LastPass

Live 34 Actions

LastPass Integration for AI Agents

Connect your AI agent to 34 production-ready LastPass actions via MCP, A2A, or SDK — with agent authentication, optimized tool-calling execution, and built-in security.

Start Free Book Demo LastPass MCP Server

LastPass AI Agent Actions

34 production-ready actions for your agent to do more on LastPass.

Read the LastPass docs

34 Actions

Get Event Report - Retrieve audit event logs from the LastPass Business account

List Groups - Retrieve all groups and their members from the LastPass Business account

Get Group - Retrieve a specific group and its members from the LastPass Business account

Batch Change Group Membership - Add or remove users from groups in bulk

IAM Get Me - Return the authentication type and identity for the current LastPass connection. LastPass provisioning API uses account-level credentials (CID + provisioning hash) rather than user-bound credentials — there is no "current user" concept. The auth_type is api_key. The name reflects the CID account number. Confirms credentials are valid via a getuserdata probe.

IAM List Groups - List all groups in the LastPass Business account, mapped to the StackOne IAM unified group schema. Wraps cmd=getuserdata and extracts the Groups object. Groups are identified by name (LastPass has no numeric group ID). Returns group name; created_at, updated_at, description, and roles are not exposed by the API.

IAM Get Group - Retrieve a single LastPass group by its name (used as ID), mapped to the StackOne IAM unified group schema. Wraps cmd=getuserdata and extracts the named group from the Groups object by key.

IAM List Organizations - Return the single LastPass Business account organization, mapped to the StackOne IAM unified organization schema. LastPass is a single-tenant product — one account = one organization identified by the CID (Company ID). Performs a getuserdata auth probe to confirm credentials. Returns id and name derived from the CID; created_at and updated_at are not exposed by the API.

IAM Get Organization - Retrieve the single LastPass Business account organization by its CID. LastPass has one organization per account — pass the CID from unified_list_organizations as the id. Performs a getuserdata auth probe to confirm credentials.

IAM List Resource Users - List users and groups that have access to LastPass shared folders, mapped to the StackOne IAM unified resource_users schema. Wraps cmd=getsfdata. Each entry represents a user or group permission on a specific shared folder, with role derived from the permission flags (can_administer → admin, give → editor, readonly → viewer). Pass resource_id to filter to a specific shared folder by its ID (client-side, getsfdata returns all folders).

IAM List Resource Types - Return the LastPass resource types available for IAM permission checks. LastPass exposes one resource type — shared_folder — representing shared vaults that users and groups can be granted access to. Performs a getuserdata auth probe to confirm credentials.

IAM List Roles - Return the two stable LastPass account-level IAM roles — admin and basic — synthesized from the admin flag on user records. LastPass has no native roles API. Shared-folder permission roles (can_administer, give, readonly) are surfaced per resource via unified_list_resource_users. Performs a getuserdata auth probe so 401/403 surfaces when credentials are bad.

IAM Get Role - Retrieve a single synthesized LastPass IAM role by its stable key. Only "admin" and "basic" are valid — any other id is rejected with a 400. Performs a getuserdata auth probe so 401/403 surfaces when credentials are bad.

IAM List Users - List all users in the LastPass Business account, mapped to the StackOne IAM unified user schema. Wraps the LastPass Provisioning API cmd=getuserdata. Returns identity, admin status, disabled/active status, created date, last login, and group memberships. Roles are synthesized from the admin flag (admin or basic). Supports optional filtering by email address (applied client-side).

IAM Get User - Retrieve a single LastPass user by their email address (used as ID), mapped to the StackOne IAM unified user schema. Wraps cmd=getuserdata with username filter for server-side lookup.

List Policies - Retrieve shared folder data containing permission sets from the LastPass Business account

Get Policy - Retrieve shared folder data to look up a specific policy by ID

List Roles - Retrieve shared folder data containing role permission sets from the LastPass Business account

Get Role - Retrieve shared folder data to look up a specific role by ID

Get Shared Folder Data - Retrieve a list of all shared folders in the LastPass Business account

Get Detailed Shared Folder Data - Retrieve detailed information about all shared folders including sites and permissions

Push Sites To Users - Distribute credential entries (sites) to users in the LastPass Business account

Get User Data - Retrieve detailed account data for users in the LastPass Business account via the getuserdata command, with optional filtering by username, admin status, or disabled status and pagination support for large directories.

Batch Add Users - Bulk-create one or more LastPass Business users by POSTing an array of user objects to the Enterprise API batchadd command at /enterpriseapi.php, triggering activation emails for each newly provisioned account.

Update User - Update attributes for an existing user in the LastPass Business account

Delete User - Deactivate, remove, or permanently delete a user from the LastPass Business account via the deluser command, with the severity of the action controlled by the required deleteaction parameter (0 = deactivate, 1 = remove from enterprise, 2 = permanent delete).

Bulk Delete Users - Delete multiple users from the LastPass Business account in a single call

Disable User - Deactivate a user account while preserving their vault data

Enable User - Re-enable a previously disabled user account

Reinvite User - Resend an invitation email to a user who has not yet accepted

Disable Multifactor Authentication - Disable multifactor authentication for a user

Reset Password - Send a master password reset email to a user

Require Master Password Change - Require a user to change their master password on next login via the LastPass Enterprise API requiremasterpasswordchange command.

Update User Email - Update a user's primary email address in the LastPass Business account via the Enterprise API updateemail command, triggering a confirmation email to the new address.

Do More, Build Less

Integration Infrastructure for LastPass AI Agents

Multiple Interfaces

Access integrations via API, AI SDKs, MCP & A2A.

LastPass MCP server

Managed Authentication

Pre-built authentication UI.

Agent auth

Falcon Engine

Every LastPass action runs on Falcon.

Agent Execution Engine

StackOne Defender

88.7% prompt injection detection.

Prompt injection defense

Start Free Book a Demo

"What impressed us most about StackOne is its ambition and clarity. They're creating infrastructure that modern software and the entire AI agent ecosystem can rely on. The depth of secure integrations, the pace of delivery, and the team's foresight into AI's future uniquely position StackOne to redefine this category."

Luna Schmid, Partner at GV

"We've been impressed by how quickly and deeply StackOne integrates with complex enterprise systems -- and now, with their focus on agent-to-agent interoperability, they're unlocking even more powerful use cases for customers. StackOne delivers all of the above in a universal layer -- without compromise."