Sponsored Content: Expert Insights conducts an in-depth review of Lastpass Enterprise, a leading identity management solution for businesses
Expert Insights / Sep 10, 2020By Joel Witts
What is LastPass Identity?
LastPass is an identity and access management solution that helps users and IT admins to better manage their passwords and accounts. It’s designed to be easy to use and provide simplified control and visibility over all business accounts.
LastPass helps users and teams to better manage their accounts and passwords with a secure password vault, secure password sharing, and single sign-on across corporate accounts. LastPass allows users to see all of their accounts and passwords at a glance, with useful features like auto-filling passwords into browsers and an in-built secure password generator to promote the use of stronger passwords.
LastPass provides admins with more visibility and control over passwords and account passwords with a range of reports and customisable policies. LastPass safely stores account details, including passwords, and provides easier and safer access to technologies and services people use every day.
With key features including single sign-on, adaptive multi-factor authentication and automated security reports, LastPass provides enhanced security to organizations and much improved ease-of-use to users, helping business to become more secure, maintain compliance and improve productivity.
Overview of LastPass Benefits
Better Password Management
LastPass Identity allows every user access to their own secure encrypted Password Vault, which securely stores account passwords for all of their accounts. This means users no longer have to remember each individual password for all their accounts, or keep them written down. They have visibility at a glance of all of their accounts and passwords in one secure space, available both online and offline.
To log into this account, users need a master password. It’s of course critical that this password is as strong as possible, so LastPass for Teams gives admins the ability to enforce polices around the strength, complexity and regular updates of the master password. Passwords in the vault are encrypted and decrypted only on the users’ machine, using AES 256-bit encryption.
Inside their LastPass Vault, users have visibility at a glance of all their accounts, with the ability to change and update account details as needed. They can easily copy and paste secure passwords as needed, as generate new secure passwords for accounts. LastPass also gives visibility into how secure existing passwords are, highlighting reused and easily guessed passwords that are used.
Secure Password Sharing
It’s crucial that admins and users can quickly share passwords to important accounts between each other so that the right people can access applications and apps. For teams, LastPass provides easier access and management of shared passwords. Passing around passwords on post-it notes are finally a thing of the past.
With LastPass, password sharing is both simplified for the user, and is trackable by IT admins to ensure that passwords are only shared to the right people. Both admins and users are able to share passwords within their LastPass vaults, meaning that multiple members of a department can access the same account with only one set of credentials.
Users don’t even need to know the password itself, and admins can choose to hide that password from the view of end users. When they go onto website of the account in question, LastPass will auto-fill the account details, and the user will have access without needing to know what the password is. This helps to keep accounts secure, and minimizes the risk of passwords being compromised in spear-phishing attacks, as users will be unable to paste secure account passwords into malicious webpages.
Easier Account Access with Single Sign-On
Beyond password management, LastPass makes employee account access seamless with single sign-on. Single sign-on (SSO) allows employees to access all of their accounts with just one set of log-in credentials, helping to eliminate the need for passwords for key services.
Users can simply log into LastPass with their master password, and from there have seamless access to all of their accounts. LastPass integrates with a catalogue of over 12,000 apps to provide this access, making it easier and more secure for users to access accounts.LastPass SSO is highly secure, controlling and managing user identity information to authenticate the user without needing to share account details with third party services.
Single Sign-On eliminates the need for users to remember, or share, unsafe and easy to guess passwords. It also gives admins more visibility and control over user access, giving improved visibility into which people are accessing your corporate accounts.
Enhanced Account Security with Multi-Factor Authentication
Alongside making it easier to access accounts, LastPass enforces multi-factor authentication, making them more secure. Multi-factor authentication means adding additional steps to verifying a user’s identity. Typically, users verify their identity with something they know, such as a user-name or password. This works well unless what the user knows is lost, or is easily guessed.
With multi-factor authentication, identities are verified through a variety of means, such as biometrics on a smartphone. LastPass allows admins to enforce multi-factor authentication across important company accounts, reducing the likelihood of account compromise.
LastPass supports biometric authentication with compatible devices, allowing users to authenticate access with a fingerprint, face scan, or pattern.
LastPass also supports adaptive and contextual multifactor authentication. They use intelligent systems to learn devices behaviours when it comes to account access, collecting data on devices, times and locations. This information is used to determine potential risks and improve account security. For example, if you usually access the company billings account in your office in the morning, but LastPass registers an attempted login from a different country in the middle of the night, the system will be intelligent enough to pick this up as a potential risk, and request the user verifies their identity with multi-factor authentication.
This improves account security, without burdening users with the process of having to verify their identity with a one-time passcode every time they need to log into an important account.
