Skip to main content

Announcing StackOne Defender: leading open-source prompt injection guard for your agent Read More

Connect

Connectors Agent Auth MCP Connector Builder

Optimize

Tool Discovery Falcon Engine

Secure

Defender
Connectors

HRIS / HCM

Employee Onboarding Employee Offboarding

Recruiting

Application Screening Interview Scheduling

Customer Support

Ticket Triage Voice Call Summarization

Sales & CRM

Deal Risk Scoring Lead Qualification

Accounting & Finance

Invoice Processing Month-End Accruals

Marketing

Campaign Reports Lead Nurture Sequences
View All AI Agent Use Cases

Developers

Docs Changelog Status

Learn

Blog Case Studies Events Partners
Pricing
Login Book Demo Start Free
Live 34 Actions

LastPass MCP Server
for AI Agents

StackOne's LastPass MCP server gives AI agents 34 ready-to-use actions for LastPass — with built-in authentication, security, governance, token efficiency, and high tool-calling accuracy.

Start Free Book Demo Read Docs →
LastPass logo
LastPass MCP Server
Built by StackOne StackOne
DrataGPLocalyzeFlipMindtoolsScreenloop

Coverage

34 Agent Actions

Create, read, update, and delete across LastPass — and extend your agent's capabilities with custom actions.

MCP Actions → Create Actions →

Authentication

Agent Tool Authentication

Per-user OAuth in one call. Your LastPass MCP server gets session-scoped tokens with zero credentials stored on your infra.

Agent Auth →

Security

Agent Protection

Every LastPass tool response scanned for prompt injection in milliseconds — 88.7% accuracy, all running on CPU.

Prompt Injection Defense →

Performance

Max Agent Context. Min Cost.

Free up to 96% of your agent's context window to enhance reasoning and reduce cost, on every LastPass call.

Tools Discovery →

What is the LastPass MCP Server?

A LastPass MCP server lets AI agents read and write LastPass data through the Model Context Protocol — Anthropic's open standard for connecting LLMs to external tools. StackOne's LastPass MCP server ships with 34 pre-built actions, fully extensible via the Connector Builder — plus managed authentication, prompt injection defense, and optimized agent context. Connect it from MCP clients like Claude Desktop, Claude Code, Cursor, Goose, and VS Code, or from agent frameworks like OpenAI Agents SDK, LangChain, and Vercel AI SDK.

All LastPass MCP Tools and Actions

Every action from LastPass's API, ready for your agent. Create, read, update, and delete — scoped to exactly what you need.

Groups

  • List Groups

    Retrieve all groups and their members from the LastPass Business account

  • Get Group

    Retrieve a specific group and its members from the LastPass Business account

Roles

  • List Roles

    Retrieve shared folder data containing role permission sets from the LastPass Business account

  • Get Role

    Retrieve shared folder data to look up a specific role by ID

Users

  • Batch Add Users

    Bulk-create one or more LastPass Business users by POSTing an array of user objects to the Enterprise API batchadd command at /enterpriseapi.php, triggering activation emails for each newly provisioned account.

  • Update User

    Update attributes for an existing user in the LastPass Business account

  • Delete User

    Deactivate, remove, or permanently delete a user from the LastPass Business account via the deluser command, with the severity of the action controlled by the required deleteaction parameter (0 = deactivate, 1 = remove from enterprise, 2 = permanent delete).

Other (27)

  • Get Event Report

    Retrieve audit event logs from the LastPass Business account

  • List Policies

    Retrieve shared folder data containing permission sets from the LastPass Business account

  • Get Policy

    Retrieve shared folder data to look up a specific policy by ID

  • Get Shared Folder Data

    Retrieve a list of all shared folders in the LastPass Business account

  • Get Detailed Shared Folder Data

    Retrieve detailed information about all shared folders including sites and permissions

  • Get User Data

    Retrieve detailed account data for users in the LastPass Business account via the getuserdata command, with optional filtering by username, admin status, or disabled status and pagination support for large directories.

  • Batch Change Group Membership

    Add or remove users from groups in bulk

  • Update User Email

    Update a user's primary email address in the LastPass Business account via the Enterprise API updateemail command, triggering a confirmation email to the new address.

