Primary support for LastPass Enterprise is provided solely by LastPass and is accessible through your departmental Administrator. You can check the status (incidents, outages, etc.) of LastPass at: https://status.lastpass.com
LastPass Video Tutorials
- These videos include Browser extensions, user training, Mobile Apps, Account Recovery information, Password Management, Sharing and Shared Folders, and a variety of Administrator tools.
- Online Training
- LastPass provides a one hour training session with Q&A for users and administrators. We recommend everyone watch the live training or the recorded versions: https://support.logmeininc.com/lastpass/help/free-live-training-lp010018
- LastPass CLI Tool
LastPass supports Admins and Helpdesk support teams with any issues requiring escalation, including technical or usability related issues.
If the resources above can’t answer a user’s question, please submit a LastPass support ticket. Sign in to your LastPass Enterprise account to submit the ticket, describe the issue in detail (including URLs, browser, OS) and add usernames of any impacted users.
Downloading and signing in through the browser extension is the best way to use LastPass. If you have deployed LastPass and a user still does not see the extension in their browser toolbar:
Use the download link in the browser: lastpass.com/dl
Check that the browser is up to date.
Go to the browser’s settings, open Extensions and ensure LastPass is listed AND enabled.
Check that LastPass is not hidden behind the address bar by dragging the bar left or dropping LastPass into the browser toolbar (depending on which browser you are using).
Temporarily disable other extensions, and then try reinstalling LastPass.
Test antivirus or security software that may be blocking LastPass – ensure LastPass is trusted.
Reset the browser to default settings and/or reinstall the browser before reinstalling.
Though LastPass is a cloud-based solution, offline access is available through the browser extension and the mobile apps. The user needs to sign in at least once on a device to create a locally cached, encrypted copy of the vault. When they sign in without a connection, the app will default to offline mode and the user can sign in to view the offline copy of the vault. Note that offline access can be disabled by policy, though we do not recommend this due to user inconvenience
Check that the LastPass extension in the browser toolbar is red (black in Safari).
Go to the LastPass Icon > Preferences > General and ensure Automatically Fill Login Information is enabled.
Right-click on the site’s login fields and look at the context menu information to check whether the website is built with Flash or Silverlight – LastPass doesn’t support these sites.
If the login is already stored in LastPass, try deleting and re-saving the site to LastPass.
Check if the URL is in the LastPass Icon > My LastPass Vault > Settings > Never URLs.
Force-capture the login fields with the Save All Entered Data feature.
LastPass is never sent the user’s Master Password, so we can’t send it to the user or the Admin or reset it. The Master Password must be reset by the user or an Admin using the available recovery options.
Here are steps users can take when they’re having trouble with their Master Password:
If signing in to the website at lastpass.com works, re-install the extension.
Type the Master Password in a document and copy-paste to ensure no typos.
Request the password hint at lastpass.com/forgot.php to help recall the Master Password.
Visit lastpass.com/recover.php to activate your local One Time Password. Try account recovery on all browsers and on all devices where the LastPass extension has been used, including the mobile apps.
Ask the Admin to activate Super Admin Account Recovery. The Admin needs to communicate the new temporary Master Password to the user – LastPass does not send the Master Password to the user. The Admin can request that the user be prompted to change their Master Password when they next sign in.
LastPass cannot change the username, email address or Master Password for a user – it must be done by signing in to the user’s account.
Sign in to LastPass via the browser extension or at www.lastpass.com.
In the Account Settings, select Change Master Password and save the changes when done.
Admins can also require by policy that the Master Password be updated on a regular basis. The user will automatically be prompted to create a new Master Password when signing in.
If a user does not have access to their MFA device, the Admin can temporarily disable it from the Admin dashboard.
From the Admin dashboard, click through to the Users tab, locate the user in question and click their name to open the right-hand panel.
Click the ellipsis at the top right and select the Disable Multifactor Authentication option.
