Admin User Guide - Business

Reminder: You will be prompted to reset the master passphrase for your LastPass Business Account every 365 days. 


Jump to...

Request an Account | Activate your Account | Admin Responsibilities | How to use the Admin Console | Dark Web Monitoring | Training and Support | LastPass Security Policies


Complete the LastPass Business Form

Request a LastPass Business account for your department via the LastPass Business Request Form. Before submitting your request, make sure you've read and understand the requirements at Getting Started with LastPass.

Activate your LastPass Business Account

Install Browser Extensions and Mobile Apps

Prepare your browser to use LastPass Business by going to the LastPass Download webpage and downloading the appropriate plug-on or browser extension: https://lastpass.com/misc_download2.php

Activate Your Account

ISO Staff will invite departmental administrators to the newly created instance. The email invitation will come from LastPass <do-not-reply-support@lastpass.com> and will include an activation code to activate your account and set your Master Password.

Activate LastPass Account Email Invitation

Click on the Activate LastPass button to get started.

Enter your Activation code (if it's not there already), and then create a master password.

Set Your Master Password

For security purposes, the master password must be a strong, complex password.

  • At least 20 Characters

  • Password characters must be from all 4 of the following character sets:

    • numbers [0-9]

    • lowercase letters[a-z]

    • uppercase letters[A-Z]

    • special characters[!@#$,^ etc]

  • The passwords must be complex and not easily guessed or obtained.

  • Do not use simple words. e.g. "password," "welcome," or "hello"

  • Do not include three or more consecutive characters from your user name

  • Master Passwords must be reset every 365 days

    • If you reuse a Master Password elsewhere in LastPass, you will be required to reset it. Your Master Password cannot be reused elsewhere.

Set Up Duo MFA

After the master password is set, log in again and click the link to verify your Duo Security setup. You will be asked to provide your CalNet ID on the next screen, and complete a Duo Security challenge before being logged in to LastPass Business.

Set Up Duo MFA

Link Personal Account

ISO offers the option to link a personal account to your Business account.  This is voluntary.  When a user completes their first login, they will be prompted to set up a linked account.

Option to Link Personal Account

Additional information on Linked account

Both the linked personal account and the Business account are encrypted, with different encryption keys.  When linked, the Business account can view data within the personal account but not vice versa.  The linked personal account can be any “free” or “premium” account.  Free LastPass Premium accounts are available to anyone with a valid berkeley.edu email address thanks to Premium as a Perk.  LastPass cannot auto-create a “premium” account for any entity, since the end-user will always need to define the master password for encryption and access. 

Browser Extensions and Mobile Apps

If you have not yet done so, install Browser Extensions and mobile apps. Downloads for plug-ins or add-ons for other browsers and operating systems can be downloaded at the LastPass Download webpage https://lastpass.com/misc_download2.php

Request Admin Access

Once you complete the steps above, you will be active in LastPass Business as regular users and not an administrator.  Reply back to the ServiceNow ticket, confirm that you have activated your account, and request administrative privileges. ISO staff will enable administrator privileges on your account.

Set Up Recovery Options

It is extremely important that you set up recovery options for your account.  https://support.logmeininc.com/lastpass/help/how-do-i-set-up-all-account-recovery-options-for-lastpass details all recovery options.  At a minimum, we recommend using the LastPass browser extension. Signing in to LastPass using the extension regularly will ensure that your administrators can help you reset your Master Password, if you forget it.

LastPass Admin Responsibilities

  • Provide support directly to your end users

  • User lock-outs and account deletion (only the User and Super Admin can reset master passwords)

  • Configure Admin roles and related policies – like Help Desk Restricted Admin

  • Re-inviting users whose invitations have expired

  • Software installation assistance (for the LastPass browser plugins and desktop apps)

  • User education and training

  • Initial troubleshooting on problem/resolution, including login issues on specific URLs

Accessing the Business Admin Console

Once ISO enables administrator privileges on an Business account, you should have access to the Business Console. To access the console, click the LastPass browser extension and select the “Admin Console” button at the bottom of the pulldown. Alternatively, go to lastpass.com, log in with your Business account, and click Admin Console on the left-hand menu.

Inviting Additional Users

Administrators will invite additional users/administrators to their LastPass instance. LastPass has detailed instructions on how to invite Business users individually or in bulk:

https://support.logmeininc.com/lastpass/help/manually-add-enterprise-users-lp010045

The email invitations will come from LastPass and will include an activation code for the users to activate their account and set their master password. You should provide instructions to your users to pre-install the LastPass Browser extension and share the LastPass Business Guide with new users

Reset a User’s Master Password

Details on how to reset a master password for a user are here:  Reset a User's Master Password (Super Admin) - LastPass Support.  A summary is provided below.

