Basic
This identity system allows users to sign in to LastPass using their corporate credentials rather than a separate master password.
Federated Login
LastPass federated users cannot use this type of authentication method inside LastPass itself; it must be enforced at the IdP level instead. (TRUE Or FALSE)
TRUE
LastPass uses this encryption model where data is only decrypted on the user’s device and never visible to LastPass itself.
Zero-Knowledge Architecture
During login, federated users must have this enabled in their browser or they will be unable to complete authentication.
the LastPass browser extension
This is the approximate number of configurable policies available to admins in LastPass Business, enabling granular control over user security settings.
100+ policies
This term describes the process where a user signs into multiple apps—including LastPass—after authenticating once.
SSO
Because the browser extension must stay online to retrieve a user’s encryption key, this type of login is not available for federated users.
offline access
This LastPass Business dashboard provides visibility into weak, reused, and compromised passwords across the entire organization.
Security Dashboard
Super admins AND users who were not synced from the directory (that is, users added manually in the Admin Console) are not eligible for federation.
Not eligible for federation
This LastPass policy ensures that when new user accounts are created server‑side, their encrypted sharing key is generated automatically—allowing them to receive shared folders without needing to log in first.
Pre‑create Sharing Key
What policy should be enabled before we begin the Federated login setp?
Permit Super Admin to Reset MasterPassword
This LastPass feature cannot be used by federated users because their master password comes directly from the IdP, not LastPass.
One‑Time Password (OTP)
This centralized tool allows IT to monitor password health, enforce policies, manage users, and control security settings organization‑wide.
Unified Admin Console
An existing user that is not federated and has not been selected for federation.
Not Federated
This policy sends an email alert to specified recipients whenever a user account becomes temporarily locked due to repeated failed login attempts.
Notify Admins Upon User Lockout
It refers to linking a company's existing "user directory" with other applications and services, making user management easier and more secure.
Directory integration
If a super admin uses the “Permit super admins to reset master passwords” policy to recover a federated user’s account, the user is converted into this account type.
non‑federated user
LastPass Business automatically provides each employee with a free family account, improving security beyond the workplace.
Families as a Benefit
It is a feature in Microsoft Entra ID (formerly Azure AD) that allows an admin to manually provision a user or group immediately to an integrated application — including LastPass when using SCIM provisioning
Provision on demand
A LastPass admin must have this policy enabled in order to access and manage shared folders, including adding users and viewing shared folder details.
Permit Super Admins to Access Shared Folders
It is an automated addition of users to a software, in this case, LastPass
User Provisioning
Federated users are unable to activate this security layer within LastPass, since it must be managed exclusively through their Identity Provider to avoid login failures.
multifactor authentication
This permission level allows a user to modify items inside a shared folder and invite others but does not make them a LastPass admin.
the “Administrator” shared folder permission
What happens if an admin deletes a user in EntraID?
The users are disabled in the LastPass admin console
Enabling this policy ensures that the same multifactor requirements for a company’s main account are applied to employees’ linked personal LastPass accounts
Apply parent account MFA policy