HELP FILE

How do I allow offline mode for the LastPass MFA app using policies?

In order for LastPass MFA users to authenticate using time-based One-time Passcodes (TOTP) while their device is offline or in Airplane mode, you must enable an authentication policy in the LastPass (MFA or SSO & MFA) Admin Console to allow offline mode for the app. You can also configure an additional authentication policy to allow or prohibit offline access for LastPass MFA if Geofencing has been configured for your account.

Considerations for LastPass Identity admins

In addition to enabling the offline mode policy, admins for LastPass Identity accounts (using a Password Manager Vault, SSO, and MFA) must also ensure that there are not any policies enabled within the Password Manager Admin Console that prohibit offline access to these users. Learn how to manage policies in the Password Manager Admin Console.

Enable the "Allow Offline Mode" policy

  1. Log in and access the LastPass Admin Console by doing either of the following:
    • While logged in to LastPass, click the active LastPass icon in your web browser toolbar, then select Admin Console in the menu.
    • Log in at https://lastpass.com/?ac=1 with your username and Master Password, then select Admin Console in the left navigation.
  2. In the left navigation of the Admin Console, select MFA or SSO & MFA.
  3. In the left navigation, go to PolicyAuthentication.
  4. Scroll to the bottom of the page and locate "Allow Offline Mode for LastPass MFA" for both iOS and Android.
  5. Click the radio button for Enable Offline Mode for iOS and/or Android.

Your LastPass MFA app users are now able to use time-based One-Time Passcodes to authenticate if their device is offline.

Enable Offline Mode if Geofencing is configured

  1. Log in and access the LastPass Admin Console by doing either of the following:
    • While logged in to LastPass, click the active LastPass icon in your web browser toolbar, then select Admin Console in the menu.
    • Log in at https://lastpass.com/?ac=1 with your username and Master Password, then select Admin Console in the left navigation.
  2. In the left navigation of the Admin Console, select MFA or SSO & MFA.
  3. In the left navigation, go to Policy > Authentication.
  4. Scroll to the bottom of the page and locate "Prohibit Offline Mode when Geofencing is Enabled" for both iOS and Android.
  5. Click the radio button for Disable Policy for iOS and/or Android.

Your LastPass MFA app users are now able to use time-based One-Time Passcodes to authenticate if their device is offline and a geofencing policy is in place.