product icon

Manage Global Never and Global Only URLs for users in the new Admin Console

    Add Global Never and Global Only URLs in the Admin Console to control whether you want LastPass to prompt your users for action.

    About this task:

    Additionally, a wildcard character (*) can be used for both a subdomain and subpath when adding Global Never URLs.

    Note: If you choose not to use a wildcard character (*) for your URL or domain, LastPass will apply the "Never URL" logic to the exact string you have added. Additionally, if a user attempts to save a Site manually for a URL or domain that has been added as a Global Never URL, they will be informed that there is a policy restriction in place that prevents them from saving it.

    If you are not a LastPass admin and want to manage these settings as a user from your vault, please see Manage Never URLs but keep in mind that your admin may have enforced policies that prohibit changes. Please note that Global Only URLs can only be added and managed by LastPass Business admins.

    1. Log in with your email address and master password to access the new Admin Console at https://admin.lastpass.com.
    2. If prompted, complete steps for multifactor authentication (if it is enabled for your account).
    3. Go to Advanced > Enterprise options > Global never/only URLs.

    Add Global Never URLs and Apps

    About this task:
    Note: Using a wildcard character (*) is only supported for URLs and domains.

    To create a denylist of URLs and domains upon which you do not want LastPass prompts enabled, do the following:
    1. Log in with your email address and master password to access the new Admin Console at https://admin.lastpass.com.
    2. If prompted, complete steps for multifactor authentication (if it is enabled for your account).
    3. Go to Advanced > Enterprise options > Global never/only URLs.
    5. Enter your desired URL(s) and/or domain(s), separated by commas or new lines.
    6. Choose from the following:
      URLs and domains
      Prevent LastPass from prompting for an exact URL or domain:
      Example: Added as https://sample.com,http://testing.com,https://example.com
      Example: Saved as sample.com, testing.com, example.com
      URLs and subdomains
      Prevent LastPass from prompting for an exact URL or subdomain:
      Example: Added as https://sample.com,http://testing.com,https://example.com
      Example: Saved as https://subdomain.example.com/,https://subdomain.sample.com/
      Note: To prevent LastPass from interacting with specified sites that have subdomains in their URLs, the site should be saved under Global Never URLs in the following format: *.example.com/*
      URLs and domains with wildcard(s)
      Prevent LastPass from prompting for any variation before, after, and/or before & after a URL:
      Example: Added as https://*.sample.com,http://testing.com*,https://*.example.com*
      Example: Saved as *sample.com, testing.com*, *example.com*
    7. Click Update.
    Results: The Global Never URL is added.

    Add Global Only URLs and apps

    About this task:
    Note: It is not recommended to use Global Only URLs unless there is a specific need in your infrastructure where you only want a few select domains to be enabled for LastPass prompts.

    To create an allowlist for a select group of domains for which you only want LastPass prompts to be enabled, do the following:
    1. Log in with your email address and master password to access the new Admin Console at https://admin.lastpass.com.
    2. If prompted, complete steps for multifactor authentication (if it is enabled for your account).
    3. Go to Advanced > Enterprise options > Global never/only URLs.
    5. Enter your desired URLs and/or domains in "Global only URLs and apps" section.
    6. Click Update.
    Results: The Global Only URL is added.