Lastpass Enterprise

kurzsteve
New Contributor

Does anybody have a current solution to deploying LastPass via policy? Recently they started making their enterprise installer use a .app instead of a .pkg, and their official guide is to download the ZIP to the user's machine and then run

unzip lpmacosx.zip
sudo LastPass Installer.app/Contents/MacOS/LastPass Installer -si

Then have your users manually approve the plugins on the browsers they use (this part seems unavoidable)

I was wondering if anybody else has run into this and if they have a recommended way that they deploy LastPass since the last thread I can find about it is from 2015

10 REPLIES 10

ThijsX
Valued Contributor
Valued Contributor

@kurzsteve

There are two LastPass items, the browser plug-in and the Mac App Store;

  • We deploy the Mac App store through VPP.
  • You can use composer for creating a silent browser plug-in .PKG installer.
  • You are right about the notifications
  • If you are scoping on a browser like Google Chrome you can create a config profile for chrome and tell him to default install the extensions you would like to deploy. Jamf Discussion

jefff
Contributor II

Just to refresh the info on this thread, LastPass sent out a notification yesterday that they are discontinuing the distribution of their application through the Mac App Store.

Please download this new version before February 29, 2020, to get the latest LastPass Mac App experience. After this date, the legacy Mac App (downloaded through the Apple App Store) will continue to function but will no longer be supported or receive security updates. Your experience will continue uninterrupted with the new app download. For more information, read these FAQs on our Support site.

vanschip-gerard
Contributor

I push the browser extension through a configuration profile for both Chrome and Edge. Actually landed on this search while looking for a way to change the settings of the browser extension. Anyone know?

dhorsfall
New Contributor

I'm about to start testing the commands on this page https://admin.lastpass.com/uac/advanced/installSoftware with an empty package installer or just a script in policy - Ill share if I have success!

Run the following commands from a Terminal:

Safari 1 :
curl -s "https://download.cloud.lastpass.com/mac/installer/safari.sh" | bash
Google Chrome 2 :
curl -s "https://download.cloud.lastpass.com/mac/installer/chrome.sh" | bash
Firefox 3 :
curl -s "https://download.cloud.lastpass.com/mac/installer/firefox.sh" | bash

1: Safari installer installs the latest LastPass macOS application
2: Google Chrome extension installer needs administrator rights to access Chrome's install directory
3: Firefox extension installer needs Python version 2.7 or greater
After running the command, some browsers may open and provide additional installation instructions:

Harrie
New Contributor III

@dhorsfall I tried you command line for chrome and I get this error
bash: line 12: /Library/Application Support/Google/Chrome/External Extensions/hdokiejnpimakedhajhdlcegeplioahd.json: Permission denied

ThijsX
Valued Contributor
Valued Contributor

@Harrie Do you run it with the correct privileges? As you need administrator rights.

Harrie
New Contributor III

@txhaflaire hey Thijs, yes as admin

ThijsX
Valued Contributor
Valued Contributor

@Harrie Seems that i do have the same when i test it. i opened the .sh script for Chrome and run it locally and that seems to work (as admin)

funky is that there is no check if $INSTALL_PATH already exists instead of just creating it.

#!/bin/bash


INSTALL_PATH="/Library/Application Support/Google/Chrome/External Extensions"
EXT_ID="hdokiejnpimakedhajhdlcegeplioahd"

if [ -f "$INSTALL_PATH/$EXT_ID.json" ]; then
    echo "LatPass is already in Chrome External Extensions folder, nothing to do. "
    exit 0 
fi

mkdir -p "$INSTALL_PATH"
cat <<JSON > "$INSTALL_PATH/$EXT_ID.json"
{
    "external_update_url": "https://clients2.google.com/service/update2/crx"
}
JSON

chown root:admin "$INSTALL_PATH/$EXT_ID.json"
chmod 644 "$INSTALL_PATH/$EXT_ID.json"

Harrie
New Contributor III

Hi Thijs, ill try this script

OJtheD
New Contributor II

@txhaflaire - seems like creating the path would be a good thing... no? Wouldn't you be able to deploy the extensions ahead of time so that they're present if the user adds Chrome or Firefox?

I added it in Edge using its app configuration as @vanschip-gerard mentioned; I'm not deploying Chrome or Firefox for users, but I'd like to have the extension sitting there waiting for them.