Enable multifactor authentication (admins)

Multifactor authentication is an added layer of security that you can enable within LastPass, and requires a second step before you can gain access to your account. Enabling this security feature helps protect your account from keyloggers and other threats – even if your master password was compromised, your account could not be accessed without this second form of authentication.

For LastPass Teams and LastPass Business accounts, admins have the ability to select specific authenticator(s) for multifactor authentication, and enforce policies that require their users to authenticate before they can access their LastPass account. For some authenticators, additional integration steps must be completed during the setup process.

To get started with setting up multifactor authentication as an admin, log in and access the Admin Console at https://admin.lastpass.com, then follow the steps below.

Note: Not a LastPass admin? See steps for enabling multifactor authentication as a user.

Step #1: Configure your authenticator integration (if applicable – LastPass Business only)

The following authenticators require an active account with their service in order for you set up your integration within your LastPass Business account:

If you are using one of the authenticators listed above, you are required to complete the integration steps for your authenticator first. Otherwise, proceed to the next step.

Step #2: Select your multifactor authentication options

By default, all authenticators are enabled in LastPass Teams and LastPass Business accounts. If desired, you can select specific authenticator(s) to be used for multifactor authentication for your account. Only the options you select will be available for your users to begin the setup process on their end.

Attention: LastPass Business accounts that set up federated login using AD FS, Azure AD, Okta, Google Workspace, PingOne, PingFederate, or OneLogin must disable all multifactor authentication options within the LastPass Admin Console because multifactor authentication must be set up at the Identity Provider level – learn more.

Step #3: Add and configure policies for multifactor authentication

If preferred, you can add and configure various LastPass Teams or Business policies for your organization that involve multifactor authentication, including the requirement of users to authenticate before they can access their LastPass account, enforcement of restrictions on which authenticator(s) can be used, the order of the authentication methods, and much more.

Please note that if you require use of a specific authenticator, you must be sure it is also enabled as a multifactor option (Step #2).

Step #4: Advise your users to set up multifactor authentication

Once you have completed the steps above, your users can set up and enable multifactor authentication for their LastPass Teams or LastPass Business account.