HELP FILE

What's new in the LastPass Admin Console?

    Learn about the new features and changes that have been introduced in the new Admin Console for LastPass.

    The main differences and improvements made in the new Admin Console for LastPass include:
    • An updated navigation to streamline how you access admin controls
    • Unified single sign-on, password management, and multifactor authentication controls
    • Simplified admin onboarding
    • New account statuses
    • Easier user management
    • Granular user details
    • Admin management center

    What is the new navigation in the Admin Console?

    The LastPass Admin Console navigation has been updated to dedicated tabs for Dashboard, Users, Applications, Policies, Reporting, and Advanced settings. All corresponding admin controls can be found under each of the respective six tabs. The goal of this navigation is to organize the admin controls in a more streamlined manner.

    What is the value of having single sign-on, password management, and multifactor authentication controls in one unified view?

    In previous versions of the LastPass Admin Console, single sign-on and multifactor authentication controls were in a separate view. Now, you can secure applications with single sign-on, store credentials with password management, and add an additional layer of security for every login with multifactor authentication – all from one centralized location.

    What is the simplified admin onboarding experience?

    The simplified admin onboarding experience is a tour of the New LastPass Admin Console, guiding new admins through all of the necessary steps to get up and running right away with their LastPass account. Admins are also guided through the steps for adding users, adding applications, setting policies, enabling multifactor authentication, and adding more admins to the account for ease of account management.

    What improvements were made to the user management admin controls?

    All users in your LastPass account – including those enabled to use single sign-on, password management, and multifactor authentication – are in a single list, which makes it easier to find specific users. Admins are also able to filter by the account statuses, search by name, and filter by MFA status.

    What is the difference between the old admin console statues and the statuses?

    Although calculations may seem inaccurate at first, they’ve simply been updated.

    Status Old New Notes
    Staged N/A A user that has been added to the company but has not been sent an invitation yet. While this status never existed in the old console, users do exist in this state. They are labeled as “Active” in the old console.
    Invite Expired N/A A user that has been sent an invitation email, but the registration links have expired. Users with expired invitations need new invitations sent.
    Note: Registration links for accounts created by the admin expire after 90 days, while those that already exist outside of the company expire after 2 weeks
    While this status never existed in the old console before, the expiration logic has always been there. Finally, admins can see which users need new invitations in the new console.
    Invited A user that has an account outside of the company (e.g. a personal user), and has been sent an invitation email to join the company. A user that has been sent an invitation email, but the user has not yet activated.

    Note that the old console definition excluded users who were created by the admin. In the old console, users who were created by the admin and received an invitation are considered “Active”. The new console makes this clearer by including users created by the admin as “Invited,” too.

    Therefore, this number in the new console may appear larger than expected.

    Active A user who consumes a license. Users who consume a license include those that have accepted invitations and who have been created by the admin but have not accepted invitations. A user that has successfully logged in at least once as part of the company.

    The old console considered users created by the admin but never enrolled as “Active” making the term a misnomer: how can a user be active if they’ve never registered?

    The new console only defines users who have successfully enrolled as “Active (logged in at least once as part of the company)

    Therefore, you may see some discrepancies between these two statuses. This is expected.

    Disabled A user is still part of your company account, but their access has been disabled by an admin. This remains the same between consoles.
    Awaiting Approval A user has been added using the LastPass Active Directory Connector, which has been configured to add users as "pending" rather than automatically active. This remains the same between consoles.

    Why do I see a different number of users in each LastPass status between the new and old console?

    By design, the new and old console define users differently, so the numbers will be different. You should expect the greatest disparity between the “Active” and “Invited” statuses as these changed the most. For most customers, the numbers for these statuses will likely show lower in the new console. However, the number of “Disabled” and “Awaiting approval” users should remain the same.

    Let’s review an example:
    Scenario Old Admin Console New Admin Console
    • 30 users have successfully enrolled by registering and logging in as a member of the company

    • 5 users were created by the admin and sent invitations but have not registered

    • 5 users have accounts outside of the company and have been sent invitations but have not accepted

    Note: the 5 invited users in the old console refer to the 5 users who have accounts outside of the company as detailed above.

    Active users = 35

    Invited users = 5

    Active users = 30

    Invited users = 10

    What improvements were made to user details?

    Admins can edit all user details from the User’s page, and view granular user details including the user’s profile, account details, groups, assigned single sign-on apps, shared folders, policies, and more. This improvement offers admins much deeper insight into end users to more easily adjust security controls as needed.


    What is the admin management center?

    The admin management center is where you can manage all of the admins on your account from a single view. You can add, edit, and remove admins from one streamlined experience.


    Why am I seeing a different number of Invited users in my old Admin Console versus the new Admin Console?

    We’ve changed how we categorize Invited users in the new Admin Console. In the old Admin Console, Invited users meant these users had a LastPass account prior to being added to the company account, and they must accept the invitation in order to join the company account. In the new Admin Console, Invited users means the user has received a notification letting them know that their company has added them to the company LastPass account.

    Why am I seeing a different number of Active users in my old Admin Console versus the new Admin Console?

    We’ve changed how we categorize Active users in the new Admin Console. In the old Admin Console, an Active user status meant these users were consuming a paid license. In the new Admin Console, an Active user status is tied directly to the actions the user has taken. Active users are those who have taken an action to prove they know their LastPass account exists, and they have logged in as part of the company account.

    What’s the difference between Passwordless Status and Enabled Multifactor?

    • Passwordless Status indicates a user’s passwordless login usage. Passwordless login can be leveraged for SSO apps and workstations by using an employee’s stored biometrics within the LastPass Authenticator app app instead of requiring users to enter their master password. Setting up and using passwordless login for SSO apps and workstations requires an account with the LastPass Business + Advanced MFA add-on, whereas passwordless login to access your vault is available for all LastPass account types.
    • Enabled Multifactor refers to the multifactor option your users have enabled after entering their master password to access their LastPass vault. We offer a wide range of options including the LastPass Authenticator app and several other third-party multifactor options. Setting up and using multifactor authentication is available for all LastPass account types.

    Who can access the new and old console

    Admin Type Can access new console? Can access old console?
    Super Admin master password reset Yes – All pages and functions Yes – All pages and functions
    Admin Yes - All pages and functions except MP reset Yes – All pages and functions except MP reset
    Managed Service Provider (MSP) admin Yes – Managed Companies page and functions Yes – Managed Companies page and functions
    "Grant limited access" policy users

    Note that an MSP admin can be such a user if this policy (with access level 5) has been enabled for them.

    No – These users will see a 403 page if they attempt to access the new console. This admin type can access the old console directly via https://lastpass.com/company/?resetconsole=true#!/dashboard Yes – As designated by the policy
    Custom Role in old console No – These users will see a 403 page if they attempt to access the new console. This admin type can access the old console directly via https://lastpass.com/company/?resetconsole=true#!/dashboard Yes – As designated by the role
    Custom admin level in new console Yes – As designated by the admin level No – These users will see a 403 page if they attempt to access the old console