Improving password security at your organization starts with getting employees to use their new password manager. But how exactly do you get them started? When pressed for time and resources, onboarding employees to LastPass must be as straightforward as possible. As an admin, you can take advantage of integrations and policies that automate and streamline onboarding while simplifying the employee registration and setup process. LastPass allows you to grant and revoke access to employee work resources with our simple onboarding and offboarding options. With the same end-user experience valued by millions worldwide, employees are up and running in hours, not days.
How employees get started
We always recommend giving employees advanced notice that you will provide them with a new password manager. Set expectations for all employees by explaining what a password manager is, why the organization uses one, and the benefits it offers. But once you start the rollout, LastPass
walks users through those critical first few steps to get started. A few minutes and a handful of clicks will get a new user up and running with LastPass.
Typically, employees will receive a welcome email from LastPass. The email invites them to create their account using their work email address. At that time, they'll create a new master password. Make sure employees understand how to create a long, secure passphrase. Once they complete their account signup, they can start using LastPass to store passwords.
A Starter Kit is available in the vault by default to all new employees using LastPass. The starter kit walks new users through the five most important tasks to get LastPass set up and familiarize them with key features:
- Downloading the LastPass extension to the browser, which offers the best experience with LastPass as it saves and fills data on websites, as well as the app for mobile devices
- Storing a password in the vault so employees see the immediate benefits of autofilling account credentials when logging in
- Generating a new password to help employees create unique, strong passwords when registering for a new account or updating insecure passwords for existing accounts
- Autofilling a password, demonstrating how LastPass saves employees time and hassle by entering login information every time
- Viewing security weaknesses in the Security Dashboard, where employees can see how their password security measures up and take steps to update at-risk accounts
Completing all steps in the Starter Kit rewards the employee with a tree planted in their honor!
Ultimately, the employee onboarding flow focuses on creating the employee's account and familiarizing them with the LastPass features they'll need to use from day one. Users are often surprised at how quickly their vault fills up with dozens, even hundreds of passwords. From there, LastPass becomes an indispensable tool in the workplace, and you'll see your organization's password security improve.
What IT admins need to know about onboarding
Behind the scenes, LastPass helps admins streamline the onboarding process with various integrations, deployment settings, and security options. A focus on customization and automation gives admins choices without requiring extensive technical expertise.
You can plug LastPass into your existing technical infrastructure, like Active Directory, and tweak the LastPass experience to best fit your organization's needs. Or you can use the out-of-the-box settings, which help strike a balance between ease of use and security.
Before onboarding users, you must determine which account provisioning option works best for your organization. Our automated provisioning options integrate with Active Directory, LDAP, Microsoft Azure Active Directory, Okta, OneLogin, PingOne, Google Workspace, and ADFS.
At a high level, these directory integrations feed relevant information from your directory to LastPass. For example, when you create new user profiles in your directory, they're synced to LastPass to provision new accounts. Likewise, when the user profile is disabled or deleted, LastPass reflects those changes in real-time. As an admin, you can leverage a directory integration to apply policies, grant access to specific apps, and manage permissions at the group or individual level.
No user directory? No problem. In the Admin Console, you can manually enter the email address of each employee in your organization or upload a bulk list of users in a recognized format. The employees will receive their welcome email and create their master password.
After inviting employees to finish account creation, the Admin Console is your command central for overseeing user status, product usage, policies, and user permissions. For example, you can require multifactor authentication, set password strength requirements for the master password, assign specific apps to specific people or groups, and so on. LastPass allows a high level of customization via the options available in the Admin Console. Still, you don't need to dig into those customizations if the default configurations work for you.
What if someone leaves?
In today's workplace, employees often come and go frequently. From a productivity perspective, you want to provide access quickly so new hires can dig in on day one. From a password security perspective, you want to ensure that any employee leaving the organization isn't a risk - intentional or not. That means cutting off access immediately.
If using a directory integration with LastPass, disabling or deleting a user profile in your directory will automatically trigger the same status in LastPass. Deleting an account also deletes any data in their vault not shared with other users. If an account is disabled, the data is still there but inaccessible until the account is enabled again.
Suppose you manually deployed LastPass and do not have a directory integration. If so, an employee's LastPass account can be disabled or deleted manually via the Admin Console.
The employee's account is instantly inaccessible if account access is revoked via a directory integration or manually in the Admin Console. Cutting off access minimizes the risk of data loss, data breaches, and retaliatory actions.
Managing user access with LastPass
For employees and admins alike, LastPass aims to simplify the setup process. We offer admins automated options for inviting and managing users, but even our manual options keep it simple. Password security can be intimidating, but LastPass makes it easy for users to complete their account setup and get acquainted with password management basics.
This Cybersecurity Awareness Month,
learn how LastPass helps you build a strong password security strategy, starting with simplified onboarding and offboarding.