The user will be able to sign in without MFA and will be prompted to set it up again
One of the primary benefits of LastPass is the ability to create new, strong and unique passwords. It’s important to educate users on how to use the password generator and how to evaluate their overall password security with the Security Challenge.
Users can find the Security Challenge under Options. They will need to enter their Master Password to view results:
The Security Score shows overall security of all passwords in the vault (0 – 100). • LastPass Standing ranks the user against all other LastPass users.
Master Password Score ranks strength of the Master Password (0 – 100).
The report shows all duplicate, compromised, weak and old passwords.
Users can then launch sites with poor passwords and use the password generator to replace those passwords.
Because Admins can disable or delete a user’s account at any time, and because items stored in the work vault appear in reporting logs, we recommend that a user create a separate, personal LastPass account for all personal passwords.
Using the Link Personal Account option, the user can link their personal vault to their work vault so they can securely access both vaults while at work. However, the personal vault remains private, and the contents remain hidden from the Admin. Admins can enable the policy to make the personal vault Read Only if they want to ensure that no work items accidentally end up in the personal vault.
Why get LastPass?
LastPass securely stores all of your passwords and automatically signs you in to your accounts. LastPass also fills out shipping and billing forms, generates unique passwords and saves you time overall while improving security for you and your organization.
Who can see the data and passwords I have stored in LastPass Enterprise?
Only you, and anyone you specifically invite to access it.
How will I get access to LastPass?
Request access from your department LastPass Administrator. You will receive a welcome email from LastPass with next steps on creating your account and completing setup.
What if I already use LastPass?
We encourage all Enterprise users to also use a free Premium LastPass account, so only work credentials are stored in your Enterprise account. You can link the two vaults together for easy access to both while keeping your personal account separate and private.
Why would I need a LastPass Enterprise and Premium account?
LastPass Enterprise is designed for institutional information and shared secrets. You will not be able to maintain access to LastPass Enterprise after you are no longer an active staff member or affiliate. UCB’s Free LastPass Premium is configured using a non-Berkeley email address, is designed to be used with any non-institutional secrets, and will transition to a LastPass free account when you no longer have an active @berkeley.edu email address.
If you have both LastPass Enterprise for your department and LastPass Premium for personal use, which one should you use to store your CalNet passphrase?
The CalNet passphrase is considered a personal account and we recommend that it be saved in LastPass Premium.
If you have institutional secrets to manage that are not shared and assigned to your personal identity (Slack or other non-CalNet work applications), should you use an Enterprise or Premium account?
While institutional data should be in Enterprise, either approach will work. If you have a need to share secrets with others in your department, request an Enterprise instance. If you do not need to share secrets with others in your department, but still want an Enterprise account, contact CalNet for help with a stand-alone account.
Can I add people outside my department to my LastPass Enterprise managed company?
No, they cannot be invited to your particular LastPass Enterprise managed company account because they are members of a different department. However, in the case where UCB Staff need to access information in multiple Enterprise accounts, teams can share folders with users in other campus LastPass Enterprise accounts. Note that shared folders can only be administered by members of the Enterprise instance in which they were created. More information can be found at: https://calnetweb.berkeley.edu/calnet-departments/lastpass-enterprise/ad... under the header "Managing Sharing and Shared Folders."
How does Duo work with LastPass Enterprise and Premium?
LastPass Enterprise’s MFA is set up by ISO, and allows all methods of MFA, except SMS and Phone Calls. LastPass Premium is self-managed by the user, but instructions are provided to allow them to create their own free duo integration. If they do that, it will appear in the Duo Security app on their phone.
What happens if I get compromised?
LastPass performs daily checks to see if LastPass account email addresses are compromised on the dark web. If a match is found, an email notification is sent to the LastPass user notifying them of the domain that was breached and the potential risk. Users can then run the LastPass Security Challenge to check for reuse of the same password and generate new passwords (link is external) for all affected accounts.
How long will it take to enroll my department?
Once ISO receives your request via the web form, it will take up to a week to process your request and create and configure your instance.