How do I manually terminate LastPass Enterprise or Identity users?
There are several termination options available for LastPass administrators to use, each with varying degrees of severity. Please consider your options carefully prior to deleting or removing users. These actions can be performed manually via the New Admin Console (as shown below), or can be automated using directory integration options.
- Log in with your email address and Master Password to access the New Admin Console at https://admin.lastpass.com/uac.
- Go to Users and select a user.
- Click the ... icon.
- Choose from the following options, each outlined in detail below:
- Disable users
Disabling a user in your LastPass Enterprise or Identity account puts a lock on the account. No one – not even your LastPass administrator – can log in to the account regardless of passwords or previous access. Once disabled, the seat will be available for reassignment.
- Remove from company
- The user's account will be disassociated from the company account and the seat will be available for reassignment. The removed user's account will be downgraded to a LastPass Free account. When you remove a user select one of the following options:
- Allow access to shared folders and sites - Allows all items that were shared with the user from other users in the company account to remain available to the user (from within shared folders and single shared items).
- Forbid access to shared folders and sites - Deletes all items within the account that have been shared with the user from other users in the company account (from within shared folders and single shared items).
- Delete users
Deleting an account fully deletes all information including any stored data within the user's LastPass account. If you are converting existing users to federated login users and have users that were created manually, those manually created accounts must be deleted and recreated again. It is recommended that the Vault data for these users be exported so it can be restored after their account has been recreated as a federated login user.
Once deleted, the seat will be available for reassignment.
- Reset Master Password
This option is only available if the Permit super admins to reset Master Passwords policy is in place to allow those LastPass admins to reset the Master Password for the user's account. This option can be leveraged under the following scenarios:
- You would like to lock-out the owner of the account, but still allow Admin access. This can be helpful for audit purposes; in order to update and/or terminate any credentials to which the end user had access.
- If you would like to assign the entire account – with all of its contents – to another employee.