Enable Multifactor Authentication (Admins)
Multifactor Authentication is an added layer of security that you can enable within LastPass, and requires a second step before you can gain access to your account. Enabling this security feature helps protect your account from keyloggers and other threats – even if your Master Password was compromised, your account could not be accessed without this second form of authentication.
For LastPass Teams and Enterprise accounts, admins have the ability to select specific authenticator(s) for Multifactor Authentication, and enforce policies that require their users to authenticate before they can access their LastPass account. For some authenticators, additional integration steps must be completed during the setup process.
To get started with setting up Multifactor Authentication as an admin, log in and access the Admin Console at https://lastpass.com/company/#!/dashboard, then follow the steps below.
Note: Not a LastPass admin? See steps for enabling Multifactor Authentication as a user.
Step #1: Configure your authenticator integration (if applicable – LastPass Enterprise only)
The following authenticators require an active account with their service in order for you set up your integration with LastPass Enterprise:
If you are using one of the authenticators listed above, you are required to complete the integration steps for your authenticator first. Otherwise, proceed to the next step.
Step #2: Select your Multifactor Authentication options
By default, all authenticators are enabled in LastPass Teams and Enterprise accounts. If desired, you can select specific authenticator(s) to be used for Multifactor Authentication for your account. Only the options you select will be available for your users to begin the setup process on their end.
Note: LastPass Enterprise accounts using Active Directory Federation Services (AD FS) must disable all Multifactor Authentication options within the LastPass Admin Console – learn more.
Step #3: Add and configure policies for Multifactor Authentication
If preferred, you can add and configure various LastPass Teams or Enterprise policies for your organization that involve Multifactor Authentication, including the requirement of users to authenticate before they can access their LastPass account, enforcement of restrictions on which authenticator(s) can be used, and much more.
Please note that if you require use of a specific authenticator, you must be sure it is also enabled as a multifactor option (Step #2).
Note: LastPass Enterprise accounts using Active Directory Federation Services (AD FS) must disable all Multifactor Authentication policies within the LastPass Admin Console – learn more.
Step #4: Advise your users to set up Multifactor Authentication
Once you have completed the steps above, your users can set up and enable Multifactor Authentication for their LastPass Teams or Enterprise account.