LastPass Enterprise, Now Without the Master Password 

Animated lock image

Our mission at LastPass is effortless security. Today, we’re removing the extra step of creating and remembering a separate master password for LastPass Enterprise customers – delivering more effortless security for everyone. We’re “killing” the master password to give employees one password to remember, their Active Directory password. By integrating with Microsoft Active Directory Federation Services, employees will enjoy an easier experience and admins will see even better adoption. When a password manager is this easy to sign up for and use, you’ll see the password security results you want. 

Why federated login to LastPass? 

LastPass removes password-related obstacles in the workplace by storing and filling all passwords employees need to use. They only need to remember the one, strong master password to unlock their LastPass account and access all other passwords. For businesses that have chosen to standardize on Microsoft Active Directory Federation Services, the separate master password introduces a second password that the employees must remember, in addition to the Active Directory password. 

By integrating with AD FS, the onboarding and login experience to LastPass is seamless and now reflects an experience that many employees are already comfortable with using. With only one password to remember to unlock all of work, employees will enjoy a better LastPass experience that also translates to higher usage of LastPass by all employees. 

How is federated login secure? 

Three components must be configured to turn on the new integration: AD FS, the LastPass AD Connector, and an active LastPass Enterprise trial or account. Once configured, any invited user will be able to complete sign up to LastPass by simply clicking a link in the activation email and submitting their AD password to authenticate to LastPass. For full configuration steps, see our documentation here. 

LastPass uses a patent-pending method of distributing, storing and uniting encrypted keys to ensure the AD password is never shared with LastPass. This zero-knowledge model is designed to ensure that only the user can access their data. See the security whitepaper for more information. 

Calling all beta testers! 

Starting today, the LastPass Enterprise federated login experience is available to new customers that have not yet provisioned users. 

For existing customers who have already provisioned their users, migration of the user accounts will be necessary as they will need to be re-encrypted. We will be offering migration later this year and invite our customers to join our exclusive LastPass Enterprise beta program. You will be the first to know when the migration is ready and will have the opportunity to help us beta test the new functionality. 

Ready to learn more? 

Whether you’re new to LastPass Enterprise, a long-time admin, or considering LastPass for your organization, we invite you to join our upcoming webinar discussing the new federated login experience. We’ll cover the benefits it offers, an introduction to enabling the integration, and a review of the security and technical details. Sign up here. 

And if you’re not yet using LastPass Enterprise for your business, you can start a no-strings-attached trial today.