You can provision new users by going to :
Admin Dashboard -> click Users to expand all options -> Create New User
There are 4 methods of user provisioning available in LastPass Enterprise as described below. You will want to weigh these options carefully before implementing LastPass across your organization.
Batch Provisioning of Users (Mac/Windows/Linux)
You can provision users under your enterprise account by entering their email in the box provided as shown in the screenshot below.
By default, LastPass will send welcome email to the users (the Send Email checkboxes are checked. Click Create Users button to complete the action. Once submitted, the user will will receive an automated welcome email with instructions on how to reset their temporary password and get started. If the user’s email address is already associated with a LastPass account, they will be sent an email with an activation URL to link their existing account to the Enterprise.
Active Directory Sync Client
The LastPass Active Directory Sync Client is a Windows service that can be run locally or directly from the admin dashboard.
Any newly eligible profiles added to your AD will be either (1) automatically provisioned with LastPass or (2) added to our system as pending approval (depending on your preferred settings). Once provisioned, the user will will receive an automated welcome email with instructions on how to reset their temporary password and get started. If the user’s email address is already associated with a LastPass account, they will be sent an email with an activation URL to link their existing account to the Enterprise.
With this Client you can opt to sync user group information as well, which can be used in turn to assign policies and Shared Folders. And the ability to create nested groups to manage permissions at the group level is also available. Click here to learn more about the Active Directory Sync Client. Click here to download the client (scroll to the bottom of the page).
LastPass Provisioning API
LastPass exposes a public API that can be used by enterprise accounts to create users, deprovision users, and manage groups. The full API details and instructions can be found within the Enterprise dashboard > Users > Create New Users > LastPass Provisioning API option.
Please see the link below for how to create and provision new users:
Automatic Provisioning Using Windows Login Integration
LastPass can invisibly integrate with the standard Windows Login process to automatically create new users and sign existing users in.
In order to setup, simply click on the link shown in the screenshot above and follow the instructions there. Alternatively,go to Install Software directly.
Install our full build with the following parameters:
lastpassfull.exe -dl=<your domain name> -cid=<company ID> -chsh=<your ID> -winlogin –userinstallie –userinstallff –userinstallchrome –installforallusers -j “C:\Program Files\LastPass”
The dl parameter should be an externally resolvable domain name (not your internal Windows Domain name) and will be combined with the Windows Username to form the LastPass login. For example, if you pass -dl=xmarks.com and your windows login is bob, the resulting LastPass username will be firstname.lastname@example.org.
Provisioning without an email address
By default, when a user is provisioned, an email is sent to the user with their temporary password or an activation link (if their account exists already). However, If you must provision users who do not have an email yet (for example, you are provisioning users via Service Provisioning through SAML), follow the procedure below:
- Go to Create Users in the Admin dashboard
- Set “Send Email if Existing User?” and “Send Email if New User?” to “No”
- Create the user using Batch Provisioning
- Once the user is created, go to the Users page
- In the Actions column, choose “Set Initial Password”. Make sure that the require Master Password reset on next login option is enabled. Store this password somewhere safe as it will be needed later for distribution
- If needed, setup the account: add the user to any User Groups, Shared Folders and Policies.
- When ready, give the user the initial password so they can use it to sign into their newly created account.
Table of Contents
- Getting Started
- Admin Dashboard
- Shared Folders
- LastPass Single Sign-on for Applications
- Advanced Options
- LastPass App for Mac
- Mobile Apps
- Multifactor Authentication
- Terminating User Accounts from Your Enterprise
- LastPass for Applications
- Site Map
- Sample Survey
- Email Templates for End User Roll Out and Training