HELP FILE

About Strict Equivalent Domain and Subdomain Settings

About Strict Equivalent Domain and Subdomain Settings

    If you have a single account shared across multiple subdomains, LastPass admins can use LastPass to set those sites up as equivalent subdomains so that you don't have independent site entries for each stored in your vault.

    Remember: Subdomain rules can only be created and distributed by LastPass admins of LastPass Business accounts. These rules cannot be set by individual LastPass users within the Account Settings of their own vaults. Learn how to manage Global Equivalent Domains as a LastPass admin.

    When entering subdomains, specific syntax is required. You must enter "=" directly before the subdomain, then enter a space after the domain, then enter a comma, then enter another space (e.g., =services.logmein.com , login.lastpass.com)

    Strict equivalent domain and subdomain setting combinations

    Settings Outcome Explanation
    Equivalent domain: =services.logmein.com , login.lastpass.com

    Password: login.lastpass.com

    Password is available for all lastpass.com subdomains and only for services.logmein.com subdomain Without URL rules, passwords only compare TLDs*
    Equivalent domain: =services.logmein.com , login.lastpass.com

    Password: services.logmein.com

    Password is available for all logmein.com subdomains and only for login.lastpass.com subdomain Without URL rules, passwords only compare TLDs*
    Equivalent domain: =services.logmein.com , login.lastpass.com

    URL rules: Exact host match - Yes for lastpass.com

    Password: login.lastpass.com

    The password will work only for login.lastpass.com and services.logmein.com As a side effect, lastpass.com subdomains cannot share a password because of the URL rule
    Equivalent domain: =services.logmein.com , login.lastpass.com

    URL rules: Exact host match - Yes for lastpass.com

    Password: services.logmein.com

    Password is only available for services.logmein.com The "=" prefix does not override the URL rule, and since the password host (services.logmein.com) is not an exact match with login.lastpass.com (regardless of the equivalent domain) it will not be available
    Equivalent domain: =services.logmein.com , login.lastpass.com

    URL rules: Exact host match - Yes for logmein.com

    Password: services.logmein.com

    Password is only available for services.logmein.com and login.lastpass.com As a side effect, logmein.com subdomains cannot share a password because of the URL rule

    About equivalent subdomains

    If the equivalent domain is prefixed by an equal sign (e.g. “=services.example.com, login.lastpass.com”) then it is treated as a strict equivalent domain. In the LastPass web browser extension, the strict equivalent domains will be treated as equal only if the full host name matches.

    However, please be aware of the following limitations:

    • If no URL rules are in effect, and if a password's TLD* matches the site's TLD* then it will be available for fill. This behavior is independent from the current modifications (e.g., a password for login.lastpass.com will be available for othersubdomain.lastpass.com and lastpass.com as well.
    • The "=" prefix does not override URL rules, so if a URL rule is in effect for a host with "Exact host match" set to Yes, then a password will only be available when it is for that exact hostname, regardless of equivalent domains. This is only true for the site for which the URL rule is active.

      For example:

      • "Exact host match" = Yes for lastpass.com, and the =services.sample.com , login.lastpass.com equivalent domain is active. In this case, for every subdomain of lastpass.com, only passwords with the exact hostname (including subdomains) will appear. This means that a password for services.sample.com will not appear for login.lastpass.com, however, a password for login.lastpass.com will appear on both login.lastpass.com and services.logmein.com since the URL rule only applies for lastpass.com and its subdomains.

    *TLD - TLD in this article does not mean the same as Top Level Domain in general, in LastPass this means the last two parts of the same hostname.