HELP FILE

How do I manage multifactor authentication options for users in the new Admin Console?

    Restrict the multifactor authentication options available for use by users within your LastPass Business account.

    For additional security measures, you can also choose to enforce various policies for your users to adhere to when using multifactor authentication when accessing their LastPass vaults.

    By default, all multifactor authentication options are enabled for LastPass Business accounts.

    About this task:

    You can manage your desired authentication options by doing the following:

    1. Log in with your email address and master password to access the new Admin Console at https://admin.lastpass.com.
    2. If prompted, complete steps for multifactor authentication (if it is enabled for your account).
    3. Go to Advanced > Enterprise options > Multifactor options.
    4. Uncheck the box(es) to disable your desired multifactor authentication option(s), and leave the box(es) checked for the options you want enabled.
    5. Choose from the following options:
    6. Click Update when finished.
    Results: You have selected your desired multifactor authentication options, which will be available for your users to set up for protecting their LastPass vaults.

    Disable multifactor authentication

    You can disable multifactor authentication account-wide by disabling all multifactor options, disabling multifactor for users with it already enabled, and deleting all multifactor authentication policies.

      1. Log in with your email address and master password to access the new Admin Console at https://admin.lastpass.com.
      2. If prompted, complete steps for multifactor authentication (if it is enabled for your account).
    • Disable all multifactor authentication options (that are already enabled).
      1. Go to Advanced > Enterprise options > Multifactor options.
      2. Uncheck all boxes next to all multifactor authentication options.
      3. Click Update.
    • Disable multifactor authentication for users (that already have it enabled).
      1. In the top toolbar, select the Users tab and check the boxes next to the users that have Enabled Multifactor.
      2. Click Disable multifactor.
    • Disable all multifactor authentication policies.
      1. If policies are enforced to require use of any multifactor authentication option, you must delete those policies.
    Results: You have disabled multifactor authentication for your company's LastPass account.

    About multifactor authentication for Active Directory Federation Services (AD FS)

    Multifactor authentication set up within LastPass is not supported for federated users.

    White it is strongly recommended that you protect your account with multifactor authentication, it must be set up at the Identity Service Provider level (AD FS) – meaning this authentication must be disabled within the new Admin Console and end user Account Settings – as it will result in federated users being unable to access their vault.