You can set up geofencing policies to define which locations and regions that users are allowed or prohibited from using the LastPass MFA app for authentication.
- Log in and access the Admin Console at https://lastpass.com/company/#!/dashboard.
- Select MFA or SSO & MFA in the left navigation.
- To create a geofencing policy, go to in the left navigation.Note: Please be aware that there is an authentication policy that can be enforced to disable users' ability to log in and access their LastPass Vault and/or SSO apps in Offline Mode when a geofencing policy is in place (because their location cannot be determined when offline). Learn more about authentication policies.
- To create a safe Green Zone geofencing policy, do the following:
- Click + Create Green Zone.
- Add a new Green Zone by entering an address in the search box.
- Name the policy by entering a name in the Tag Name box.
- Click Save.
- Optional: Adjust the area of the Green Zone by dragging the handle of the circle on the map.
- Optional: Set a geofencing policy based on region.
- Click Region.
- Select the target safe country, state, or city.
- Click Save.
- Once you have created a Green Zone policy and save, another window displays. Click Setup Policy here to activate and manage the policy settings.
- Click + New Policy to continue setting up the policy.
- Add the Policy Name and select the saved geofencing policy that you just created.
If needed, assign IP addresses.
- Select General Access Policy as the Policy Level option to assign the policy to all applications, or select a specific application from the drop-down menu.
- Optional: Add a Policy Time Range to limit access to a specific time range.
- The policy can be Permanent Policy or Temporary Policy. If you choose a Temporary Policy, select a date for the policy.
- Click Save.
- Click User or Group tab and assign users to the policy by selecting them and clicking Save.
- To create an unsafe Red Zone geofencing policy:
- Click .
- Click + Create Red Zone.
- Add an address in the search box or click Region and select a country, state, or city
- Add a policy name in the Tag Name box.
- Click Save. Note: Red Zones and regions automatically apply to all users and applications and block all users' access from denylisted locations.
- To edit Geofencing Policies.
- Select a geofence policy from the list.
- Edit the policy.
- To delete the policy, click Delete. Note: You can't delete an Active policy which has been assigned to users. A geofence policy is inactive unless assigned to users and applications.
- To activate an inactive geofencing policy or manage access to a policy, click Access and select a policy.
To learn more about assigning and managing access policies, see Access Policy Management.