HELP FILE

How do I manage multifactor authentication options for LastPass Enterprise or Identity users?

Restrict the multifactor authentication options available for use by users within their organization.

For additional security measures, you can also choose to enforce various policies for your users to adhere to when using Multifactor Authentication with their LastPass account.

By default, all Multifactor Authentication options are enabled for LastPass Enterprise accounts. You can manage your desired authentication options by doing the following:

  1. Log in with your email address and Master Password to access the New Admin Console at https://admin.lastpass.com/uac.
  2. Go to Advanced > Enterprise options > Multifactor options.
  3. Uncheck the box(es) next to the Multifactor Authentication option(s) you want to disable, and leave the box(es) checked for the options you want enabled. Choose from the following options:

    Uncheck the box(es) next to the Multifactor Authentication option(s) you want to disable, and leave the box(es) checked for the options you want enabled. Choose from the following options:

  4. Click Update.

Disable Multifactor Authentication

  1. Log in with your email address and Master Password to access the New Admin Console at https://admin.lastpass.com/uac.
  2. Go to Advanced > Enterprise options > Multifactor options.
  3. Uncheck all boxes next to all Multifactor Authentication options.
  4. Click Update.
  5. Go to the Users tab and check the boxes next to the users that have Enabled Multifactor.
  6. Click Disablee multifactor.
  7. If policies are enforced to require use of any Multifactor Authentication option, you must delete those policies.

About Multifactor Authentication for Active Directory Federation Services (AD FS)

Multifactor Authentication set up within LastPass is not supported for federated users. White it is strongly recommended that you protect your account with Multifactor Authentication, it must be set up at the Identity Service Provider level (AD FS) – meaning this authentication must be disabled within the LastPass Admin Console and end user Account Settings – as it will result in federated users being unable to access their Vault.