HELP FILE

Enterprise Admin Management of Multifactor Authentication Options

LastPass Enterprise admins can restrict the Multifactor Authentication options available for use by users within their organization. For additional security measures, you can also choose to enforce various policies for your users to adhere to when using Multifactor Authentication with their LastPass account.

Manage Multifactor Authentication options

By default, all Multifactor Authentication options are enabled for LastPass Enterprise accounts. You can manage your desired authentication options by doing the following:

1. Log in and access the Admin Console at https://lastpass.com/company/#!/dashboard.
2. Go to Advanced Options > Enterprise Options > Enabled Multifactor Options in the left navigation.
3. Uncheck the box(es) next to the Multifactor Authentication option(s) you want to disable, and leave the box(es) checked for the options you want enabled. Choose from the following options:
   • LastPass Authenticator
   • Google Authenticator
   • Toopher
   • Duo Security
   • Transakt
   • Grid
   • YubiKey
   • Fingerprint/Smart Card
   • Sesame
   • RSA SecurID/RADIUS
   • Symantec VIP
   • SecureAuth
4. Click Update when finished.

About Multifactor Authentication for Active Directory Federation Services (AD FS)

Multifactor Authentication set up within LastPass is not supported for federated users. White it is strongly recommended that you protect your account with Multifactor Authentication, it must be set up at the Identity Service Provider level (AD FS) – meaning this authentication must be disabled within the LastPass Admin Console and end user Account Settings – as it will result in federated users being unable to access their Vault.

Disable Multifactor Authentication

If there are Multifactor Authentication options are already enabled for your account – with policies enforced to require use of those options – and now you want to disable Multifactor Authentication, you must complete the steps below to ensure a seamless experience for your users.

1. From the Admin Console, go to Advanced Options > Enterprise Options > Enabled Multifactor Options in the left navigation.
2. Uncheck all boxes next to all Multifactor Authentication options.
3. Click Update when finished.
4. If policies are enforced to require use of any Multifactor Authentication option, you must delete those policies.