HELP FILE

Add and Manage Enterprise Policies

LastPass Enterprise offers a number of configurable policies around security levels and password strength. Each policy can be applied to all users, or an inclusive or exclusive list of users (e.g., a policy that prohibits all users from exporting data except for those who are admins). With over 100 policies available for you to add and configure, you can achieve the most optimal security performance with LastPass.

Please view our complete list of Enterprise policies that you can add and manage.

Note: You must be actively logged in with a LastPass Enterprise account in order to view the full list of policies.

For admins that implement Active Directory Federation Services for LastPass Enterprise, the following policies should be noted:

• "Super Admin Password Reset policy" is required– learn more.
• All "Master Password Strength" policies will not be applied.
• "Recommend or Require Linked Personal Account" will not be applied.
• "Account Recovery Email" policy will not be applied.

Topics in this article:

Add a new policy

Edit an existing policy

Delete a policy

Add a new policy

1. Log in and access the Admin Console.
2. Use the menu in the left navigation to go to Settings > Policies.
3. Click Add Policy.
4. Use the drop-down menu to select your desired policy.
5. When applicable, enter data into the "Value" field based on the data type outlined in the description (e.g., IP Address, domain name, email address, country abbreviation, etc.).
6. For the "Applies To" section, choose from the following:
   • All – Select this option to apply to all users on your account.
   • Inclusive List of Users – Select this option then click Edit Users to add the names of individual users and/or groups for which this policy should be enforced. Click Save when finished.
   • Exclusive List of Users – Select this option then click Edit Users to add the names of individual users and/or groups for which this policy should not apply. Click Save when finished.
7. If desired, fill in the "Notes" field to add more information about the policy you are configuring.
8. If applicable, check the box for the option "Enabled" to enforce the policy immediately. If left unchecked, the policy will be added but not yet enforced, but you can edit the policy later to enable it.
9. If applicable, click Add new policy values if you find that you want to create additional configurations that are based on specific Inclusive or Exclusive user lists.
10. Click Save when finished.

Edit an existing policy

1. Log in and access the Admin Console.
2. Use the menu in the left navigation to go to Settings > Policies.
3. Locate your desired policy, then click Edit from the "Action Menu" column.
4. Make your desired changes, then click Save when finished.

Delete a policy

1. Log in and access the Admin Console.
2. Use the menu in the left navigation to go to Settings > Policies.
3. Locate your desired policy, then click Delete from the "Action Menu" column.
4. When prompted, click OK to confirm removal.