What are managed companies for LastPass Business?
The "Managed Companies" feature of a Managed Service Provider (or, MSP) account for LastPass Business provides the ability for LastPass admins of the primary account (i.e., MSP technicians) to manage multiple independent tenants, or company accounts for LastPass all from one primary account.
Managed Companies have all the features and functionality available to a LastPass Business account, including various multifactor authentication options, directory integrations, federated login, over 100+ customizable policies, single sign-on capabilities, and much more. For more details about the various features and tools included in LastPass Business, please see the LastPass Admin Toolkit.
This company management solution allows LastPass admins to have granular control over all aspects of the LastPass accounts they oversee, including full access to the Admin Console of each managed company. If desired, a hybrid model can be set up, which allows both the LastPass admin of the primary account (MSP technician) and the local LastPass admin of the managed company account to share management responsibilities.
What is the technical structure of Managed Companies?
LastPass Managed Service Provider accounts utilize strict and secure data isolation between each managed company, at both the logical and encryption layer. This is critical to support independence, privacy, and security for each company account that is managed in LastPass Business. It also preserves compliance with security and privacy standards covering SOC-2.
Since LastPass uses a zero-knowledge security architecture, each managed company's data is completely separate and encrypted with a key derivation architecture that is specific to each managed company. Therefore, it is not possible to inadvertently share managed company related data (e.g., emails, admins, teams, roles, Vault data, etc.) with any other company that is also being managed.
LastPass admins of the primary account (MSP technicians) exist at the root level of the MSP's system, and have the ability to access each managed company instance for administrative purposes. Any "local" LastPass admins set up in the managed company do not have this root level access to the MSP's Admin Console, or any of the MSP's data. Managed Companies are strictly isolated within their own organizational architecture; therefore they cannot view or access another managed company's Admin Console or Vault records.
What is displayed on the Managed Companies page?
On the Managed Companies page, you can see the following data:
- User Licenses – Displays both the total active licenses and total available licenses for the entire primary account.
- Average Security Score – Displays the aggregated security score for all Managed Companies combined.
- Managed Companies – This section provides a list of all companies managed within the primary account (with the ability to perform various actions), and displays the following details:
- Managed company name
- Active users for the managed company
- Managed company status (i.e., active or suspended)
- Security score for the managed company
- Available licenses for the managed company
What can I do from the Managed Companies page?
On the Managed Companies page, the LastPass admin of the primary account (MSP technician) can do the following:
- Add a new managed company
- Navigate between a managed company and the primary account
- Allocate more licenses to a managed company
- Return licenses from a managed company back to the primary account
- Suspend a managed company
- Reactivate a suspended managed company
- Detach a managed company (so it can be managed independently)
How do I get started?
Please see our LastPass MSP Deployment & Adoption Guide to learn how to get started.