HELP FILE

How do I add multifactor policies in the new Admin Console?

    Set up multifactor policies so your users will be prompted to confirm their identity when they try and access their vault and any SSO apps.

    1. Log in with your email address and master password to access the new Admin Console at https://admin.lastpass.com.
    2. If prompted, complete steps for multifactor authentication (if it is enabled for your account).
    3. Go to Policies > Multifactor.
    4. Do one of the following:
      • If you have not set up a multifactor policy before, click Get Started.
      • If you have set up a multifactor policy, click Add an additional Multifactor policy.
      • If you have set up a multifactor policy and want to configure advanced settings, click Add an advanced policy.
        Note: This feature is available with the LastPass Business + Advanced MFA add-on. Learn more about plans & pricing.
    5. Click Continue.
    6. Select a multifactor authentication method, then click Continue.
    7. Optional: If you selected a third-party multifactor authentication method, then configure the authenticator before proceeding. The configuration steps will differ depending on what third-party authentication method you chose.
    8. Assign users and groups by choosing one of the following options:
      Action in LastPass Instructions
      Enable for all users
      1. Click All users.
      2. Click Save changes.
      Enable for only certain users or groups
      1. Click Only these users/groups.
      2. Click Assign users & groups.
      3. Search and select the users or groups to add.
      4. Click Assign Users.
      5. Click Save & finish.
      Exclude certain users or groups
      1. Click All except these user/group.
      2. Click Assign users & groups.
      3. Search and select the users or groups to add.
      4. Click Assign Users.
      5. Click Save & finish.
    Results: The multifactor policy has been enabled. The users and groups added to the policy will be prompted to enroll in MFA upon their next log in to a protected service. Once enrolled, these users will need to verify their identity each time they log in to a protected service.