LastPass Enterprise Manual An easy to understand guide on how to use LastPass Enterprise.

Set-Up – Create New User

Create New Users

You can provision new users via the 4 methods described below. You will want to weigh these options carefully before implementing LastPass across your organization:

(1) Batch Provisioning of Users (Windows/Mac/Linux)

  • You can provision users under your enterprise account by entering their email in the box provided on this tab. Once submitted, the user will will receive an automated welcome email with instructions on how to reset their temporary password and get started. If the user's email address is already associated with a LastPass account, they will be sent an email with an activation URL to link their existing account to the Enterprise.

(2) Automatic Provisioning Using Windows Login Integration

  • LastPass can invisibly integrate with the standard Windows Login process to automatically create new users and sign existing users in.
  • In order to setup, simply install our full build with the following parameters:

lastpassfull.exe -dl=<your domain name> -cid=<company ID> -chsh=<your ID> -winlogin --userinstallie --userinstallff --userinstallchrome --installforallusers -j "C:\Program Files\LastPass"

  • The dl parameter should be an externally resolvable domain name (not your internal Windows Domain name) and will be combined with the Windows Username to form the LastPass login. For example, if you pass -dl=xmarks.com and your windows login is bob, the resulting LastPass username will be bob@xmarks.com.

(3) LastPass Active Directory Sync Client

  • LastPass offers the 'Active Directory Sync Client' which can be installed locally for ongoing synchronization between your Active Directory and LastPass. Any newly eligible profiles added to your AD will be either (1) automatically provisioned with LastPass or (2) added to our system as pending approval (depending on your preferred settings). Once provisioned, the user will will receive an automated welcome email with instructions on how to reset their temporary password and get started. If the user's email address is already associated with a LastPass account, they will be sent an email with an activation URL to link their existing account to the Enterprise.

With this Client you can opt to sync user group information as well, which can be used in turn to assign policies and Shared Folders. Click here to learn more about the Active Directory Sync Client. Click here to download the client (scroll to the bottom of the page).

(4) LastPass Provisioning API

  • LastPass exposes a public API that can be used by enterprise accounts to create users, deprovision users, and manage groups. The full API details and instructions can be found within the Enterprise Console > Setup > Create New Users > LastPass Provisioning API option.

Please see the video below for how to create and provision new users: