Manage general policies in the new Admin Console

LastPass Business accounts offer a number of configurable and recommended policies around security levels and password strength that you can add, edit, or delete as an admin. Each policy can be applied to all users, or an inclusive or exclusive list of users. With over 100 policies available for you to add and configure, you can achieve the most optimal security performance with LastPass.

Note: Are you seeing something different? See instructions for the Password Manager Admin Console or the SSO & MFA Admin Console.

Full policy list

You can view all available policies for LastPass Business on the LastPass Policy page at https://lastpass.com/policy_doc.php. Please note that you must be actively logged in with a LastPass Business account in order to view the full list of policies available.

Note: LastPass Business policies are separate from those available in the LastPass SSO and/or MFA Admin Console – please see Policy Management for more information.

About policy categories

When navigating the General policies page, you can use the policy category drop-down menu to locate your desired policies.

These policy categories include:

Default – These policies are enabled by default for all users (but can be disabled or configured otherwise)
Recommended – These policies are disabled by default but are recommended by LastPass to enable and configure to best suit the business needs of your organization
Access Controls – These policies manage users' access to LastPass
Password Rules – These policies manage requirements for site passwords and when users create or use their master password
Account Restrictions – These policies enforce account restrictions for users
Administration – These policies manage general administration, including notifications and reporting for admins, limitations on user access for the Admin Console, and restrictions on upgrade prompts
Password Multifactor – These policies manage all settings, restrictions, and requirements for Multifactor Authentication for users
Other – These are all other policies that do not fall under the previous categories

Add a new general policy

Add the policy.

Log in with your email address and master password to access the new Admin Console at https://admin.lastpass.com.
If prompted, complete steps for multifactor authentication (if it is enabled for your account).
Go to Policies > General Policies.
Select New Policy.
Search for and select your policy (using the "Search policies" field or policy category tabs).
Select Continue.

Configure the policy.

For Status, choose from the following options:
- Select Enabled to enforce the policy immediately (once users are assigned).
- Select Disabled to add the policy but not yet enforce it (once users are assigned); can be enabled later.
For Settings, select Edit policy settings.
1. When applicable, enter data into the Value field based on the data type outlined in the description (e.g., IP Address, domain name, email address, country abbreviation, etc.).
2. If desired, you can add Notes about the policy you are configuring.
3. Select Save changes.

Assign the policy.

For Users, select Edit policy users.

Choose from the following options:

Select this	Applies to
All users	All users on your account
Only these users/groups	Selected users/groups. Select Assign users & groups then select the names of individual users and/or groups for which this policy should be enforced and select Assign Users.
All except these users/groups	All users except those users/groups you select. Select Assign users & groups then select the names of individual users and/or groups for which this policy should not be enforced and select Assign Users.

Assign users & groups to a general policy

Optional: If desired, select Add Configuration to enter a new set of policy settings and select your desired users/groups for your new configuration.

Results: You have enabled a new general policy for your desired users/groups and configuration settings.

Edit an existing general policy

Manage settings for a policy you have already configured.

Log in with your email address and master password to access the new Admin Console at https://admin.lastpass.com.
If prompted, complete steps for multifactor authentication (if it is enabled for your account).
Go to Policies > General Policies.
Search for and select your desired policy.
In the right navigation, make changes by doing any of the following:
- Update the Status to Enabled or Disabled.
- Select Edit policy settings then make changes to the Value and/or Notes and select Save Changes.
- Select Edit policy users then select from All Users, Only these users/groups, or All except these users/groups.
  Note: For adding new users/groups, select Assign users & groups, then make your selections and select Assign Users. For removing selected users/groups, check the box next to the selected user/group and select Unassign Users.

Results: You have updated your selected policy, and a confirmation message appears to indicate that your policy changes were saved.

Disable a general policy

Disable a policy you have already configured.

Log in with your email address and master password to access the new Admin Console at https://admin.lastpass.com.
If prompted, complete steps for multifactor authentication (if it is enabled for your account).
Go to Policies > General Policies.
Locate your desired policy using the Search field, Policy status, or Policy category, then select it.
For the Status, use the drop-down menu and select Disabled.
When prompted, select Disable to confirm.

Results: You have disabled your selected policy, and a confirmation message appears to indicate that your policy changes were saved.