Manage the passwordless login for vault policy
As a LastPass Teams or LastPass Business admin, you can enable or disable the "Allow passwordless login" policy for assigned users, which controls whether your users can log in to their vault using authentication methods in the LastPass Authenticator app instead of entering their master password. This policy is disabled by default.
Tip: If you want to allow users to log in to their vault using passwordless login for mobile via the LastPass app for iOS or Android, you can manage the "Enable biometric login on mobile app" policy separately. Both passwordless login policies can be enabled simultaneously.
Important: As a LastPass admin, if you choose to enable this policy, you must disable all other multifactor options except for the LastPass Authenticator app.
The authentication methods available via the
LastPass Authenticator app are the following:
- A push notification + stored biometrics (face or fingerprint)
- A 6-digit TOTP code
- A 6-digit SMS passcode
- A phone call (Call Me)
Attention: Using passwordless login for your vault requires LastPass browser extension version 4.96 or later.
LastPass Business admin instructions
- Log in with your email address and master password to access the new Admin Console at https://admin.lastpass.com.
- If prompted, complete steps for multifactor authentication (if it is enabled for your account).
- Go to .
- Select New Policy.
- Search for and select the Allow passwordless login policy.
- Select Continue.
- Optional: If desired, select Edit policy settings to add Notes about this policy, then click Save changes.
- For Status, choose from the following options:
- Select Enabled to enforce the policy immediately (once users are assigned).
- Select Disabled to add the policy but not yet enforce it (once users are assigned); can be enabled later.
- Select Save changes.
- Select Edit policy users.
- Assign users and groups by choosing one of the following options:
Applies to Instructions All users - Select .
Only these users/groups - Select .
- Use the search field and select the users and/or groups that you want to include for this policy.
- Select .
All except these users/groups - Select .
- Use the search field and select the users and/or groups to exclude from this policy.
- Select .
- Select Save changes.
Add the policy.
Set the policy status.
Add users to the policy.
Results: You have configured the "
Allow passwordless login" policy for your selected users.
What to do next: Inform your users that they can now
enable passwordless login for their vault.
LastPass Teams admin instructions
- Log in with your email address and master password to access the Admin Console at https://lastpass.com/company/#!/dashboard.
- If prompted, complete steps for multifactor authentication (if it is enabled for your account).
- Go to in the left navigation.
- Locate the Allow passwordless login policy, then click Edit details.
- For the policy status, choose one of the following options:
- Select Enabled to enforce the policy immediately and apply to all selected users.
- Select Disabled to add the policy but not yet enforce it upon your selected users; can be enabled later.
- For the Applies to setting, choose one of the following options:
- All – Select this option to apply to all users on your account.
- Inclusive List of Users – Select this option, then click Edit details to add the names of individual users for which this policy should be enforced.
- Exclusive List of Users – Select this option, then click Edit details to add the names of individual users for which this policy should not apply.
- Optional: If desired, enter Notes about this policy.
- Select Save changes.
Results: You have configured the "
Allow passwordless login" policy for your selected users.
What to do next: Inform your users that they can now
enable passwordless login for their vault.