Step #2: Check your firewall settings
The Custom Attribute Store must be able to communicate with LastPass APIs.
This means that the AD FS server(s) must be able to reach *.lastpass.com.
Open a web browser on your AD FS server(s) and navigate to https://lastpass.com. If it is not reachable, you must allowlist the *.lastpass.com domain on your firewall.
Note: If your environment is an AD FS server farm with primary and secondary nodes, please ensure that the *.lastpass.com domain is allowlisted on all machines.
Previous article: Step #1: Check Windows updates and LastPass components versions
Next article: Step #3: Check your AD users' permissions