product icon

Configure LastPass Universal Proxy 4.x with the server.properties configuration file without using the CLI tool on Windows

    Before you begin: Check Set up LastPass Universal Proxy v4.x for information on downloading and installing LastPass Universal Proxy.
    About this task:
    Note: This feature requires an account with the LastPass Business + Advanced MFA add-on. How do I upgrade my LastPass Business account with an add-on?
    Important: In order to use LastPass Universal Proxy 4.x, an Active Directory Connector must be installed and an Active Directory must be present.
    Note:

    We recommend using the CLI tool when configuring Universal Proxy for the first time, as it generates an initial version of the server.properties file. This file is human-readable. Therefore, for further configurations you can edit the server.properties configuration file with any of your text editors.

    Also, if you made a mistake when editing the configuration file, you can always start fresh from the CLI tool, and create a new one.

    Tip:
    • To check the current content of the server.properties file without the sensitive data, open PowerShell and execute the following command:
      uproxy -showConfig
    • To open the server.properties file in the default text editor, open PowerShell and execute the following command:
      uproxy -editConfig
    Universal Proxy 4.2 does not support the -showconfig and -editconfig commands.

    For more information on the configuration settings, see Configure LastPass Universal Proxy 4.x using command line interface (CLI) on Windows.

    1. Go to the C:\Program Files\LastPass\Universal Proxy\conf folder, and save server_template.properties as server.properties.
    2. Open the server.properties file with a text editor and edit the properties.
    3. Save the server.properties file.

      The server-template.properties file in C:\Program Files\LastPass\Universal Proxy\conf contains all the possible attributes and their descriptions.

      ###
      ### This configuration file contains the settings for the Universal Proxy.
      ### It has four sections
      ### 	* Server settings
      ### 	* LastPass API settings
      ### 	* LDAP settings
      ### 	* RADIUS settings
      ### Fill Server settings and LastPass API settings first. Then fill LDAP settings if you plan to use
      ### Universal Proxy using LDAP or LDAPS or fill RADIUS settings if you are going to use RADIUS.
      ### If a value is not applicable for your case leave it as it is.
      ### For further information see the online documentation:
      ### 	https://support.lastpass.com/help/what-is-lastpass-universal-proxy
      ###
      ### Note, that it is also possible to configure Universal Proxy using the command line tool.
      ### Issue the following command in PowerShell to start the command line configuration tool:
      ### 	uproxy -configurationTool
      ### Online documentation for the configuration tool:
      ### 	https://support.lastpass.com/help/how-do-i-configure-the-lastpass-universal-proxy-via-command-line
      ###
      
      
      #######################################
      #######################################
      ###                                 ###
      ### Universal Proxy Server settings ###
      ###                                 ###
      #######################################
      #######################################
      ##
      ## Server settings: set these values to configure how the Universal Proxy handles incoming authentication
      ## requests. Choose the authentication protocol (LDAP, LDAPS or RADIUS), specify the ports and domains and
      ## set the server mode (LP, PLP, SFA).
      ## For an explanation about server modes see the documentation:
      ## 	https://support.lastpass.com/help/what-is-lastpass-universal-proxy#server_modes
      ##
      
      # The protocol to authenticate users. [LDAP | LDAPS | RADIUS]
      server.protocol=
      
      # The mode in which Universal Proxy should run [LP | PLP | SFA].
      server.mode=
      
      # The port on which Universal Proxy listens on.
      server.port=
      
      #Accounting port is used if Radius protocol is selected.
      #The accounting port Universal Proxy listens on.
      server.accounting.port=
      
      # The name of your company. This value appears to end users in the MFA app.
      company.name=
      
      # The name of your company. This value appears to end users in the MFA app.
      company.name=
      
      #################################################################
      #################################################################
      ###                                                           ###
      ### Authentication server settings: Common Login Service      ###
      ###                                                           ###
      #################################################################
      #################################################################
      ##
      ##
      
      cli.cls.integration.key=
      cli.cls.integration.secret=
      default.cls.auth.method=
      
      ###################################################
      ###################################################
      ###                                             ###
      ### Authentication server settings: LDAP server ###
      ###                                             ###
      ###################################################
      ###################################################
      ##
      ## LDAP settings: set these values to configure Universal Proxy to be able to communicate with a LDAP server.
      ## Leave these values blank if you are not planning to use Universal Proxy for LDAP authentication.
      ## The ldap.admin.password field is applicable only if the server mode is LP.
      ## The ldap.address, ldap.port and ldap.tls fields can only be used if the server mode is either PLP or SFA.
      ## For an explanation about server modes see the documentation:
      ## 	https://support.lastpass.com/help/what-is-lastpass-universal-proxy#server_modes
      ## For the current server mode see the value of the server.mode variable in this file.
      ## Leave any value blank which is not applicable for your current setup.
      ##
      
      # The address of the AD. Applies to server modes: [PLP | SFA]
      ldap.address=
      
      # The port on which the AD expects authentication messages (default: LDAP: 389, LDAPS: 636). Applies to server modes: [PLP | SFA]
      ldap.port=
      
      # The distinguished name of the LDAP admin user. Example: CN=admin,CN=Users,DC=domain,DC=com
      ldap.admin=
      
      # The password of the LDAP admin user. Applies to server modes: [LP] only.
      ldap.admin.password=
      
      # LDAP naming attribute: the name of the LDAP field in which the Windows user logon name is stored. Possible values: [cn | uid | userPrincipalName | sAMAccountName]
      # ldap.attribute.login=sAMAccountName
      ldap.attribute.login=
      
      # Password of the Keystore and Truststore files containing the SSL certificates. Applies only if you chose LDAPS protocol in Universal Proxy Server settings.
      keystore.password=
      
      #####################################################
      #####################################################
      ###                                               ###
      ### Authentication server settings: Radius server ###
      ###                                               ###
      #####################################################
      #####################################################
      ##
      ## RADIUS settings: set these values to configure Universal Proxy to be able to communicate with a real RADIUS server.
      ## Leave these values blank if you are not planning to use Universal Proxy for RADIUS authentication.
      ## Note, that radius.server.address and radius.server.port are values which have to be filled only if the
      ## server mode is either PLP or SFA.
      ## For an explanation about server modes see the documentation:
      ## 	https://support.lastpass.com/help/what-is-lastpass-universal-proxy#server_modes
      ## For the current server mode see the value of the server.mode variable in this file.
      ## Leave any value blank which is not applicable for your current setup.
      ##
      
      # The address of the RADIUS server. Applies to server modes: [PLP | SFA]
      radius.server.address=
      
      # The port on which the RADIUS server expects the authentication messages (1812 by default). Applies to server modes: [PLP | SFA]
      # radius.server.port=1812
      radius.server.port=
      
      # The accounting port of the Radius server.
      # radius.server.accounting.port=1813
      radius.server.accounting.port=
      
      # The RADIUS secret.
      radius.secret=
      
      #RADIUS Ldap authentication
      radius.ldap.auth.enabled=
      Important: The maximum length of the sAMAccountName is 20 characters.