HELP FILE

Manage LastPass Enterprise Shared Folders (Users)

A shared folder is a special folder in your Vault that you can use to securely and easily share Sites and Secure Notes with other LastPass users and groups. Learn more about the limitations and management options available for shared folders.

For LastPass Enterprise admins, please see View and Manage LastPass Enterprise Shared Folders (Admins) for more information.

For more information about how to share individual items (e.g., usernames, passwords, Secure Notes, etc.) instead of a folder, please see Use the Sharing Center.

Additionally, shared folders are also supported in LastPass Families and Teams accounts.

Note: The ability to perform these actions may be limited or prohibited due to policies enabled for your account by your LastPass admin.

Topics in this article:

Create a shared folder

Manage items within a shared folder

Manage user and group memberships

Grant user and group access

Restrict user and group access

Remove user or group access

Convert a folder to a shared folder

Share folders with users outside of your Enterprise account

About hidden passwords for items within shared folders

Create a shared folder

To create a new shared folder within your LastPass Vault, do the following:

  1. Log in to LastPass and access your Vault.
  2. Click on Sharing Center in the left navigation.
  3. Click the Manage Shared Folders tab at the top, then click Add Shared Folder.
  4. Fill in a name for your shared folder, then click Create.
  5. Once created, you can click Manage to customize the items within this shared folder, as well as the users and/or groups who can access it and the permissions per individual or group.

Manage items within a shared folder

You can move a single item or multiple items at once into a shared folder, or transfer item(s) from 1 folder into a shared folder in various ways. By default, all items placed in a shared folder will be made available to every user and group unless restrictions are implemented.

Note: You are unable to move items that have been individually shared with you to your own shared folder.

Drag-and-drop

  1. In your LastPass Vault, click Sites in the left menu.
  2. Locate your desired item, then click on it and drag it to your desired folder. If you want to move multiple items at once, enable the checkbox in the upper-right corner of each, then click on 1 of the selected items and drag to your desired folder, which will move all selected items.
  3. When prompted, click Yes to confirm that you want to move the item(s).

Right-click

  1. In your LastPass Vault, click Sites or Secure Notes in the left menu.
  2. Locate your desired item, then right-click on it and select Move to folder then select your desired shared folder. If you want to move multiple items at once, enable the checkbox in the upper-right corner of each, then right-click on 1 of the selected items and select Move to folder, then select your desired shared folder.
  3. When prompted, click Yes to confirm that you want to move the item(s).

Action menu

  1. In your LastPass Vault, click Sites or Secure Notes in the left menu.
  2. Locate your desired item(s), then enable the checkbox(es) in the upper-right corner.
  3. Click the Actions drop-down menu and select Organize or Move to Folder, then select your desired shared folder.
  4. When prompted, click Yes confirm that you want to move the item(s).

Edit a Site or Secure Note

You can also move an item to a shared folder when you are editing it. For more information, please see Manage Your Sites or Manage Your Secure Notes.

Manage user and group memberships

You can add individual users to shared folders or multiple users via user groups. User groups are added to shared folders just like individuals; the groups are created in the Admin Console and available in the drop-down list of users when you create or edit a shared folder.

Once you have created a shared folder, you can invite new users/groups as follows:

  1. In your LastPass Vault, click Sharing Center in the left menu.
  2. Hover over your desired shared and click Manage.
  3. In the "Invite Users or Groups" field, enter the name of each user or group you want to invite, and select each when populated. Otherwise, you can invite other users outside of your Enterprise account with whom to share your folder (if a policy does not restrict you from doing so).
  4. If desired, enable the "Send Email" checkbox to inform the selected users or groups via email that they are invited to access your shared folder.
  5. In the "Permissions" section, you can enable the checkbox(es) of the access you want to set for your selected users or groups.
  6. Once selected, click Invite, and the invited users and groups are added to the list of approved users.
  7. Once the users are added, you can view the "Invite Accepted" column in the right navigation to track when the user or group of users accepts your invitation via the Sharing Center within their own account.
  8. You can make additional permissions-based changes, then click Save when finished.

Grant user and group access

Once you have assigned your user and group memberships to your shared folder, you can grant access permissions for each.

  1. In your LastPass Vault, click Manage on your desired shared folder.
  2. In the right navigation of the "Memberships" window, use the "Read Only", "Administrator", and "Hide Passwords" columns to make changes to the appropriate permissions for each user or group:
    • Read-only prohibits the user or group from adding/removing items to/from a shared folder. It also prevents them from saving any updated username, password or Secure Note information to the folder. However, we cannot block the update from transpiring at the Site level. This option could, therefore, result in a lockout by the rest of the team. It is our recommendation that you articulate a "no update" policy outside of LastPass (if this is, in fact, your goal) and that you do not select "Read Only" as the permission option. If the user still updates the credentials, then the change will save back to LastPass, and the event will be captured in the reports so that you are able to track it back to the owner.
    • Administrator will grant the user equal admin rights over the shared folder including: adding and removing users and restricting access to individual Sites in the folder. Please note that a shared folder admin is not the same role as a LastPass Enterprise admin. Learn more about the shared folder options available to LastPass Enterprise admins.
    • Hide Passwords prohibits the user from seeing the credentials. They will be able to utilize the tools via Autofill or Autologin, but they will be unable to see the actual credentials. Learn more about hidden passwords.
  3. Once you have made your desired selections, click Save and the users and/or groups will be granted the permissions that you designated.

