Customizing LastPass Enterprise: Selecting the Right Password Policies for Your Business

Woman at laptop

Decisions around security are not always straight forward. How many controls are too many controls? Are you being too restrictive on your users? Will there be security gaps in your infrastructure? That’s why LastPass Enterprise offers 100+ customizable policies to give you more flexibility and control when it comes to managing access for your organization.  

However, 100+ policies also adds an important question to the mix: which policies are right for your business? The January 2019 LastPass Master Class focused on Enterprise Policies to help you answer this question. We broke down the LastPass Enterprise policies by use case to offer our policy recommendations based on the business challenge you may be facing. 

Simplifying Deployment 

How can you ensure a simple and streamlined onboarding experience for your users? With federated login through Microsoft Active Directory Federation Services, you can configure LastPass to automatically deploy a license when a user is added to the directory on either a group or individual basis. To get your users up and running quickly, Admins can also implement policies to groups and by using the Pre-Create Sharing Key, folders can be assigned to users prior to them even logging into LastPass for the first time. 

Increasing Security 

Who doesn’t want to increase their enterprise security? The core of the challenge is that users have the tendency to create weak passwords that they can easily remember, and then reuse those same passwords across applications. LastPass has a variety of policies to improve overall password security including Master Password requirements such as enforcing a minimum length, number of digits, number of special characters and more. There are also multi-factor authentication policies to enforce a second layer of authentication to the login, as well as a quick way to increase your LastPass Security Score by 10 points. 

Empowering Your Help Desk 

Boost productivity by empowering your employees to help you. Our new Help-Desk Admin – Restricted Administrator policy enables Admins to create a restricted Help-Desk Admin with access to only the functionality required for their role. A few examples include enabling the HelpDesk Admin to perform only a Master Password Reset, disable multi-factor authentication, or user and group management. This lightens the Admin’s workload without giving away control over the infrastructure. 

Managing Business and Personal 

Strong password security revolves around strong password behavior, and LastPass offers policies to ensure employee’s secure password practices go home with them. Through the Save Personal Sites to Personal Vaults or Require Linked Personal Accounts policies, Admins can enforce the linking personal accounts to employee’s business account, which we recommend as a best-practice. But if you would prefer not to, we offer policies to prohibit the linking of personal accounts as well. The choice is yours!   

Gaining Actionable Insights  

How do you ever really know if you’re ‘secure’ or not? As an Admin of LastPass, you have access to customized reporting where you can run reports up to 2 years back to gain better visibility into your end-user behavior, track changes over time, and determine trends to continue improving password security within your organization. A few of the policies we recommend are the Log Full URL and Log Username, so you can see the full site your users accessed opposed to just the domain name.  

View the LastPass Master Class: Enterprise Policies Deep Dive on demand for our full conversation on policy recommendations, our list of must-have policies, and most importantly deeper insight into LastPass Enterprise’s 100+ customizable policies so you can answer the question of which policies are right for your business. If you’re ready to begin implementing policies today, review the LastPass Enterprise policies support page or attend a Enterprise Admin demo for guidance on getting started.