Logo
Submit a request Sign in
  1. LogmeOnce
  2. FAQs: Team & Enterprise
  3. Getting Started - For Administrators
  • Video Tutorial
  • Submit a Request

Articles in this section

  • How to signup for A LogMeOnce Team/Enterprise edition account
  • LogMeOnce deployment and implementation overview
  • Getting started with LogMeOnce Business/Enterprise edition
  • LogMeOnce top security feature overview
  • LogMeOnce administration overview
  • LogMeOnce deployment and communication plan
  • How to add users/employees 
  • Active Directory Integration
  • Setup Azure Active Directory SSO with LogMeOnce
  • Azure SCIM Integration Configuration
See more

LogMeOnce Command Line Interface (CLI)

Avatar
Support Team
May 27, 2020 16:18
Follow

The LogMeOnce Command Line Interface (CLI) is a unified tool to manage your LogMeOnce services. The LogMeOnce CLI uses all security features of LogMeOnce and is based on Zero-Knowledge technology.

This feature is available as part of the LogMeOnce Enterprise Edition. You can manage your LogMeOnce services from the command line and automate them through scripts. The LogMeOnce CLI enables you to start running commands that implement functionality equivalent to that provided by the browser-based LogMeOnce Password and Identity Management solution from the command prompt in your favorite terminal program:

  • Linux shells – Use common shell programs such as bash, zsh, and tcsh to run commands in Linux.
  • Windows command line – On Windows, run commands at the Windows command prompt or in PowerShell.

 

Download & Installation

The installation of the LogMeOnce Command Line Interface (LMO CLI) on the supported operating systems are covered below. The installation of the LMO CLI  does not require the installation of Python.

Windows LMO CLI Installation

Download Link: Download LogMeOnce CLI

Setup/Configuration:

  1. Unzip the file into the desired location (For example “C:\Program Files\LogmeOnce” folder)
  2. Modify and add the executable location “C:\Program Files\LogmeOnce\lmocli” to the PATH variable in windows.
    • Press the Windows key and enter environment variables
    • Choose Edit environment variables for your account.
    • Choose PATH, and then choose Edit.
  1. Add the path to the Variable value field. For example: C:\Program Files\LogmeOnce\lmocli
  2. To confirm the installation, use the lmo -version command at a command prompt (open the Start menu and search for cmd to start a command prompt). If version details are not displayed, please make sure the PATH variable is configured properly.

Linux LMO CLI Installation

Download Link: Download LogMeOnce CLI

Setup/Configuration:

    1. Download the LMO CLI ZIP file.
    2. Unzip the file into the desired location (For example “/usr/local/bin” folder)
    3. Modify and add the executable location “/usr/local/bin” to the $PATH variable in windows.
    4. To confirm the installation, use the lmo -version command at a command prompt. If version details are not displayed, please make sure the $PATH variable is configured properly.

Permissions and Roles

LogMeOnce implements Least-privilege access control as default, The LogMeOnce CLI is not enabled as default, you can enable this feature by assigning LMO CLI role to specific users that require to run this feature. All operations by this user are logged for the audit trail. It is recommended to create a separate valid LogMeOnce user with a valid email address and assign an LMO CLI role. 

In order to create a role that allows CLI access: 

  • In Users Management edit a user and go to the Role tab
  • Click “+ Add Role” - enter your new role name
  • From “Unassigned Permission” list select “CommandLineInterface: Access” and move it to left
  • Change “Access” to “User” and click “Save Changes”

Trusting Your IP and Device

As part of LogMeOnce security, a request from an unknown IP or device for a specific user should be trusted first in order to use any of the LogMeOnce commands. You will receive an email that needs to be validated.

Two Factor Authentication (2FA)

LogMeOnce supports Two Factor Authentication (2FA) with CLI using the X.509 certificate 2FA method. In order to enable this feature, select the X.509 Certificate from the Two Factor Authentication setting page for the selected user with CLI permission. The LogMeOnce CLI will use your X.509 certificate file and a password that protects your certificate file to secure CLI authentication.

