HELP FILE

How do I manage general policies for LastPass Enterprise or Identity users?

LastPass Enterprise and Identity accounts offer a number of configurable and recommended policies around security levels and password strength that you can add, edit, or delete as an admin. Each policy can be applied to all users, or an inclusive or exclusive list of users. With over 100 policies available for you to add and configure, you can achieve the most optimal security performance with LastPass.

Note: Are you seeing something different? See instructions for the Password Manager Admin Console or the SSO & MFA Admin Console.

About policy categories

When navigating the General policies page, you can use the policy category drop-down menu to locate your desired policies.

These policy categories include:

  • Default – These policies are enabled by default for all users (but can be disabled or configured otherwise)
  • Recommended – These policies are disabled by default but are recommended by LastPass to enable and configure to best suit the business needs of your organization
  • Access Controls – These policies manage users' access to LastPass
  • Password Rules – These policies manage requirements for site passwords and when users create or use their Master Password
  • Account Restrictions – These policies enforce account restrictions for users
  • Administration – These policies manage general administration, including notifications and reporting for admins, limitations on user access for the Admin Console, and restrictions on upgrade prompts & PasswordPing checks
  • Password Multifactor – These policies manage all settings, restrictions, and requirements for Multifactor Authentication for users
  • Other – These are all other policies that do not fall under the previous categories

If you are actively logged in as a LastPass admin, you can view our complete list of policies for LastPass Enterprise or Identity accounts.

Add a new general policy

  1. Log in with your email address and Master Password to access the New Admin Console at https://admin.lastpass.com/uac.
  2. Go to Policies > General Policies.
  3. Click New Policy.
  4. Navigate to your desired policy in any of the following ways:
    To use this Do this
    Search field
    1. Enter keywords to locate your policy.
    2. Select it and click Continue.
    Policy category tabs
    1. Select the Default, Recommended, or All tabs to locate your desired policy.
      Note: If you select All, click Expand to view.
    2. Select your desired policy.
    3. Click Continue.

  5. For Status, select Enabled or Disabled to choose whether or not to enforce the policy immediately.
  6. For Settings, click Edit policy settings.
    1. When applicable, enter data into the "Value" field based on the data type outlined in the description (e.g., IP Address, domain name, email address, country abbreviation, etc.).
    2. Optional: If desired, you can add Notes about the policy you are configuring.
    3. Click Save changes.

  7. For Users, click Edit policy users.
  8. Choose from the following options:
    Select this Applies to
    All users
    • All users on your account
    Only these users/groups Selected users/groups. Click Assign users & groups then select the names of individual users and/or groups for which this policy should be enforced and click Assign Users.
    All except these users/groups All users except those users/groups you select. Click Assign users & groups then select the names of individual users and/or groups for which this policy should not be enforced and click Assign Users.

  9. Optional: If desired, click Add Configuration to enter a new set of policy settings and select your desired users/groups for your new configuration.

    Result: You have enabled a new policy for your desired users/groups and configuration settings.

Edit an existing general policy

  1. Log in with your email address and Master Password to access the New Admin Console at https://admin.lastpass.com/uac.
  2. Go to Policies > General Policies.
  3. Locate your desired policy using the Search field, Policy status, or Policy category, then click to select it.
  4. In the right navigation, make changes by doing any of the following:
    • Update the Status to Enabled or Disabled.
    • Click Edit policy settings then make changes to the Value and/or Notes and click Save Changes.
    • Click Edit policy users then select from All Users, Only these users/groups, or All except these users/groups.
      Note: For adding new users/groups, click Assign users & groups, then make your selections and click Assign Users. For removing selected users/groups, check the box next to the selected user/group and click Unassign Users.

    Result: You have updated your selected policy, and a confirmation message appears to indicate that your policy changes were saved.

Disable a general policy

  1. Log in with your email address and Master Password to access the New Admin Console at https://admin.lastpass.com/uac.
  2. Go to Policies > General Policies.
  3. Locate your desired policy using the Search field, Policy status, or Policy category, then click to select it.
  4. For the Status, use the drop-down menu and select Disabled.
  5. When prompted, click Disable to confirm.

    Result: You have disabled your selected policy, and a confirmation message appears to indicate that your policy changes were saved.