Instructions for LastPass admins
If you have the "Require use of any MFA option" or "Require use of < specific authenticator >" policy (for Teams, the policy is called "Multifactor Authentication") enabled for your users, you can exclude the locked out user temporarily from the policy, then disable Multifactor Authentication for the user so that your user can log in and access their vault. Once confirmed they have logged in, you can re-enable the policy for your user.
- Step #1: Temporarily disable the policy for the locked out user
- Step #2: Disable Multifactor for the locked out user
- Step #3: Confirm that the user can log in and access their vault
- Step #4: Re-enable the policy for the user
- Step #5: Force the user to log out of all LastPass sessions to force Multifactor Authentication setup again (optional)
In this section: