UCLA is offering LastPass Enterprise, an upgraded team license with administrative features, at no cost to Departments. LastPass provides secure password storage and centralized admin oversight to reduce the risk of data breaches while removing employee password obstacles. With customizable policies, secure password sharing, and comprehensive user management, LastPass offers the control IT needs and the convenience users expect. Each department will have complete control their own instance of LastPass enterprise.
- Why does my department need a password manager?
- The average person struggles to manage 213 passwords in the workplace. A password manager will eliminate this struggle and help:
-Promote safer password behavior and habits for your users.
-Let your users focus on their job, not remembering their passwords.
-Gain insight into how safe your departments password behavior is and how you can improve it.
-Reduce the number of password reset requests. Your users will only have to remember one password. Even if they forget their master password, your admins only have to reset one password, instead of 213.
- How much control and visibility will the IT Security Office have into my LastPass enterprise instance?
- In short, close to none. After the IT Security Office completes the initial configuration of your LastPass instance, it’s yours to customize. The only mandatory policy is the policy requiring you and your users to use DUO MFA with LastPass. We want to ensure you and your user’s sensitive password data is protected behind MFA. Our auditing of LastPass is going to be extremely high level, similar to the DUO MFA roll-out. We just want to report how many departments and users have signed up to leadership. That’s it. We won’t see or control your passwords. We won’t see or control your password activity. The rest is up to you and your department.
- What if my users already have LastPass?
If the user’s work email is already tied to a LastPass account, the user will be able to transfer that account to the Departmental LastPass Enterprise.
If the user already has LastPass, but used a personal email account, the user can create a new LastPass account under the Department Enterprise with their work email. The user can then link their personal LastPass account(s) to their UCLA Enterprise LastPass Account, so the credentials in both accounts can be used. Instructions and more information can be found at LastPass Account Linking Support Documentation. If you wish to unlink your personal account, instructions can be found at LastPass Unlinking Support Documentation.
How long will it take to enroll my department?
*Once the IT-Security receives your request via the web form, it will take a week to process your request and create and configure your instance. Once the instance is configured, the IT-Security Office will contact you to transfer ownership and help with the initial setup and roll out to your user base.
Can a user use the same email address for premium and enterprise?
Yes, having an account in LastPass Enterprise automatically gives users Premium LastPass licenses. When a user is added to a LastPass Enterprise instance, the user’s email address associated with their premium account will be linked to that Enterprise instance. If they don’t already have a premium account, LastPass gives the user a Premium license to set up an account for their email address that was added to the Enterprise account.
If a UCLA employee would like a LastPass Premium account for strictly personal use, apart from their Enterprise account, they can sign up for separate LastPass Premium account with a personal email (e.g., Gmail, Yahoo, etc.).
Can a user be part of more than one departmental enterprise account? If so, is there a limit?
Yes, a user can be added to as many departmental LastPass Enterprise accounts as he or she is invited to.
Since LastPass uses email addresses as unique identifiers, the user must use a different email address for each enterprise instance they are a part of. A solution for users being a part of multiple enterprise instances has been to use email (smtp) aliases.