product icon

Manage the passwordless login for vault on mobile policy

    As a LastPass Teams or LastPass Business admin, you can manage the "Enable biometric login on mobile app" policy for assigned users, which controls whether users can log in to their vault via the LastPass app for iOS or Android using their device's stored biometrics (face or fingerprint) instead of entering their master password. This policy is disabled by default.

    Tip: If you want to allow users to log in to their vault from their desktop using passwordless login, you can manage the "Allow passwordless login" policy separately. Both passwordless login policies can be enabled simultaneously.

    LastPass Business admin instructions

      Add the policy.

      1. Log in with your email address and master password to access the new Admin Console at https://admin.lastpass.com.
      2. If prompted, complete steps for multifactor authentication (if it is enabled for your account).
      3. Go to Policies > General Policies.
      4. Select New Policy.
      5. Search for and select the Enable biometric login on mobile app policy.
      6. Select Continue.
      7. Optional: If desired, select Edit policy settings to add Notes about this policy, then click Save changes.

      Set the policy status.

      1. For Status, choose from the following options:
        • Select Enabled to enforce the policy immediately (once users are assigned).
        • Select Disabled to add the policy but not yet enforce it (once users are assigned); can be enabled later.
      2. Select Save changes.

      Add users to the policy.

      1. Select Edit policy users.
      2. Assign users and groups by choosing one of the following options:
        Applies to Instructions
        All users
        1. Select All users > Save changes.
        Only these users/groups
        1. Select Only these users/groups > Assign users & groups.
        2. Use the search field and select the users and/or groups that you want to include for this policy.
        3. Select Assign users > Save & finish.
        All except these users/groups
        1. Select All except these users/groups > Assign users & groups.
        2. Use the search field and select the users and/or groups to exclude from this policy.
        3. Select Assign users > Save & finish.
      3. Select Save changes.
    Results: You have configured the " Enable biometric login on mobile app" policy for your selected users.
    What to do next: Inform your users that they can now enable passwordless login in the LastPass app on each mobile device.

    LastPass Teams admin instructions

    1. Log in with your email address and master password to access the Admin Console at https://lastpass.com/company/#!/dashboard.
    2. If prompted, complete steps for multifactor authentication (if it is enabled for your account).
    3. Go to Settings > Policies in the left navigation.
    4. Locate the Enable biometric login on mobile app policy, then click Edit details.
    5. For the policy status, choose one of the following options:
      • Select Enabled to enforce the policy immediately and apply to all selected users.
      • Select Disabled to add the policy but not yet enforce it upon your selected users; can be enabled later.
    6. For the Applies to setting, choose one of the following options:
      • All – Select this option to apply to all users on your account.
      • Inclusive List of Users – Select this option, then click Edit details to add the names of individual users for which this policy should be enforced.
      • Exclusive List of Users – Select this option, then click Edit details to add the names of individual users for which this policy should not apply.
    7. Optional: If desired, enter Notes about this policy.
    8. Select Save changes.
    Results: You have configured the " Enable biometric login on mobile app" policy for your selected users.
    What to do next: Inform your users that they can now enable passwordless login in the LastPass app on each mobile device.