LastPass Enterprise Manual An easy to understand guide on how to use LastPass Enterprise.

Duo Security

Enabling Duo

LastPass supports multifactor authentication with Duo Security. It is a secure, two-factor authentication application offered for all leading smartphone platforms, including Android, iPhone, Blackberry, and Windows Phone. You can get Duo Security here: https://www.duosecurity.com/editions

Once you have authenticated your Duo account, make sure to select 'Auth API'  from the 'Integration type' dropdown at the  'New Integration' login page:

DuoStep1

Once you have finished setting up your new integration, then you will need to log in to your LastPass Vault and click Settings > Multifactor Options > Duo Security. Make sure that you have your integration key, security secret key, and API hostname filled in the appropriate fields and that the 'Duo Security Authentication' dropdown is set to 'Enabled':

DuoEnabled

After selecting 'Enabled' from the Duo Security dropdown, you will then want to select the 'Click here to enroll your device with Duo Security' link. Then, click 'Start Setup':

DuoStartSetup

 

You will then see another screen which will prompt you to choose which type of device you would like to enroll to use for two-factor authentication. Please note that LastPass currently only supports the enrolling of a single device:

DuoAuthenticatorType

 

Select the type of device that you would like to enroll and then click the "Continue" button. You will then be given on-screen instructions on how to enroll each specific device. Once you have enrolled the device(s) that you would like to use for Duo authentication, you can then use it to authenticate you in the login process.

 

Administrating Duo in Enterprise

You can require Duo for your users via the 'Require use of Duo Security' policy. This policy can be enabled for your Enterprise account by accessing your Enterprise console and clicking the 'Setup' tab > 'Add Policy' button > Select 'Require use of Duo Security' from the dropdown menu:

DuoPolicy

 

If you would like to set the username portion of a user's email address to be used as their Duo Security username, enable the "Use username portion of email address as Duo Security username" policy:

DuoUsernamePolicy