HELP FILE

Add and Manage Enterprise Policies

LastPass Enterprise offers a number of configurable policies around security levels and password strength that you can add, edit, or delete as an admin. Each policy can be applied to all users, or an inclusive or exclusive list of users (e.g., a policy that prohibits all users from exporting data except for those who are admins). With over 100 policies available for you to add and configure, you can achieve the most optimal security performance with LastPass. You can also learn about policies that affect federated users only.

Please view our complete list of Enterprise policies that you can add and manage.

Note: You must be actively logged in with a LastPass Enterprise account in order to view the full list of policies.

Enterprise Admin Console Policies. Add, Edit or Delete Policy.

Add a new policy

  1. Log in and access the Admin Console at https://lastpass.com/company/#!/dashboard.
  2. Go to SettingsPolicies in the left navigation.
  3. Click Add Policy.
  4. Use the drop-down menu to select your desired policy.
  5. When applicable, enter data into the "Value" field based on the data type outlined in the description (e.g., IP Address, domain name, email address, country abbreviation, etc.).
  6. For the "Applies To" section, choose from the following:
    • All – Select this option to apply to all users on your account.
    • Inclusive List of Users – Select this option then click Edit Users to add the names of individual users and/or groups for which this policy should be enforced. Click Save when finished.
    • Exclusive List of Users – Select this option then click Edit Users to add the names of individual users and/or groups for which this policy should not apply. Click Save when finished.
  7. If desired, fill in the "Notes" field to add more information about the policy you are configuring.
  8. If applicable, check the box for the option "Enabled" to enforce the policy immediately. If left unchecked, the policy will be added but not yet enforced, but you can edit the policy later to enable it.
  9. If applicable, click Add new policy values if you find that you want to create additional configurations that are based on specific Inclusive or Exclusive user lists.
  10. Click Save when finished.

Edit an existing policy

  1. Log in and access the Admin Console at https://lastpass.com/company/#!/dashboard.
  2. Go to SettingsPolicies in the left navigation.
  3. Locate your desired policy, then click Edit under the "Action Menu" column.
  4. Make your desired changes, then click Save when finished.

Delete a policy

  1. Log in and access the Admin Console at https://lastpass.com/company/#!/dashboard.
  2. Go to SettingsPolicies in the left navigation.
  3. Locate your desired policy, then click Delete under the "Action Menu" column.
  4. When prompted, click OK to confirm removal.

About policies for federated users

For admins that implement Active Directory Federation Services (AD FS) for LastPass Enterprise, the following policies should be noted:

  • "Super Admin Password Reset policy" is requiredlearn more.
  • All "Master Password Strength" policies will not be applied
  • "Account Recovery Email" policy will not be applied
  • All policies requiring the use of Multifactor Authentication in the LastPass Admin Console must be disabled