Getting Started with LastPass Enterprise

LastPass Enterprise is now available to UC Berkeley departments for storing institutional account information. LastPass Enterprise accounts enable campus teams to share secrets, credentials, and keys, as well as sharing with other LastPass Enterprise teams at UC Berkeley. Note: Enterprise should not be used to store or share your personal CalNet credentials.

More information about what LastPass is, along with how and why it should be used, can be found at: https://www.lastpass.com/business-password-manager

Getting Started with LastPass Enterprise

Your department will need to assign two or more LastPass Administrators to administer their Enterprise instance. Below are a few requirements that departments need to be aware of before requesting a LastPass Enterprise account. 

  • You must use your @berkeley.edu email to access LastPass Enterprise. If you are using your @berkeley.edu email address in any other LastPass account of any kind, you must change the email address associated with your other LastPass account. 

  • Our LastPass Enterprise version allows a user to be in only one Enterprise account. If you are already in an Enterprise account, there will be extra steps to move your account.

  • Duo MFA is required for all Enterprise accounts; Duo Push, Duo Mobile passcodes, Security Keys (U2F), hardware tokens, Security Keys (WebAuthn), or Touch ID are acceptable authentication methods. Phone callback and SMS codes are not supported.

  • ISO will set up LastPass Enterprise account policies on Enterprise accounts to allow certain account admins to reset master passwords for users in that account. ISO will configure local admins or superusers to be able/responsible for passphrase resets. 

  • ISO will retain access in each LastPass Enterprise instance to assist with emergency passphrase resets.

  • ISO will configure policies in LastPass Enterprise to forward event logs to ISO.
  • Your department or unit will determine who will administer the Enterprise account. Administrators are usually technologists or IT help desk staff who are comfortable taking on the administrative role and understand the requirements and risks.

Once the above requirements are understood, a designated LastPass administrator for your department will need to request a LastPass Enterprise account via the LastPass Enterprise Request Form