 

Quick Getting Started

To get started quickly, please follow the steps; 

  • Install LogMeOnce CLI
  • Validate if the installation is successful
               > Lmo -version - Check LogMeOnce CLI version 
  • Configure CLI by adding your credentials and optionally add an X.509 certificate
                > Lmo config - Configure CLI and add your credential and certificate
                > Lmo config show - Check your credentials and certificate
  • Validate if your configuration is complete
                > Lmo config validate - Validate if credential is entered and works properly
  • Check your email and Trust IP and device
                > Lmo config validate - Validate if credential is entered and works properly
  • Perform a quick test
                > Lmo sites - Display all your sites

 

LogMeOnce CLI Reference Guide

Description:

The LogMeOnce Command Line Interface is a unified tool to manage your LogMeOnce services.

Synopsis:

Lmo [options] <command> <subcommand> [parameters]

Use lmo command help for information on a specific command. Use lmo help topics to view a list of available help topics. Optional parameters are shown in square brackets.

Usage: lmo <command>[-h] [-profile PROFILE] [-username USERNAME] [-password PASSWORD] [-domain DOMAIN] [-search] [-update] [-create] [-file FILE] [-delete] [-debug] [-version] [-help] [-decrypt] [-encrypt] [-certificate CERTIFICATE] [-certificate_pass CERTIFICATE_PASS]

Arguments:

  command             Use commands like config, sites, notes, storage, groups, users, events (default: None)

Optional arguments:

  • -h, --help          Show this help message and exit
  • -profile PROFILE    Enter Profile Name (default: None)
  • -username USERNAME  Enter Username. (default: None)
  • -password PASSWORD  Enter Password. (default: None)
  • -domain DOMAIN      Enter Name of Domain (default: None)
  • -search                Search for an item
  • -update               Use for update data (default: 0)
  • -create                 Use for create data (default: 0)
  • -file FILE               Enter file Name (default: None)
  • -delete                 Use for delete data (default: 0)
  • -debug                 Display debug messages (default: False)
  • -version                Display CLI version (default: False)
  • -help                     For help (default: False)
  • -decrypt                Use for decrypt credential (default: 0)
  • -encrypt                Use for encrypt credential (default: 0)
  • -certificate            CERTIFICATE Enter certificate filename (default: None)
  • -certificate_pass    CERTIFICATE_PASS Enter certificate password (default: None)

Configure Command 

Configure [show | validate]  [-profile <profilename>]

This command is run with no arguments, you will be prompted for configuration values such as your LogMeOnce username,  password,  domain, certificate file path, and certificate password. It is highly recommended to create a separate user when using this feature so all logging and audit trail is enabled and easily can be viewed in the Activity Log. 

If your config file does not exist (the default location is <default-user-home>/.lmo/credential.cfg), the LogMeOnce CLI will create it for you. To keep an existing value, hit enter when prompted for the value. When you are prompted for information, the current value will be displayed in [brackets] except the password. If the config item has no value, it is displayed as [None]. 

Note: the values you provide for the LogMeOnce credential will be written to the credentials file (~/.lmo/credential.cfg).

 

The credential is encrypted and data is protected:

[Section1]
username = AT0oInhv1MqGu12cZIOLI48MggZD5J6irc9IhN64ESS4LdllMUIVYy2JzZ3fM+CX2JYrUj6PZtb1yMlSttUzuJkVZI7su
password = AdZ/CYVhni9d/tRGxiHS7zVyqy5uYm/Y66OvxO4BrUdKei8qyn9q8RjOJ9t0Zjj9FDQuhd3u1F+yul-+x6TZ7dGBfEoN
domain = AdsIcq2CgnbPgwer4f!tnT3Qw6lMdm4zjePmemrt@YLYCiWhVge9Vq+OAcpTZVr+fxhpbynR3mT46x6GZVBNnfQmERaL9p
certificate = AYW19W2vzjTS0VI5IXOEcTq3XuuBhNpWkYjYnoXKoCR7oF5PzJ1dMrP+Wd3Diirnv3TLjmRn43tpxvTGwSVenzWACXVGFKReLnv+aOhpBPV5EwhUcw== certificate_password = AcEpCYZbGG+f2psKatXAtoX2iayyXMu+zNLzK+A5EG4VdQADFKRJM3s3DmJhXgSY++uVjsu2Pck=

 

Examples:

Windows configuration file location: C:\Users\mike\.lmo\credential.cfg

Linux configuration file location: ~\.lmo\credential.cfg

 

>lmo config or lmo config -profile service2.cfg
LogMeOnce Username [None]: marketing@logmeonce.com
LogMeOnce Password [None]: <Your-password-for-this-account>
LogMeOnce Domain [None]: <yourdomain>.logmeonce.com
LogMeOnce Certificate [None]: <Your-two-factor-authentication-X.509-certificate> LogMeOnce Certificate Password [None]: <Your-two-factor-authentication-X.509-certificate-password>
 >lmo config show or lmo config show -profile service2.cfg 
 >lmo config validate or lmo config validate -profile service2.cfg


The only difference is with LogMeOnce CLI it requires a password and PasswordLess operations are not permitted. 

