HELP FILE

How do I integrate Duo Security with my LastPass Business account?

LastPass Business supports Duo Security integration, which allows admins to configure policies and authentication methods when using Duo Security.

For more information about all Duo Security offers for LastPass, please see the LastPass & Duo Security Overview.

Required for setup:

  • Duo Security account
    • You can create a Duo account (be sure to select LastPass as your integration type during account creation)
  • LastPass Business account

Step #1: Set up the LastPass application in Duo Security

  1. Log in to the Duo Admin Panel at https://admin.duosecurity.com.
  2. Select Applications > Protect an Application in the left navigation.
  3. Search for LastPass in the list, then select Protect this Application.
  4. Under Details, copy the following values and save them to a text editor:
    • Integration key
    • Secret key (you must click to view)
    • API hostname
  5. If desired, you can also configure additional settings (e.g., Group policies, Username Normalization, etc.). Learn more about Duo Security Application Options.

Step #2: Set up the Duo Security integration in LastPass Business

  1. Log in and access the Admin Console at https://lastpass.com/company/#!/dashboard.
  2. Go to Advanced OptionsBusiness Options > Multifactor options > Duo Security.
  3. Enter Duo Security data (you captured from Step #4 in the previous section) into the following fields:
    • Duo Security integration key
    • Duo Security secret key
    • Duo Security API hostname
  4. Click Update to save your changes.

Step #3: Enable Duo Security as a Multifactor Option

  1. From within the Admin Console, go to Advanced OptionsBusiness Options > Multifactor options.
  2. Under "Enabled Multifactor Options" toggle on the switch for the Duo Security option.

Step #4: Add and configure Multifactor Authentication policies for Duo Security

  1. From within the Admin Console, go to SettingsPolicies in the left navigation.
  2. Click Add Policy, then choose from the following policies:
    • Under Multifactor, select Require use of Duo Security.
      1. To require Duo Security to be used X amount of days after the user account is created, enter a number in the Value field (optional).
      2. Enter the Duo Security integration key, secret key, and API hostnames in the respective fields.
      3. Select your desired user list for which this policy should be applied.
      4. Enter Notes for additional information about this policy (optional).
    • Under Multifactor, select Require use of any multifactor option.
      1. Enter the Duo Security integration key, secret key, and API hostnames in the respective fields.
      2. Select your desired user list for which this policy should be applied.
      3. Enter Notes for additional information about this policy (optional).
    • Under Multifactor, select Use username portion of email address as Duo Security username.
      1. Enter the Duo Security integration key, secret key, and API hostnames in the respective fields.
      2. Select your desired user list for which this policy should be applied.
      3. Enter Notes for additional information about this policy (optional).
    • Under Multifactor, select Use Duo Web SDK when possible.
      1. Enter the Duo Security integration key, secret key, and API hostnames in the respective fields.
      2. Select your desired user list for which this policy should be applied.
      3. Enter Notes for additional information about this policy (optional).
  3. Click Save when finished.

Step #5: Advise your users to set up Multifactor Authentication

Once you have completed the steps above, your users can set up and enable Multifactor Authentication for their LastPass Business account.

About removal of users enabled with Duo Security

Duo Security integration keys are associated with your LastPass Business account. If you remove users from your company account without first disabling Duo Security as their multifactor authentication option, those users may become locked out of their LastPass account (if it is converted to a LastPass Free account) once removed.

For this reason, we recommend disabling the Duo Security for users you plan to remove, as follows:
  1. Go to https://lastpass.com/company/#!/dashboard and log in to access the Admin Console.
  2. Select Users in the left navigation.
  3. Check the boxes next to your desired users.
    Tip: To sort by users enabled with Duo Security, click the Multifactor column header row for the users table.
  4. Select More actions > Disable multifactor for selected users.
  5. Click OK to confirm.

You have disabled Duo Security for your selected users, and you can now safely remove those users from your company account without risk of locking them out (if their accounts convert to LastPass Free accounts).