About user and group access for shared folders
When assigning users and groups to shared folders, please note the information below to avoid conflicts:
Restriction: LastPass Teams does not support user groups.
- If you add a user to a user group that is assigned to a shared folder, that user will gain access to that shared folder.
- If you add a user via automated provisioning (e.g., Active Directory Connector) and the user is assigned a group that has already been granted access to a shared folder, that user will not have access to the shared folder until another group member of the folder logs in to LastPass via the web browser extension. Upon this event, the sharing keys are exchanged between those two user accounts, which grants access to the new user. For this to occur automatically once the new user has been assigned to their group and synced, you must enable the ‘"Pre-Create Sharing Key" policy.
- When a LastPass user (who is not a LastPass admin) creates a shared folder, they become the shared folder admin and are able to add both individuals and groups to that folder. However, these shared folder admins do not have the ability to see the members of any groups (which is only visible to LastPass admins via the Admin Console). For this reason, shared folder admins (who are not also LastPass admins) should proceed with caution when assigning user groups to a shared folder, as there may be users within the group that should not be granted access to items within that folder.
Restriction: An invited user outside of your company account cannot be an admin for a shared folder – they can only have "Read Only" access.
Note: If a user is added to a shared folder multiple times via groups, the most restrictive permissions will apply to their access. If they are added multiple times but are added to the shared folder individually, the permissions established from the individual share will take priority.