  • IAM Get Me

    Return the authentication type and identity for the current LastPass connection. LastPass provisioning API uses account-level credentials (CID + provisioning hash) rather than user-bound credentials — there is no "current user" concept. The auth_type is api_key. The name reflects the CID account number. Confirms credentials are valid via a getuserdata probe.

  • IAM List Groups

    List all groups in the LastPass Business account, mapped to the StackOne IAM unified group schema. Wraps cmd=getuserdata and extracts the Groups object. Groups are identified by name (LastPass has no numeric group ID). Returns group name; created_at, updated_at, description, and roles are not exposed by the API.

  • IAM Get Group

    Retrieve a single LastPass group by its name (used as ID), mapped to the StackOne IAM unified group schema. Wraps cmd=getuserdata and extracts the named group from the Groups object by key.

  • IAM List Organizations

    Return the single LastPass Business account organization, mapped to the StackOne IAM unified organization schema. LastPass is a single-tenant product — one account = one organization identified by the CID (Company ID). Performs a getuserdata auth probe to confirm credentials. Returns id and name derived from the CID; created_at and updated_at are not exposed by the API.

  • IAM Get Organization

    Retrieve the single LastPass Business account organization by its CID. LastPass has one organization per account — pass the CID from unified_list_organizations as the id. Performs a getuserdata auth probe to confirm credentials.

  • IAM List Resource Users

    List users and groups that have access to LastPass shared folders, mapped to the StackOne IAM unified resource_users schema. Wraps cmd=getsfdata. Each entry represents a user or group permission on a specific shared folder, with role derived from the permission flags (can_administer → admin, give → editor, readonly → viewer). Pass resource_id to filter to a specific shared folder by its ID (client-side, getsfdata returns all folders).

  • IAM List Resource Types

    Return the LastPass resource types available for IAM permission checks. LastPass exposes one resource type — shared_folder — representing shared vaults that users and groups can be granted access to. Performs a getuserdata auth probe to confirm credentials.

  • IAM List Roles

    Return the two stable LastPass account-level IAM roles — admin and basic — synthesized from the admin flag on user records. LastPass has no native roles API. Shared-folder permission roles (can_administer, give, readonly) are surfaced per resource via unified_list_resource_users. Performs a getuserdata auth probe so 401/403 surfaces when credentials are bad.

  • IAM Get Role

    Retrieve a single synthesized LastPass IAM role by its stable key. Only "admin" and "basic" are valid — any other id is rejected with a 400. Performs a getuserdata auth probe so 401/403 surfaces when credentials are bad.

  • IAM List Users

    List all users in the LastPass Business account, mapped to the StackOne IAM unified user schema. Wraps the LastPass Provisioning API cmd=getuserdata. Returns identity, admin status, disabled/active status, created date, last login, and group memberships. Roles are synthesized from the admin flag (admin or basic). Supports optional filtering by email address (applied client-side).

  • IAM Get User

    Retrieve a single LastPass user by their email address (used as ID), mapped to the StackOne IAM unified user schema. Wraps cmd=getuserdata with username filter for server-side lookup.

  • Push Sites To Users

    Distribute credential entries (sites) to users in the LastPass Business account

  • Bulk Delete Users

    Delete multiple users from the LastPass Business account in a single call

  • Disable User

    Deactivate a user account while preserving their vault data

  • Enable User

    Re-enable a previously disabled user account

  • Reinvite User

    Resend an invitation email to a user who has not yet accepted

  • Disable Multifactor Authentication

    Disable multifactor authentication for a user

  • Reset Password

    Send a master password reset email to a user

  • Require Master Password Change

    Require a user to change their master password on next login via the LastPass Enterprise API requiremasterpasswordchange command.

Set Up Your LastPass MCP Server in Minutes

One endpoint. Any framework. Your agent is talking to LastPass in under 10 lines of code.

