HELP FILE

View and Manage Enterprise User Settings

Once your users have been added (either manually or via automated provisioning) and they have activated their accounts, you can view and manage various settings for each to build the ideal LastPass Enterprise environment for your organization.

Details

  1. Go to https://lastpass.com/company/#!/dashboard and log in to access the Admin Console.
  2. Click Users in the left menu.
  3. Click to select your desired user.
  4. Click the Details tab.
  5. Here, the following read-only information is displayed:
    • User created date
    • Last login date and time
    • Total number of Sites for the user
    • Total number of Form Fill profiles for the user
    • Policies that are applied to the user
    • Total number of shared folders for the user
    • Total number of groups to which the user belongs
    • Whether the user has a personal account linked
    • Master Password security score from the last time the user ran the Security Challenge

Shared folders

  1. Go to https://lastpass.com/company/#!/dashboard and log in to access the Admin Console.
  2. Click Users in the left menu.
  3. Click to select your desired user.
  4. Click the Shared folders tab.
  5. Here, the following read-only information is displayed:
    • Name of the shared folder(s) to which the user has access
    • The status of their permissions for each shared folder
    • Total number of users accessing the shared folder

Sites

  1. Go to https://lastpass.com/company/#!/dashboard and log in to access the Admin Console.
  2. Click Users in the left menu.
  3. Click to select your desired user.
  4. Click the Sites tab.
  5. Here, the following read-only information is displayed:
    • Name of the Sites the user has saved
    • Last time the user logged in to the Site

Groups

  1. Go to https://lastpass.com/company/#!/dashboard and log in to access the Admin Console.
  2. Click Users in the left menu.
  3. Click to select your desired user.
  4. Click the Groups tab.
  5. Here, the following read-only information is displayed:
    • Name of the group to which the user belongs
    • Master Password security score from the last time the user ran the Security Challenge
    • Total number of users within the group

Trusted devices

  1. Go to https://lastpass.com/company/#!/dashboard and log in to access the Admin Console.
  2. Click Users in the left menu.
  3. Click to select your desired user.
  4. Click the Trusted devices tab.
  5. Here, the following information is displayed:
    • Trusted mobile device type
    • UUID or label assigned to the mobile device
    • Whether trust is enabled/disabled for the device
      • Click Edit to change the status and click Save when finished, or delete the trusted mobile device.

User management settings

  1. Go to https://lastpass.com/company/#!/dashboard and log in to access the Admin Console.
  2. Click Users in the left menu.
  3. Click to select your desired user.
  4. Click the More icon Elipsis in the upper-right corner.
  5. Configuration options will vary depending on your user's account status, as follows:

Active Users

  • Make or Remove admin – You can promote any number of users to admin status and remove this status at any time. Granting admin rights means that the individual will have full access to the Admin Console.
  • Require password change – This will force the user to manually reset their Master Password. They will receive the notification to do this the next time the user logs in. Learn more.
  • Destroy all sessions – This will log the user out of all active sessions across all devices.
  • Disable user – Temporarily disable the user’s account making it inaccessible to them but not deleting the account entirely. Please note that disabled user accounts are retained for the lifetime of the account.
  • Delete user – You should weigh the decision carefully about using this option versus the "Remove User from Company" option. Deleting a user will delete that user’s LastPass account entirely. If the user has saved any personal logins or other data to their Vault then they will no longer have access to that data.
  • Remove user from company – This option will remove the user from your LastPass Enterprise account, and will delete all shared folders from the user’s account. With this option, the user will continue to have access to their account as a standard LastPass user. Learn more.
  • Disable Multifactor – This will disable all Multifactor Authentication services for the user’s account. If the policy “Prevent Multifactor Disable via Email” is enabled, this option will be the only way for Multifactor Authentication to be disabled.
  • Super admin Master Password reset – If an admin has been set as a Super Admin via policy, there will be an option for them to change the Master Password for that particular user. This change will be immediate and the Admin will instantly be prompted to create a new Master Password for the user's account. Learn more.
  • Edit Active Directory attributes – You can configure default Active Directory attributes, or create your own custom attributes for your user, then click Save when finished. Learn more.
  • Edit name – Assign a nickname to the account that may be more recognizable to you than the user’s email address.

To assign a Super Admin, you must enable the "Super Admin - Master Password Reset" and/or "Super Admin - Shared Folders" policies, then assign the existing admin to the policy.

Note: All users you add to the Super Admin policies must be account administrators in order to be added.

Invited Users

  • Delete user – You should weigh the decision carefully about using this option versus the "Remove User from Company" option. Deleting a user will delete that user’s LastPass account entirely. If the user has saved any personal logins or other data to their Vault then they will no longer have access to that data.
  • Reinvite user – Send another invitation for the user to activate their account.
  • Uninvite user – Revoke the invitation for the user to join your LastPass account.

Disabled Users

  • Activate user – Change the user's account status to Active.
  • Delete user – You should weigh the decision carefully about using this option versus the "Remove User from Company" option. Deleting a user will delete that user’s LastPass account entirely. If the user has saved any personal logins or other data to their Vault then they will no longer have access to that data.
  • Remove user from company – This option will remove the user from your LastPass Enterprise account, and will delete all shared folders from the user’s account. With this option, the user will continue to have access to their account as a standard LastPass user. Learn more.

Users Awaiting Approval

For accounts that provision users via the LastPass Active Directory Connector and have configured it to add users as pending rather than automatically active. Select Reject or Approve to change the user's status.