About user group access

When assigning user groups to shared folders, please note the following to avoid conflicts:

  • If you add a user to a user group that is assigned to a shared folder, that user will gain access to that shared folder.
  • If you add a user via automated provisioning (e.g., Active Directory Connector) and the user is assigned a group that has already been granted access to a shared folder, that user will not have access to the shared folder until another group member of the folder logs in to LastPass via the web browser extension. Upon this event, the sharing keys are exchanged between those 2 user accounts, which grants access to the new user. For this to occur automatically once the new user has been assigned to their group and synced, you must enable the ‘"Pre-Create Sharing Key" policy.
  • When a LastPass user (who is not a LastPass Enterprise admin) creates a shared folder, they become the shared folder admin and are able to add both individuals and groups to that folder. However, these shared folder admins do not have the ability to see the members of any groups (which is only visible to LastPass Enterprise admins via the Admin Console). For this reason, shared folder admins (who are not also LastPass Enterprise admins) should proceed with caution when assigning user groups to a shared folder, as there may be users within the group that should not be granted access to items within that folder.

Note: If a user is added to a shared folder multiple times via groups, the most restrictive permissions will apply to their access. If they are added multiple times but are added to the shared folder individually, the permissions established from the individual share will take priority.

Restrict user and group access

If you are the shared folder admin, you can limit access to each Site and Secure Note per user or group.

  1. In your LastPass Vault, click Manage on your desired shared folder.
  2. In the "Action" column, click the Edit icon next to your desired user or group, then choose from the following options:
    • Select Unavailable Items (Opt-out) – Click and drag items from the "Available Items" column into the "Unavailable Items" column to prevent your user or group from accessing those selected items. If a new item is added to the shared folder, it will become immediately available to all members until you move it to the "Unavailable" column to restrict their access to it.
    • Select Available Items (Opt-in) – Check the box to enable the "Rather than specifying Unavailable Items..." option to reverse the columns, then click and drag items from the "Unavailable Items" column to the "Available Items" column to only allow your user or group to access those selected items. If a new item is added to the shared folder, it will immediately be added to the "Unavailable Items" column and your user or group will be unable to access the item until you move it to the "Available Items" column to allow access to it.
  3. If desired, check the box to enable the "Apply to Other Users" option to specify your access permission selections to other users or groups.
  4. When finished, click Save.

Remove user or group access

If you are the shared folder admin, you can remove a user or group from your shared folder. This revokes their access to the folder and any Sites and/or Secure Notes stored within.

  1. In your LastPass Vault, click Manage on your desired shared folder.
  2. In the right navigation of the "Memberships" window, click the Remove icon next to your desired user or group.
  3. When prompted, click Yes to confirm access removal.

Convert a folder to a shared folder

If you have organized your Sites and/or Secure Notes by using standard folders, you can easily convert any folder to a shared folder as follows:

  1. In your LastPass Vault, click Sites or Secure Notes in the left navigation.
  2. Right-click on your desired folder, then select Share.

  1. Enter a name for your newly converted shared folder, then click Create.
  2. In the left menu, click Sharing Center, then click Manage on your new shared folder to customize the items within this shared folder, as well as the users and/or groups who can access it and the permissions per individual or group.

Share folders with users outside of your Enterprise account

Want to share a folder with someone outside of your Enterprise account? You can invite up to 5 LastPass users per shared folder that are outside of your Enterprise, regardless of their account type (unless policies have been enforced by your admin to restrict this capability).

  1. In your LastPass Vault, click Sharing Center in the left menu.
  2. Hover over your desired shared and click Manage.
  3. In the "Invite Users or Groups" section, manually enter the name of the LastPass user outside of your Enterprise account. If desired, check the box to enable the "Send Email" option.
  4. In the "Permissions" section, select your desired access for your invited user.
  5. When finished, click Invite to inform the user that you wish to share your folder with them.
  6. Once your user is invited, there will be an "Outside Enterprise" status below their username to differentiate from those within your Enterprise.

About hidden passwords for items within shared folders

When you share an item, regardless of whether you enable the "Allow Recipient to View Password" option, you should be aware of the following:

  • Savvy end users could potentially access the password if they capture it using advanced techniques, but LastPass will never be able to access this data because it has been encrypted using their public key.
  • It is also possible to obtain shared passwords using another password manager.

For these reasons, LastPass recommends that you generate a secure password specific to the Site that you’re sharing in order to avoid sharing any passwords that you’re uncomfortable with the recipient obtaining.