MCP Clients

Agent Frameworks

Claude Desktop
{
  "mcpServers": {
    "stackone": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote@latest",
        "https://api.stackone.com/mcp?x-account-id=<account_id>",
        "--header",
        "Authorization: Basic <YOUR_BASE64_TOKEN>"
      ]
    }
  }
}

More Security MCP Servers

Cloudflare

140+ actions

OneLogin

110+ actions

Auth0

78+ actions

Sentinel XS

69+ actions

Microsoft Entra ID

67+ actions

JumpCloud

65+ actions

Drata

57+ actions

All Security MCP Servers →

LastPass MCP Server Resources

MCP Code Mode: Keeping Tool Responses Out of Agent Context

Anthropic's code_execution processes data already in context. Custom MCP code mode keeps raw tool responses in a sandbox. 14K tokens vs 500.

11 min

Comparing BM25, TF-IDF, and Hybrid Search for MCP Tool Discovery

Benchmarking BM25, TF-IDF, and hybrid search for MCP tool discovery across 916 tools. The 80/20 TF-IDF/BM25 hybrid hits 21% Top-1 accuracy in under 1ms.

10 min

Indirect Prompt Injection Defense for MCP Tools: A Technical Guide

MCP tools that read emails, CRM records, and tickets are indirect prompt injection vectors. Here's how we built a two-tier defense that scans tool results in ~11ms.

12 min

LastPass MCP Server FAQ

LastPass MCP server vs direct API integration — what's the difference?
A LastPass MCP server and direct API integration serve different use cases. Direct API integration is for software-to-software — backend code calling LastPass. A LastPass MCP server is for AI agents — MCP clients like Claude and Cursor, plus framework agents built with OpenAI, LangChain, or Vercel AI — discovering and calling LastPass at runtime. StackOne provides both.
How does LastPass authentication work for AI agents?
LastPass authentication for AI agents works through a StackOne Connect Session. Create one via the dashboard or the SDK — you get an auth link and ready-to-paste config for Claude Desktop, Cursor, and other MCP clients. Your user authenticates their own LastPass account; StackOne handles token exchange, storage, and refresh. Credentials never reach the LLM, and each user is isolated via origin_owner_id.
Are LastPass MCP tools vulnerable to prompt injection?
Yes — LastPass MCP tools can be vulnerable to indirect prompt injection. Any tool that reads user-written content — documents, messages, tickets, records, or free-text fields — is a potential vector. StackOne Defender scans every tool response before it enters the agent's context — regex patterns in ~1ms, then a MiniLM classifier in ~4ms. 88.7% accuracy, CPU-only.
What is the context bloat of a LastPass agent and how do I avoid it?
Context bloat happens when LastPass tool schemas and API responses eat your LastPass agent's memory, preventing it from reasoning effectively. A single LastPass query can return a massive JSON response, and connecting multiple tools compounds the problem. Tools Discovery and Code Mode reduce context bloat — loading only relevant tools per query and keeping raw responses out of the agent's context.
Can I limit which actions my LastPass agent can access?
Yes — you can limit which actions your LastPass agent can access directly from the StackOne dashboard. Toggle actions on or off, or restrict them to specific accounts, with no code changes to your agent. Session tokens can be scoped to exact actions so if one leaks, exposure stays contained.
Can I create custom agent actions for my LastPass MCP server?
Yes — you can create custom agent actions for your LastPass MCP server using Connector Builder. It's an integration agent your coding assistant (Claude Code, Cursor, or Copilot) can invoke to research LastPass's API, generate production-ready connector YAML, test against the live API, and validate before you ship.
When should I NOT use a LastPass MCP server?
Skip a LastPass MCP server if your integration is purely software-to-software — direct LastPass API integration is simpler when no AI agent is involved. For deterministic, compliance-critical operations (financial transactions, regulatory reporting), direct API gives you predictable behavior without agent-driven decision-making. MCP shines when AI agents need to dynamically discover and call LastPass actions at runtime.
What AI frameworks and AI clients does the StackOne LastPass MCP server support?
The StackOne LastPass MCP server supports both. MCP clients (paste-and-go apps): Claude Desktop, Claude Code, Cursor, VS Code, Goose. Agent frameworks (code SDKs you build with): OpenAI Agents SDK, Anthropic, Vercel AI, Google ADK, CrewAI, Pydantic AI, LangChain, LangGraph, Azure AI Foundry.

Put your AI agents to work

All the tools you need to build and scale AI agent integrations, with best-in-class connectivity, execution, and security.

Start Free Book Demo