Step #2: Check your firewall settings

The Custom Attribute Store must be able to communicate with LastPass APIs.

This means that the AD FS server(s) must be able to reach *.lastpass.com.

Open a web browser on your AD FS server(s) and navigate to https://lastpass.com. If it is not reachable, you must allowlist the *.lastpass.com domain on your firewall.

Note: If your environment is an AD FS server farm with primary and secondary nodes, please ensure that the *.lastpass.com domain is allowlisted on all machines.

Parent article: Troubleshooting Federated Login for Active Directory Federation Services (AD FS)

Previous article: Step #1: Check Windows updates and LastPass components versions

Next article: Step #3: Check your AD users' permissions