HELP FILE

How do I manage Passwordless access policies in the new Admin Console?

LastPass admins can set up general access policies to specify approved or prohibited geofencing locations and/or allowed or denied IP ranges from which users can authenticate using the LastPass MFA app. These policies can be applied for general access for all SSO apps, or for specific integrated SSO apps.

Note: This feature requires an account with the LastPass Business + Advanced MFA add-on. How do I upgrade my LastPass Business account with an add-on?

Add a new Passwordless access policy

Before you begin: Please define your desired allowances and/or restrictions for either of the following:
To add a new Passwordless policy, do the following:
  1. Log in with your email address and Master Password to access the new Admin Console at https://admin.lastpass.com.
  2. Go to Policies > Passwordless.
  3. Click New Policy.

  4. Define the following:
    To set this Do this
    Policy Name Enter a name
    Geofences Select your defined geofences
    IP Addresses Select your defined IP addresses
    Policy Level Select either:
    • Your desired SSO app
    • General Access Policy for all SSO apps
  5. Optional: To limit access to a specific time range, check the box for Policy Time Range, then choose from the following:
    To set this Do this
    Time Range Use the modals to specify your time range for the policy
    Zone Select your desired time zone
    Note: Daylight Savings is not observed for access policies.
    Policy Type Select either Permanent or Temporary
    Note: If you selected Temporary, please specify a date range and choose from the following:
    • Allow standard access outside temporary date range for users who need temporary access from a different location (e.g., employees)
    • Restrict access outside temporary date range for users who only need limited time access (e.g., contractors)
  6. When finished, click Save.

  7. Next, select your desired users/groups for which this Passwordless access policy applies.
  8. Click Save.
You have created a new Passwordless access policy, and assigned your desired users/groups to that policy.

Edit existing users and settings for Passwordless access policies

  1. Log in with your email address and Master Password to access the new Admin Console at https://admin.lastpass.com.
  2. Go to Policies > Passwordless > Access policies.
  3. For your desired policy, choose from the following options:
    To change this Do this
    Assigned users
    1. Click the Assign Users icon .
    2. Select or remove your desired users/groups.
    3. Click Save.
    Settings
    1. Click the Settings icon .
    2. Make your desired changes.
    3. Click Save.
  4. Click Save when finished.
You have updated your selected Passwordless access policy.

Delete a Passwordless access policy

  1. Log in with your email address and Master Password to access the new Admin Console at https://admin.lastpass.com.
  2. Go to Policies > Passwordless > Access policies.
  3. Locate your desired access policy, then click the Settings icon .
  4. Click Delete.
  5. When prompted, click Delete to confirm.
You have deleted your selected Passwordless access policy.