HELP FILE

How do I manage the passwordless login for vault policy for my users?

    As a LastPass Teams or LastPass Business admin, you can enable or disable the "Allow passwordless login" policy for assigned users, which controls whether your users can log in to their vault using authentication methods in the LastPass Authenticator app instead of entering their master password. This policy is disabled by default.

    Tip: If you want to allow users to log in to their vault using passwordless login for mobile via the LastPass app for iOS or Android, you can manage the "Enable biometric login on mobile app" policy separately. Both passwordless login policies can be enabled simultaneously.
    Important: As a LastPass admin, if you choose to enable this policy, you must disable all other multifactor options except for the LastPass Authenticator app.
    The authentication methods available via the LastPass Authenticator app are the following:
    • A push notification + stored biometrics (face or fingerprint)
    • A 6-digit TOTP code
    • A 6-digit SMS passcode
    • A phone call (Call Me)
    Attention: Using passwordless login for your vault requires LastPass browser extension version 4.96 or later.

    LastPass Business admin instructions

    • Add the policy.
      1. Log in with your email address and master password to access the new Admin Console at https://admin.lastpass.com.
      2. If prompted, complete steps for multifactor authentication (if it is enabled for your account).
      3. Go to Policies > General Policies.
      4. Select New Policy.
      5. Search for and select the Allow passwordless login policy.
      6. Select Continue.
      7. Optional: If desired, select Edit policy settings to add Notes about this policy, then click Save changes.
    • Set the policy status.
      1. For Status, choose from the following options:
        • Select Enabled to enforce the policy immediately and apply to all selected users.
        • Select Disabled to add the policy but not yet enforce it upon your selected users; can be enabled later.
      2. Select Save changes.
    • Add users to the policy.
      1. Select Edit policy users.
      2. Assign users and groups by choosing one of the following options:
        Applies to Instructions
        All users
        1. Select All users > Save changes.
        Only these users/groups
        1. Select Only these users/groups > Assign users & groups.
        2. Use the search field and select the users and/or groups that you want to include for this policy.
        3. Select Assign Users > Save & finish.
        All except these users/groups
        1. Select All except these users/groups > Assign users & groups.
        2. Use the search field and select the users and/or groups to exclude from this policy.
        3. Select Assign Users > Save & finish.
      3. Select Save changes.
    Results: You have configured the " Allow passwordless login" policy for your selected users.
    What to do next: Inform your users that they can now enable passwordless login for their vault.

    LastPass Teams admin instructions

    1. Log in with your email address and master password to access the Admin Console at https://lastpass.com/company/#!/dashboard.
    2. If prompted, complete steps for multifactor authentication (if it is enabled for your account).
    3. Go to Settings > Policies in the left navigation.
    4. Locate the Allow passwordless login policy, then click Edit details.
    5. For the policy status, choose one of the following options:
      • Select Enabled to enforce the policy immediately and apply to all selected users.
      • Select Disabled to add the policy but not yet enforce it upon your selected users; can be enabled later.
    6. For the Applies to setting, choose one of the following options:
      • All – Select this option to apply to all users on your account.
      • Inclusive List of Users – Select this option, then click Edit details to add the names of individual users for which this policy should be enforced.
      • Exclusive List of Users – Select this option, then click Edit details to add the names of individual users for which this policy should not apply.
    7. Optional: If desired, enter Notes about this policy.
    8. Select Save changes.
    Results: You have configured the " Allow passwordless login" policy for your selected users.
    What to do next: Inform your users that they can now enable passwordless login for their vault.