 

Sites Command 

Sites [site_ID] [-profile name]

This command is run with no arguments, you will be prompted for configuration values such as your LogMeOnce username,  password, and domain. It is highly recommended to create a separate user when using this feature so all logging and audit trail is enabled. 

Getting a list of sites

Additional parameters

  • search - filters the list of sites by search phrase
> lmo sites -search Facebook
> lmo sites -search “two words”
  •  decrypt - decrypts input values
> lmo sites -decrypt


Examples:

{
"sites": [
     {
         "id": 1749398,
         "name": "Google",
         "updated": 1586452560,
         "flags": 293,
         "image": "https://logmeonce-sites.s3.amazonaws.com/256_google_175x175.png",
         "icon": "https://logmeonce-sites.s3.amazonaws.com/256_google_16x16.png",
         "used": 0,
         "login": {
             "Url": "https://accounts.google.com/ServiceLogin?continue=http://www.google.com/",
             "regex": "^(ftp|http|https)://([^/]+\\.)?google.com.*",
             "inputs": [
                 {
                     "flags": 3,
                     "name": "[\"identifier\", \"Email\"]",
                     "type": "text",
                     "value": "Adh/fgxV90+BoMboA+DojRSxAb7BhGpz26IrF+Nxj49QPOjc5f8swFBcpgLBKG3rRasAkf0="
                 },
                 {
                     "flags": 5,
                     "name": "[\"password\", \"Passwd\"]",
                     "type": "password",
                     "value": "Adh/fgzAxSBxlmvPL/tV+50rS1F5y5fLyp4I8zPoq+rYsR0JFFOuvlhkciNzh/ahT8pshh8="
                 }
             ],
             "match": {
                 "username": "#profileIdentifier, #email-display",
                 "trim": "@gmail.com"
             },
             "action": {
                 "submit": "#identifierNext, #passwordNext"
             }
         }
}
}

 

Getting a single site

> lmo sites [SITE_ID] 

You can get a single site data by providing site ID.

> lmo sites 1749398

Additional parameters

  • decrypt - decrypts input values
> lmo sites 1749398 -decrypt

 

Creating a new site

> lmo sites -create -file <FILE_PATH>

This is another version of sites command. With help of the “create” parameter, you can create new sites. The information on the new site should be available in JSON file. 

 

JSON file format:

{
    "url": "https://www.facebook.com/",
    "name": "Facebook (john)",
    "inputs": [{
        "type": "text",
        "value": "john.doe@gmail.com"
    }, {
        "type": "password",
        "value": "secret_password",
    }]
}


Site data format:

  • URL - Login page URL (required)
  • name - The name of the site (optional)
  • inputs - The array of inputs - at least a single password must be present (required)
  • note - The site note (optional)
  • flags - The numeric value that defines SSO and SLO (bitwise operation)
    • 1 - SSO - Automatic Login
    • 2 - SLO - Automatic Logout

By default only SSO is enabled, possible values are:

  • 0 - Both SSO, SLO disabled
  • 1 - SSO enabled, SLO disabled
  • 2 - SSO disabled, SLO enabled
  • 3 - Both SSO, SLO enabled

Input data format:

  • type - default is text
  • flags - The numeric value that defines input properties (bitwise operation)
    • 1 - required - this input is required to be found on the login page, all required inputs must be found in order for the site to be detected
    • 2 - username - this input is marked as Username (only 1 input can be marked as username, but there can be more non-password inputs)
    • 4 - password - this input is marked as Password (only 1 input can be marked as password, but there can be more inputs with type password)
    • 8 - used internally by some sites from the catalog
    • 16 - only for inputs that are “checkbox” type - when this bit is set it means checkbox is checked, when this bit is not set checkbox is unchecked
  • value - the value of the input - must be encrypted

Additional parameters

  • encrypt - encrypting input values are note
> lmo sites -create -encrypt -file file somefile.json

 

Updating existing site

> lmo sites [SITE_ID] -update -file <FILE_PATH>

With help of the update parameter of sites, you can update existing sites. The information on the new site should be available in file or parameter.