All Admins are, by default, set up to be able reset all user master passwords.  Users must login via the LastPass web browser extension to activate the option to reset master passwords.  Once a user is eligible to have an admin reset their master password, you will see the following under the Users page.

LastPass Admin Master Password Reset

Selecting “Reset Master Password” will take you through the following steps:

  • Enter your own master password to verify your identity

  • Select a new, temporary master password for the user. Make sure the checkbox to require them to change their master password is checked.  (Save the password as they will need to use it for their next login)

  • LastPass will re-encrypt the user’s vault

  • Share the new password with the user

  • The user will login and be required to change their master password.

Removing a User 

Administrators can remove users from a LastPass Business instance without deleting the user's account. 

  • Log in to LastPass and click the "Admin Console" from the left menu bar
  • In the admin console, click "Users" from the left menu bar
  • Select the user you would like to remove. Clicking the user will bring up a new window with the account details
  • Click the three dots at the upper right corner
  • Select "Remove user from company"
  • Select "Allow access to shared sites and folders" to allow the account to be added to another instance in the future

Managing Sharing and Shared Folders

Create a LastPass Business shared folder - LastPass Support

About LastPass Business Shared Folders - LastPass Support

Add and Manage LastPass Business Groups - LastPass Support

A note about shared folders: LastPass Admins will NOT automatically have access to all shared folders. In order to ensure that access to a shared folder is not lost when a user leaves campus, we recommend that users add their department Admin to shared folders.

  • An account can have multiple different shared folders, with different permissions on each folder.

  • In the case where UCB Staff need to access information in multiple Business accounts, teams can share folders with users in other campus LastPass Business accounts.  Note that shared folders can only be administered by members of the Business instance in which they were created.

Track & Report

Use the Reports tab in your Admin Dashboard to gauge the success of LastPass Business in your department by measuring usage and adoption. Detailed instructions on how to use the Reports tab can be found at:

https://support.logmeininc.com/lastpass/help/generate-enterprise-reports...

It’s recommended that you run a baseline report shortly after your department’s rollout. This report can be compared to reports of weekly/monthly reports following your rollout.

Test Functionality

  • Verify login and access your department’s admin console.

  • Verify that policies are in place and functioning as intended.

  • Verify that policies are not infringing on work duties

  • Verify that users are able to access all needed functions.

Dark Web Monitoring for Business Accounts

For Admins:

To turn on user-controlled Dark Web Monitoring in your Managed Company:

  • Go to policies
  • Search for Control
  • Click the policy to edit it
  • Click on Edit Policy Setting
  • Enter 1
  • Save

For Users:

To use Dark Web Monitoring in your LastPass business account, a summary is provided below. 

In order for LastPass to actually monitor an email address, it must be entered in the username of an item saved in your vault, even if the username to log in is not the email address (i.e. using CalNet IDs to log in, not email addresses):

  • Add New Password
  • Enter Name: Dark Web Monitoring - email@address.com
  • Enter Username: Full email address
  • Enter anything in the password field (you will not be using this item to log in)
  • Save
  • Go to Security Dashboard
  • Scroll down to Dark Web Monitoring
  • Turn On monitoring for email address

If you are unable to add an item to your business account, you must first unlink your premium personal account. Instructions available on the link below:

https://support.lastpass.com/help/unlink-your-personal-account-from-within-your-company-account

Note: Premium personal LastPass accounts already have Dark Web Monitoring.

Training and Support

LastPass Video Tutorials

Primary support is provided solely by LastPass and is accessible through your admin console (the Contact Us button in the top right corner):

Online Training

LastPass provides a one hour training session with Q&A for users and administrators. We recommend everyone watch the live training or the recorded versions:  https://support.logmeininc.com/lastpass/help/free-live-training-lp010018

LastPass CLI Tool

https://support.logmeininc.com/lastpass/help/use-the-lastpass-command-line-application-lp040011

Support

Primary support is provided solely by LastPass and is accessible through your admin console (the Contact Us button in the top right corner):

If there is an outstanding issue that LastPass cannot solve or is specific to the UCB environment, secondary support will be provided by the CalNet team. Email calnet-admin@berkeley.edu with details of the problem and any information provided by LastPass support.

LastPass Security Policies

For a current list of enabled and disabled LastPass policies, see: https://docs.google.com/spreadsheets/d/1oAc5RhnO6xd61OW7U1gxPba10cymvb0h...