Reset MFA shared secrets for Google Authenticator, Microsoft Authenticator, LastPass Authenticator and Grid
You can reset the MFA shared secrets for Google Authenticator, Microsoft Authenticator, LastPass Authenticator, and Grid users. This will invalidate their current MFA entry, delete their trusted devices and destroy their open sessions, so they are forced to log in again and re-enroll their MFA apps.
You can clear all users' or a selected group's shared secrets, delete their trusted devices and destroy their open sessions, so they are forced to log in again and re-enroll their MFA apps.
Note: This feature requires a LastPass Business or LastPass Teams account with administration rights.
Reset MFA shared secrets of a group for Google Authenticator, Microsoft Authenticator, LastPass Authenticator and Grid
About this task: You can clear the shared secrets of a selected
group of users', delete their trusted devices and destroy their open sessions, so they are forced to log in again and re-enroll their MFA apps.
Note: This feature requires a LastPass Business or LastPass Teams account with administration rights.
Before you begin: Review the policies you have set up regarding the use of multifactor authentication options before resetting the MFA shared secrets. If any MFA is required, your users will need to go through the setup process before being able to log in to their LastPass vault. For more information about setting MFA policies, view
How do I manage multifactor authentication options for LastPass Business?.
Note: If you have not enabled any policy that requires the use of MFA, your users don't need MFA to log in.
- Select
in the top right corner, then click Reset MFA shared secrets.
- Check the status of the background processes under the tab. Make sure that the processes finished successfully for all users.
You can also export the report by clicking > Export report in the upper right corner.
Results: Your group's shared MFA secrets are removed, any app pairings or Grid values are invalidated, their trusted devices are deleted and their open sessions are destroyed.
What to do next: Your users must log in again and verify their login attempt via email. If required to set up MFA by policy, they are placed into the MFA setup flow to pair their account again. Your users must also re-enable passwordless login with LastPass MFA if it was used before the reset.
Reset MFA shared secrets for all users for Google Authenticator, Microsoft Authenticator, LastPass Authenticator and Grid as a LastPass Business admin
About this task: You can clear
all user’s shared secrets, delete their trusted devices and destroy their open sessions, so they are forced to log in again and re-enroll their MFA apps.
Note: This feature requires a LastPass Business account with administration rights.
Before you begin: Review the policies you have set up regarding the use of multifactor authentication options before resetting the MFA shared secrets. If any MFA is required, your users will need to go through the setup process before being able to log in to their LastPass vault. For more information about setting MFA policies, view
How do I manage multifactor authentication options for LastPass Business?.
Note: If you have not enabled any policy that requires the use of MFA, your users might don't need MFA to log in.
- In the Enabled multifactor options tab, select next to Update, then click Reset MFA shared secrets.
- Check the status of the background processes in the tab. Make sure that the processes finished successfully for all users.
You can also export the report by clicking Export report.
Results: Your user’s shared MFA secrets are removed, any app pairings or Grid values are invalidated, their trusted devices are deleted and their open sessions are destroyed.
What to do next: Your users must log in again and verify their login attempt via email. If required to set up MFA by policy, they are placed into the MFA setup flow to pair their account again. Your users must also re-enable passwordless login with LastPass MFA if it was used before the reset.
Reset MFA shared secrets for all users for Google Authenticator, Microsoft Authenticator, LastPass Authenticator and Grid as a LastPass Teams admin
About this task: You can clear
all user’s shared secrets, delete their trusted devices and destroy their open sessions, so they are forced to log in again and re-enroll their MFA apps.
Note: This feature requires a LastPass Teams account with administration rights.
Before you begin: Review the policies you have set up regarding the use of multifactor authentication options before resetting the MFA shared secrets. If any MFA is required, your users will need to go through the setup process before being able to log in to their LastPass vault. For more information about setting MFA policies, view
How do I manage multifactor authentication options for LastPass Business?.
Note: If you have not enabled any policy that requires the use of MFA, your users might don't need MFA to log in.
- Select in the Enabled multifactor options panel, then click Reset MFA shared secrets.
- Check the status of the background processes under the tab. Make sure that the processes finished successfully for all users.
You can also export the report by clicking > Export report in the upper right corner.
Results: Your user’s shared MFA secrets are removed, any app pairings or Grid values are invalidated, their trusted devices are deleted and their open sessions are destroyed.
What to do next: Your users must log in again and verify their login attempt via email. If required to set up MFA by policy, they are placed into the MFA setup flow to pair their account again. Your users must also re-enable passwordless login with LastPass MFA if it was used before the reset.