LastPass Enterprise Manual An easy to understand guide on how to use LastPass Enterprise.

Shared Folders

A ‘shared folder’ is a special folder in your vault that you can use to securely and easily share sites and notes with other people in your Enterprise account. Changes to the shared folder are synchronized automatically to everyone with whom the folder has been shared. Different access controls – such as "read-only" and "hide passwords" - can be set on a person-by-person basis. (The former sharing function, ‘roles’, will still be available for users that prefer this method of managing shared credentials.)  Shared folders use the same technology to encrypt and decrypt data that a regular LastPass account uses, but are designed to accommodate multiple users for the same folder.

With Shared Folders:

• Anyone can create a shared folder.
• Simple to configure and maintain.
• You can share hundreds of passwords with hundreds of users.
• Changes automatically propagate to all assigned users.

To create a new shared folder, login to your online vault at www.LastPass.com and click on the ‘Manage Shared folders’ link from the ‘Actions’ menu, then click on 'Create a new shared folder'.

Once you have given the folder a name, hit ‘add’.

In order to assign users, click ‘edit’ next to any given folder and then select the appropriate group or user from the dropdown menu.  You can also add User Groups to shared folders.  Groups can be added and edited by LastPass Administrators only. All users who are a part of the group will be given access to the shared folder once you add the group.  With each user, you have several additional choices:

• ‘Read-only’ prohibits the user from adding and removing credentials.
• ‘Hide Passwords’ prohibits the user from seeing the credentials.
• ‘Notify User Via Email’ will send the user a notification regarding their assignment to the shared folder.
• ‘Can Administer’ will grant the user equal admin rights over the shared folder including: adding and removing users and restricting access to individual sites in the folder.

Once you have made these selections, hit ‘Share’ and the user will be added to the list of assigned users. Next to each user’s name you will see the ‘restrict’ and ‘remove’ options:

• The 'restrict feature' allows you to limit access on a site-by-site, user-by-user basis. Simply hit ‘restrict’ next to the appropriate user in order to prohibit access to any number of sites within the folder.

• The ‘remove’ button will remove the user from the folder which will automatically delete the shared folder from the user’s vault – thereby preventing any future access to the sites or notes within the folder.

Once added, the shared folders will immediately appear in your local vault, accessed via your LastPass browser Icon > My LastPass Vault. In order to populate the folder with sites/credentials/notes, you must first login to your local vault (from the plug-in on your browser). You can then add sites and notes to the folders via several methods:

1. Drag and drop
2. Right-click in local vault and select 'Change Group'
3. Edit site (in plugin) and select 'Change Group'
4. Add a new site, and set the 'Group' to the shared folder name

The current limitations of shared folders are:

• The web vault (accessed via www.LastPass.com) allows viewing and editing of shared folders, but doesn't allow moving data into/out of shared folders. You must use the local vault (via your LastPass browser Icon) for these functions.
• Sites can be copied to multiple folders but must be updated manually in every folder. The better option is to use ‘restrict’ to limit access for specific sub-set of users, rather than copying the site into multiple folders.
• Form fill profiles cannot be shared.
• Site entries cannot be directly imported into Shared Folders.