The data format for the input JSON file is exactly the same as explained above in the create section. If you only want to update one or two parameters without passing all data - instead of passing the parameters in JSON file - you can pass it as arguments, like:

> lmo sites 1749398 -update -name “Facebook (changed)”
> lmo sites 1749398 -update -name “Facebook (changed)” -url https://facebook.com

All parameters can be passed as arguments or in JSON file format - but it is recommended to use the JSON file.

 

Deleting site

> lmo sites [ID] -delete 

A site can be deleted by providing an existing site ID.

 

Users Command 

Get a list of users

> lmo users

Sample response:

{
   "users": [
       {
           "id": 1,
           "username": "michaelm@logmeonce.com",
           "email": "michaelm@logmeonce.com",
           "firstname": "Michael",
           "lastname": "Miller",
           "picture": "http://m-s3.logmeonce.com/48.jpg",
           "active": true,
           "confirmed": false,
           "license": 102,
           "roles": [],
           "birthdate": "1950-01-01",
           "gender": "m",
           "address": "Address",
           "city": "City",
           "zip": "11-222",
           "country": "US",
           "phone": "+1123",
           "company": "LogMeOnce",
           "website": "https://LogMeOnce.com"
       }
   ]
}

 

Response properties:

  • users – This an array of users
    • Id
    • Username - Username
    • Email – Primary email address
    • Picture – Picture URL
    • Active – Boolean if the user is active
    • Confirmed – Boolean if user confirmed his account (and set up his account after invitation email)
    • License
    • Roles – Array of roles
    • Firstname - First Name
    • Lastname - Last name
    • Birthdate – Birthdate
    • Gender – Gender
    • Address – Address
    • City – Address
    • State – Address
    • Zip – Address
    • Phone – Phone
    • Company – Company Name
    • Jobtitle – Job Title
    • Website – Website URL

Get a single user

> lmo users [USER_ID] 

You can get user data by providing the user ID.

Create a new user

> lmo users  -create --username [USERNAME] --firstname [FIRSTNAME] 

Additional parameters

If the user is to be activated and invitation email sent, then additionally, activate – value must be 1.

  • firstName
  • lastName
  • email
  • birthdate
  • gender
  • address
  • city
  • state
  • zip
  • country
  • phone
  • company
  • jobTitle
  • website
  • activate - “1” - user will be activated and invitation email sent

With the help of the create parameter, you can create another user by providing double dash type body parameters. Now, a single dash parameter is reserved for CLI and the double dash parameter is for CLI API.

Update existing user

This command is used to update the attributes of an existing user.

> lmo users [USER_ID] -update

Additional parameters can be passed the same as the above example.

Delete user

This command is used to delete an existing user.

> lmo users [USER_ID] –delete

 

Activating user

This command is used to activate a user.

> lmo users [USER_ID] activate –update

 

Deactivating user

This command is used to deactivate/disable an existing user.

> lmo users [USER_ID] deactivate –update

 

List of users for a specific group

This command is used to find a list of users in an existing group.

> lmo groups [GROUP_ID] users

 

Adding and/or removing users into a specific group

This command is used to add or remove a user from an existing group.

> lmo groups [GROUP_ID] users –update --add [USER_ID] --remove [USER_ID]

Adding and/or removing multiple users into a specific group

This command is used to add or remove multiple users from an existing group.

> lmo groups [GROUP_ID] users –update --add [USER_ID_1] --add [USER_ID_2] --add [USER_ID_3] --remove [USER_ID_1] --remove [USER_ID_2]

 

Groups Command 

Get a list of groups

This command is used to get a list of all groups.

> lmo groups

Sample response:

{
   "groups": [
       {
           "id": 5717,
           "name": "Canada2"
       },
       {
           "id": 5719,
           "name": "Arizona"
       },
       {
           "id": 8762,
           "name": "AAA"
       }
   ]
}

Response properties:

  • groups – This array of groups
    • id - Group ID
    • parent – Parent group id
    • name - Group Name
    • description - Group Description

Get a single group

This command is used to get details of a single group.

> lmo groups [GROUP_ID]

The response is the same as above

 

Create a new group

This command is used to create a new group.

