LastPass admins can set up IP policies to define which IP address ranges from which users are allowed or denied access when using the LastPass Authenticator app for authentication.

1. Log in and access the Admin Console at https://lastpass.com/company/#!/dashboard.
2. Select MFA or SSO & MFA in the left navigation.
3. To manage access policies based on IP addresses, go to Policy > IP in the left navigation.
4. To create an allowed IP range:
   1. Click +Create allowed IP range.
   2. Enter the IP Addresses and Tag Name and click Add.

      Result: A warning window displays.

   3. To copy your IP, click the Copy icon.
   4. To activate and assign the IP Policy to users, click Setup policy.
   5. To skip setting up the policy, click Cancel.
      Note: Allowlist IP Policies will remain inactive until they are assigned to users.
   6. On the Manage Policy page, click +New Policy to continue setting up the policy.
   7. Enter the Policy Name and select the saved IP Addresses policy you created.
   8. If needed, assign Geo-fence.
   9. To limit access to a specific time range, add Policy Time Range.
   10. Select Permanent Policy or Temporary Policy.
   Note: If you choose a Temporary Policy, select a date for the policy.
5. To create a denied IP range:
   1. Click +Create denied IP range.
   2. Enter the denied IPs and tag name and click Add.

      Result: A warning window displays.

   3. To block access for all users and all applications from the denied IP addresses, click Save IP. To cancel the denied IP, click Cancel.
6. Edit the IP Policies.
   1. Select a policy and edit the policy information.
   2. To delete the policy, click Delete.
   3. To activate an inactive Geofencing policy or manage access to a policy, click Access and select a policy.
      To learn more about assigning and managing access policies, see Access Policy Management.