You can provision new users by going to :
Admin Dashboard -> click Users to expand all options -> click the “Add User” button in the top right
There are 4 methods of user provisioning available in LastPass Enterprise as described below. You will want to weigh these options carefully before implementing LastPass across your organization.
Batch Provisioning of Users (Mac/Windows/Linux)
You can provision users under your enterprise account by entering their email in the box provided as shown in the screenshot below.
By default, LastPass will send welcome email to the users (the Send Email checkboxes are checked. Click Create Users button to complete the action. Once submitted, the user will will receive an automated welcome email with instructions on how to reset their temporary password and get started. If the user’s email address is already associated with a LastPass account, they will be sent an email with an activation URL to link their existing account to the Enterprise.
Alternatively, you can create custom email template for both new and existing LastPass Users.
Active Directory Sync Client
The LastPass Active Directory Sync Client is a Windows service that can be run locally or directly from the admin dashboard.
Any newly eligible profiles added to your AD will be either (1) automatically provisioned with LastPass or (2) added to our system as pending approval (depending on your preferred settings). Once provisioned, the user will will receive an automated welcome email with instructions on how to reset their temporary password and get started. If the user’s email address is already associated with a LastPass account, they will be sent an email with an activation URL to link their existing account to the Enterprise.
With this Client you can opt to sync user group information as well, which can be used in turn to assign policies and Shared Folders. And the ability to create nested groups to manage permissions at the group level is also available. Click here to learn more about the Active Directory Sync Client. Click here to download the client (scroll to the bottom of the page).
LastPass Provisioning API
LastPass exposes a public API that can be used by enterprise accounts to create users, deprovision users, and manage groups. The full API details and instructions can be found within the Enterprise dashboard > Users > Add User > Provisioning API option.
Okta Integration
Many companies are using Okta, the leader in Single Sign-On, alongside LastPass, the leader in business password management, to address the complete picture of employee identity and access management. We’ve partnered with Okta to offer a SCIM API that can be configured for automatic provisioning and deprovisioning of LastPass accounts for easy, secure administration.
Integrating LastPass with your Okta directory offers:
- Secure configuration and deployment of LastPass
- Automated provisioning of LastPass user accounts
- Real-time deprovisioning of LastPass user accounts
- Assigning LastPass access to groups in Okta
Click here to learn more.
Azure Integration
Integrating LastPass with your Microsoft Azure Active Directory (AD) offers:
- Secure configuration and deployment of LastPass
- Automated provisioning of LastPass user accounts
- Real-time deprovisioning of LastPass user accounts
- Syncing groups for assigning users to policies and shared folders
Click here to learn more.
Automatic Provisioning Using Windows Login Integration
LastPass can invisibly integrate with the standard Windows Login process to automatically create new users and sign existing users in.
In order to setup, simply visit the Install Software tab in the Enterprise dashboard and follow the instructions there.
Install our full build with the following parameters:
lastpassfull.exe -dl=<your domain name> -cid=<company ID> -chsh=<your ID> -winlogin –userinstallie –userinstallff –userinstallchrome –installforallusers -j “C:\Program Files\LastPass”
The dl parameter should be an externally resolvable domain name (not your internal Windows Domain name) and will be combined with the Windows Username to form the LastPass login. For example, if you pass -dl=xmarks.com and your windows login is bob, the resulting LastPass username will be bob@xmarks.com.
Provisioning without an email address
By default, when a user is provisioned, an email is sent to the user with their temporary password or an activation link (if their account exists already). However, If you must provision users who do not have an email yet (for example, you are provisioning users via Service Provisioning through SAML), follow the procedure below:
- Go to Create Users in the Admin dashboard
- Set “Send Email if Existing User?” and “Send Email if New User?” to “No”
- Create the user using Batch Provisioning
- Once the user is created, go to the Users page
- In the Actions column, choose “Set Initial Password”. Make sure that the require Master Password reset on next login option is enabled. Store this password somewhere safe as it will be needed later for distribution
- If needed, setup the account: add the user to any User Groups, Shared Folders and Policies.
- When ready, give the user the initial password so they can use it to sign into their newly created account.
Translation
Table of Contents
- Getting Started
- Introduction
- Admin Dashboard
- Users
- Groups
- Shared Folders
- Reporting
- Settings
- LastPass Single Sign-on for Applications
- Advanced Options
- Multifactor Authentication
- Terminating User Accounts from Your Enterprise
- LastPass for Applications
- Site Map
- Sample Survey
- Email Templates for End User Roll Out and Training