> lmo groups –create --name [GROUP_NAME] --description [GROUP_DESCRIPTION]

Additional parameters same as above

  • name
  • description

 

Update existing group

This command is used to update an existing group.

> lmo groups [GROUP_ID] -update

Additional parameters same as above

 

Delete group

This command is used to delete an existing group.

> lmo groups [GROUP_ID] -delete

 

List of groups for a user

This command is used to list all groups of an existing user.

> lmo users [USER_ID] groups

 

Joining and/or leaving a group for a specific user

This command is used to assign a user to a group or remove a user from a group.

> lmo users [USER_ID] groups –update --join [GROUP_ID]  -- leave [GROUP_ID]

Joining and/or leaving multiple groups for a specific user

This command is used to assign, multiple users, to a group or remove multiple users from a group.

> lmo users [USER_ID] groups –update --join [GROUP_ID_1] --join [GROUP_ID_2] --join [GROUP_ID_3]  -- leave [GROUP_ID_1] --leave [GROUP_ID_2]

 

Events Command 

Get a list of events

This command is used to get a list of events generated in your account. This can be used to be exported to Splunk or other Security information and event management (SIEM) solutions.

> lmo events

Additional parameters

  • order – To sort the retrieved events in either ascending or descending orders.
> lmo events –-order asc

> lmo events –-order desc
  • limit – Limit number of events to be displayed in one-page
> lmo events –-limit 20
  • page – Display events of specific page
> lmo events –-page 5
  • datetime – Display events were ‘events > datetime’. Here datetime is Epoch timestamp.
> lmo events –-date           time 1601193600

 

Examples:

{
   "events": [
       {
           "id": 13138427,
           "user": 5124099494,
           "type": "login",
           "created": 1601193395,
           "ip": "100.1.25.100",
           "device": 98030,
           "browser": {
               "type": 12,
               "version": "2.0"
           }
       },
       {
           "id": 13138426,
           "user": 531249494,
           "type": "login",
           "created": 1601193391,
           "ip": "192.168.61.87",
           "device": 98030,
           "browser": {
               "type": 12,
               "version": "2.0"
           }
       },
       {
           "id": 13138322,
           "user": 512569494,
           "type": "login",
           "created": 1601192321,
           "ip": "192.168.2.100",
           "device": 98030,
           "browser": {
               "type": 12,
               "version": "2.0"
           }
       },
       {
           "id": 13138321,
           "user": 1235659494,
           "type": "login",
           "created": 1601192318,
           "ip": "149.234.61.87",
           "device": 98030,
           "browser": {
               "type": 12,
               "version": "2.0"
           }
       },
       {
           "id": 13138319,
           "user": 1230959494,
           "type": "login",
           "created": 1601192267,
           "ip": "192.100.2.100",
           "device": 98030,
           "browser": {
               "type": 12,
               "version": "2.0"
           }
       },
       {
           "id": 13138318,
           "user": 19267159494,
           "type": "login",
           "created": 1601192262,
           "ip": "100.234.61.87",
           "device": 98030,
           "browser": {
               "type": 12,
               "version": "2.0"
           }
       },
       {
           "id": 13138307,
           "user": 1270959494,
           "type": "login",
           "created": 1601192119,
           "ip": "200.100.2.100",
           "device": 98030,
           "browser": {
               "type": 12,
               "version": "2.0"
           }
       },
       {
           "id": 13138306,
           "user": 871592194,
           "type": "login",
           "created": 1601192116,
           "ip": "249.324.61.87",
           "device": 98030,
           "browser": {
               "type": 12,
               "version": "2.0"
           }
       },
       {
           "id": 13138305,
           "user": 109259444,
           "type": "login",
           "created": 1601192042,
           "ip": "210.120.2.100",
           "device": 98030,
           "browser": {
               "type": 12,
               "version": "2.0"
           }
       },
       {
           "id": 13138303,
           "user": 23559494,
           "type": "login",
           "created": 1601192037,
           "ip": "129.134.61.87",
           "device": 98030,
           "browser": {
               "type": 12,
               "version": "2.0"
           }
       }
   ],
   "limit": 10,
   "page": 1,
   "total": 852
}

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Can't find what you're looking for?

Let us help you!

Submit a request

Copyright © 2011-2020 LogMeOnce. All rights reserved.

Made with ❤️ by viablecube