Terminating LastPass Enterprise User Accounts
There are several termination options available for LastPass administrators to use, each with varying degrees of severity. Please consider your options carefully prior to deleting or removing users. These actions can be performed manually via the Admin Console (as shown below), or can be automated using directory integration options.
Whether a user account id deleted, disabled, or removed from the LastPass Enterprise account, this will not impact any remaining users or their previously associated shared folders. However, if the departed user was the admin of a shared folder, that folder will be left without an admin. For this reason, it is recommended that you enable the Super Admin – Shared Folders policy.
As a best practice and an added precaution, we suggest that any shared credentials be changed upon the departure of an employee, regardless of how you choose to manage their exit from LastPass. These changes to any shared folder will automatically sync to all assigned users, and this will give you an added layer of security.
Topics in this article:
- Log in and access the Admin Console.
- Click Users in the left menu.
- Click to select your desired user.
- Click the More icon in the upper-right corner.
- Choose from the following options, each outlined in detail below:
- Disable user
- Delete user
- Remove user from company
Disabling a user in your LastPass Enterprise account puts a lock on the account. No one – not even your LastPass administrator – can log in to the account regardless of passwords or previous access. Once disabled, the seat will be available for reassignment.
Removing a user from your LastPass Enterprise account will disassociate that user’s account from your company account. With this action, all shared folder data will be revoked immediately. LastPass will also prompt you if you would like to use the “Delete Shares” or “Do Not Delete Shares” options. Selecting Delete Shares will delete all Sites within the account that have been shared to the user from other users in the Enterprise outside of shared folders. The account will otherwise still be fully available for use by this user, including all data that has been stored in the user’s Vault. Once removed, the seat will be available for reassignment.
Deleting an account FULLY DELETES ALL INFORMATION within the account. Any data stored within the account will be deleted, an action which cannot be undone. Once deleted, the seat will be available for reassignment.