to use Universal Proxy for RADIUS authentication.
## Note, that radius.server.address and radius.server.port are values which have to be filled only if the
## server mode is either PLP or SFA.
## For an explanation about server modes see the documentation:
## 	https://support.lastpass.com/help/what-is-lastpass-universal-proxy#server_modes
## For the current server mode see the value of the server.mode variable in this file.
## Leave any value blank which is not applicable for your current setup.
##

# The address of the RADIUS server. Applies to server modes: [PLP | SFA]
radius.server.address=

# The port on which the RADIUS server expects the authentication messages (1812 by default). Applies to server modes: [PLP | SFA]
# radius.server.port=1812
radius.server.port=

# The accounting port of the Radius server.
# radius.server.accounting.port=1813
radius.server.accounting.port=

# The RADIUS secret.
radius.secret=

#RADIUS Ldap authentication
radius.ldap.auth.enabled=

Important: The maximum length of the sAMAccountName is 20 characters.