End User Experience when Forcing an Email Address Change
Administrators of LastPass Business accounts can use various methods to change the email address of one or more of their users. The next time the affected user logs in to LastPass, the user is forced to change their email address.
Admins have the following options to change user email addresses:
- Option #1: Manually reset email addresses from the Admin Console (this is often referred to as a "Super Admin reset").
- Option #2: Automatically reset email addresses via the enterprise's directory service.
Restriction: Automatic email changes are not supported for users provisioned by Federated Login using Active Directory Federation Services (AD FS) (both the traditional and simplified versions).
- Option #3: Use the Provisioning API and the updateemail command.
- Option #4: Request their assigned Customer Success Manager (CSM) to initiate ForceEmailChange. This requires that the Administrator provide a mapping file to their CSM.
When a user's email address is changed by their Administrator, on the next login, the user is prompted to change their email address. This is the process for the end user:
- When logging in, the user enters their master password.
Result: A Confirm email change page is displayed, where the Email field is pre-filled with the new email address (the Email field is not editable).
- The user enters their master password as normal. This is the same master password as before the email address change.
- The user clicks Confirm. A message is displayed, instructing the user to keep the page open until the re-encryption of their data completes. The operation takes only a few seconds.
Result: Once the process has completed, a page is displayed with the message: "Your email has been confirmed!"
- The user can now log in with their new email address.
If the user tries to log in with their old email address again, a message is displayed saying: "You may have mistyped your email address. Try again."