HELP FILE
What are the system requirements for LastPass Workstation MFA?
Workstation MFA is a feature that allows LastPass admins to protect their users' workstations with a second layer of security. Once set up, users can log in to their workstations using their Windows or macOS account password, then they can authenticate using the LastPass Authenticator (or YubiKey via the LastPass Authenticator) on their mobile device for verification.
In order to set up LastPass Workstation MFA, the system and account requirements below must be met.
Windows
- An active LastPass Business + Advanced MFA add-on trial or paid account with end users synced to the LastPass AD Connector, which is an on-premise active directory sync tool
Important: End users can be created and managed using another service provider, however, LastPass admins must sync users with the on-premise LastPass AD Connector in order to use Workstation MFA.
- A machine running Windows 10 or later
- A server running any of the following with .NET Framework 4.7.2 installed:
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- An internet connection with 1 Mbps or better (broadband recommended)
Note: ICMP is a required protocol used by LastPass to ping lastpass.com to verify end-to-end connectivity. Additionally, communication with lastpass.com is through HTTPS using port 443 with TLS 1.2.
- An active LastPass Business + Advanced MFA add-on trial or paid user account that has enabled and enrolled the LastPass Authenticator for multifactor authentication to protect their vault (instructions here)
Tip: LastPass admins can enable the "Require use of LastPass MFA" general policy to prompt users to set up and enroll the LastPass Authenticator the next time they log in to their LastPass vault (instructions here).
Instructions for LastPass admins:
Instructions for end users:
Mac
End users will be required to have the following:
- A Mac running either of the following macOS versions with a 64-bit processor required:
- macOS Big Sur (11.2)
- macOS Monterey (12)
- An internet connection with 1 Mbps or better (broadband recommended)
Note: ICMP is a required protocol used by LastPass to ping lastpass.com to verify end-to-end connectivity. Additionally, communication with lastpass.com is through HTTPS using port 443 with TLS 1.2.
- An active LastPass Business + Advanced MFA add-on trial or paid user account that has enabled and enrolled the LastPass Authenticator for multifactor authentication to protect their vault (instructions here)
Tip: LastPass admins can enable the "Require use of LastPass MFA" general policy to prompt users to set up and enroll the LastPass Authenticator the next time they log in to LastPass (instructions here).
Instructions for LastPass admins:
Instructions for end users: