HELP FILE

How do I manage general policies in the new Admin Console?

LastPass Business accounts offer a number of configurable and recommended policies around security levels and password strength that you can add, edit, or delete as an admin. Each policy can be applied to all users, or an inclusive or exclusive list of users. With over 100 policies available for you to add and configure, you can achieve the most optimal security performance with LastPass.

Note: Are you seeing something different? See instructions for the Password Manager Admin Console or the SSO & MFA Admin Console.

Full policy list

You can view all available policies for LastPass Business on the LastPass Policy page at https://lastpass.com/policy_doc.php. Please note that you must be actively logged in with a LastPass Business account in order to view the full list of policies available.

Note:  LastPass Business policies are separate from those available in the LastPass SSO and/or MFA Admin Console – please see Policy Management for more information.

About policy categories

When navigating the General policies page, you can use the policy category drop-down menu to locate your desired policies.

These policy categories include:

  • Default – These policies are enabled by default for all users (but can be disabled or configured otherwise)
  • Recommended – These policies are disabled by default but are recommended by LastPass to enable and configure to best suit the business needs of your organization
  • Access Controls – These policies manage users' access to LastPass
  • Password Rules – These policies manage requirements for site passwords and when users create or use their Master Password
  • Account Restrictions – These policies enforce account restrictions for users
  • Administration – These policies manage general administration, including notifications and reporting for admins, limitations on user access for the Admin Console, and restrictions on upgrade prompts & PasswordPing checks
  • Password Multifactor – These policies manage all settings, restrictions, and requirements for Multifactor Authentication for users
  • Other – These are all other policies that do not fall under the previous categories

Add a new general policy

  1. Log in with your email address and Master Password to access the new Admin Console at https://admin.lastpass.com.
  2. Go to Policies > General Policies.
  3. Click New Policy.
  4. Search for and select your policy (using the "Search policies" field or policy category tabs).
  5. Click Continue.

    Add a new general policy

  6. For Status, select Enabled or Disabled to choose whether or not to enforce the policy immediately. If disabled, the policy will be added but not yet enforced, and can be enabled later.
  7. For Settings, click Edit policy settings.
    1. When applicable, enter data into the "Value" field based on the data type outlined in the description (e.g., IP Address, domain name, email address, country abbreviation, etc.).
    2. If desired, you can add Notes about the policy you are configuring.
    3. Click Save changes.

  8. For Users, click Edit policy users.
  9. Choose from the following options:
    Select this Applies to
    All users
    • All users on your account
    Only these users/groups Selected users/groups. Click Assign users & groups then select the names of individual users and/or groups for which this policy should be enforced and click Assign Users.
    All except these users/groups All users except those users/groups you select. Click Assign users & groups then select the names of individual users and/or groups for which this policy should not be enforced and click Assign Users.

  10. Optional: If desired, click Add Configuration to enter a new set of policy settings and select your desired users/groups for your new configuration.

    Result: You have enabled a new policy for your desired users/groups and configuration settings.

Edit an existing general policy

  1. Log in with your email address and Master Password to access the new Admin Console at https://admin.lastpass.com.
  2. Go to Policies > General Policies.
  3. Locate your desired policy using the Search field, Policy status, or Policy category, then click to select it.
  4. In the right navigation, make changes by doing any of the following:
    • Update the Status to Enabled or Disabled.
    • Click Edit policy settings then make changes to the Value and/or Notes and click Save Changes.
    • Click Edit policy users then select from All Users, Only these users/groups, or All except these users/groups.
      Note: For adding new users/groups, click Assign users & groups, then make your selections and click Assign Users. For removing selected users/groups, check the box next to the selected user/group and click Unassign Users.

    Result: You have updated your selected policy, and a confirmation message appears to indicate that your policy changes were saved.

Disable a general policy

  1. Log in with your email address and Master Password to access the new Admin Console at https://admin.lastpass.com.
  2. Go to Policies > General Policies.
  3. Locate your desired policy using the Search field, Policy status, or Policy category, then click to select it.
  4. For the Status, use the drop-down menu and select Disabled.
  5. When prompted, click Disable to confirm.

    Result: You have disabled your selected policy, and a confirmation message appears to indicate that your policy changes were saved.