HELP FILE

Push Password Apps to LastPass Users

LastPass Enterprise and Identity admins can add Password apps (formerly known as "Push Sites to Users") to directly place a site in a user’s Vault. This can be used to pre-populate a site in a user's Vault so that it is available when the user first logs in, and to push SAML-specific URLs to services you have linked to your account when using LastPass single sign-on.

Seeing something different? Please see Push Sites to Users in the previous experience.

About pushing password apps (sites) to users

The following considerations should be noted before pushing password apps:

  • Once the password app is received by the user, the admin cannot remove the site from the user's Vault.
  • The user receiving the pushed password app must log in using the LastPass web browser extension at least once to receive it. If the user logs in via the LastPass website, the password app will not be pushed.
  • Data you elect to push to your individual users is accessible on LastPass servers in unencrypted form until the data is pushed to a user. Once pushed, the data will leave LastPass servers and become encrypted in the user's Vault.
  • The data in Persistent Site pushes remains stored on LastPass servers in unencrypted form until the data is pushed to new users that are added to groups or your business account. However, the data will remain on LastPass servers as unencrypted (as it waits to be pushed) unless the Persistent Site is manually deactivated or deleted. Learn more below.

Push password apps using a CSV upload

You can download our sample CSV file, or create your own spreadsheet that matches the title columns and format in our sample file.

You can also add custom fields to your CSV in the following format:

fieldname0,fieldtype0,fieldvalue0,fieldname1,fieldtype1,fieldvalue1

The following is an example using the custom field format:

usernamefield,text,newuser,pwfield,password,abc123

Which yields a text field with the name usernamefield and the value newuser, and a password field with the name pwfield and the value abc123.

  1. Log in to the Admin Console with your username and Master Password at https://lastpass.com/company/#!/dashboard.
  2. In the left navigation, go to ApplicationsPassword apps.
  3. Click Add App.
  4. Click Upload a CSV File, then select your file and click Open.
  5. Click Add Site at the bottom of the page.

For your users to receive the pushed password app, they must log out after the site is pushed and log back in to LastPass using the web browser extension.

Manually fill in fields to push password apps

You can fill in all of the required fields to push password apps, as follows:

  1. Log in to the Admin Console with your username and Master Password at https://lastpass.com/company/#!/dashboard.
  2. In the left navigation, go to ApplicationsPassword apps.
  3. Click Add App.
  4. Fill in the following required fields:
    • Select Users or Groups – Use the search field to select the user or groups to which you'd like to push the site. Alternatively, you can select Push site to all users to push to all current and future users in your business account, or all current and future members of a group. Click Save when finished.
      Note:  When a Group or All Users is selected, you have the option of enabling the site as a persistent push. Learn more below.
    • URL – The URL of the password app (site entry) that you’d like to push
    • Name – The name you would like the password app to have in the users’ Vaults
    • Folder – The name of the folder you’d like this password app to be added under in the users’ Vaults
    • Username – The username the users will utilize to log in to the password app. You can select from User's full email address (to have this be the individual’s full email address that is used as their LastPass account name), Local - part of user's email (to have only the username portion of the email address), or Custom (custom username you manually enter)
    • Password – The password that will be used to log in to the individual password app
    • Notes – Any notes that you would like to be entered into the notes portion of the password app
    • Add site to user's Favorites – Check the box to allow this site to be marked as a Favorite in users’ Vaults
    • Encrypt data – To use shared folders to encrypt pushed site data (you must encrypted the data yourself) and eliminate the risk of storing it in plain text on LastPass servers. Recipients of pushed password apps must belong to the shared folder whose Sharing Key you use to encrypt the data.
  5. When finished, click Add Site.

For your users to receive the pushed password app, they must log out after the site is pushed and log back in to LastPass using the web browser extension.

Persistent Site pushes

A Persistent Site push is an optional setting you have when you have elected to push a site to a group of users or all users within your company account (not individual users). LastPass will keep this site information on our servers (unencrypted) and push the site to any new users that are added when you select a Group or All Users as they get added to your business account. Once the users log in via the LastPass web browser extension to receive the Site, the data becomes encrypted in their Vault.

Previously pushed Sites

You can view all previously pushed sites and detailed information about each, and choose to deactivate or delete a Persistent Site.

  1. From the Admin Console, go to ApplicationPassword apps.
  2. For each of the password apps that were pushed, you can view the name of the pushed password app, list of users or user groups it was pushed to, whether the push was persistent, and whether or not the push is still active. Additionally, you can take the following actions:
    • Results – Displays the individual users that had the password app pushed to them.
    • Deactivate – Prevents persistent pushes from being pushed to new users. This effectively turns the persistent push “off.” sites can be re-activated at a later time to be “re-pushed” to any new users that have been added since the push was deactivated.
    • Delete – This permanently deletes the pushed site from the system. Please note, this will not remove the site entry from the individuals’ Vaults, but only the push from the LastPass servers.