LastPass allows admins more control over company account passwords and password sharing via the admin console. In here, admins are able to add and remove users, implement security features such as multi-factor authentication, and implement organization-wide policies to govern identity and access management.
These policies include setting minimum security standards for passwords and mandating that employees updated key account passwords after a certain amount of time. The admin console gives admins visibility into how secure employees’ passwords are, including that of the master password for their password vault. You can view the extensive list of management policies available here. In this vault admins also have ‘kill-switch’ which automatically removes access to any company accounts for any departing employees.
The service is simple to deploy, and integrates with systems like Microsoft’s Azure Active Directory, automatically adding your Office 365 users into the LastPass system. This automatically sends your users a link, which guides them through the account set up process in a matter of minutes.
Detailed security reports
LastPass provides automated, extensive reporting for auditing and compliance purposes. These reports are important for companies that need to track where passwords have been shared, and when certain users have accessed accounts. These reports can be viewed in the admin console.
LastPass’ user activity reports provide a comprehensive overview of every login, password, username update, form fill and saved website for all your Enterprise users for up to two years. This includes failed login attempts, which help to showcase repeated failed attempts to access an account. LastPass also provide Security Reports, which are summaries of how secure your organization’s password hygiene is generally.
These reports show you at a glance the number of reused passwords and master passwords, the number of weak and easily guessed passwords in use and the number of duplicated passwords in use. With this data admins can target training and education to users where needed, and help to optimise their password security organization-wide.
LastPass also provide reporting on shared folder access, allowing admins visibility over which users are assigned to which accounts, what the admin rights are, and which users have read-only or write access.
Reporting over admin usage, which is crucial for compliance use cases in certain industries. LastPass logs each time a user is created or removed, each time a password is reset, or admin permissions given, and each time password policies are updated or changed.
LastPass Identity: Key Features
Enterprise password management
LastPass captures, stores and auto-fills account details across all web-based logins
Secure password sharing
Allow teams to easily and safely share access to company accounts, with full admin visibility and control
Over 1200+ apps offer seamless, passwordless access for LastPass users
Improve account security by combining biometrics and contextual factors to protect accounts from compromise
Central admin controls
Manage identity across all of your employee accounts, including cloud, mobile and legacy apps, VPNs and workstations
Admins have a holistic view of end-user activity from a single easy-to-use end-user dashboard
Easy deployment with integration with user directories like Azure AD
Why do businesses need identity management?
The growth of Software-as-a-service (SaaS) and cloud-based applications has made it far easier for employees to collaborate and work on projects across teams and departments. Organizations around the world rely on applications like Office 365, Salesforce and more for critical businesses activities. However, managing access to these services has become a real challenge, both for users, and for admins. Recent research found that 92% of businesses have experienced at least one challenge when it comes to identity management.
Users now have multiple accounts and therefore multiple passwords to manage. Recent research from LastPass highlights that the average employee has 191 passwords to different accounts. That’s a staggering number, far more than any person can reasonably remember, unless they’re cutting corners by reusing passwords, or using easy to remember, and therefore easy to guess passwords.
Without an organization-wide identity management platform in place, users are ultimately responsible for the security of these accounts. For most users, the solution to this is a spreadsheet or notebook filled with passwords. This isn’t however a secure solution, and it’s not ideal when you need to access multiple accounts per day. This represents a real challenge to employee productivity, and often leads to frustration.
Teams also need to be able to securely share passwords. In marketing for example, the username and password for social media channels needs to be shared between multiple people securely. Without an identity management platform, this is almost impossible. People end up passing passwords around a busy office on post-it notes or sending passwords to colleagues via insecure channels, putting accounts at risk of being compromised.
For IT admins, managing these accounts and access to them is a significant challenge. Often, SaaS applications will contain personal customer data, sensitive company files, and access to critical systems that ensure businesses can operate effectively. If access to these accounts is compromised due to weak passwords, or a reused password, it can lead to serious data breaches.
However, without an identity management solution in place, admins have no visibility over who is accessing accounts, how secure the passwords to these accounts are and, where passwords are being shared. It’s often the case that IT admins won’t even know the majority of accounts that users have registered using company credentials putting organizations at real risk as employees are left to manage access potentially sensitive accounts with no admin oversight or visibility.
LastPass aims to solve the identity challenges facing both the user and the IT admin, making managing accounts easier, and ensuring greater visibility and control over identity and access. The LastPass password manager provides each individual user a secure value from where they are able to view all their passwords in one secure, encrypted location. LastPass encourages the use of secure passwords with a password generator which includes numbers, symbols and a mixture of upper and lower cases letters. Users don’t need to remember these secure passwords; LastPass automatically saves and auto-fills account details into chrome.
LastPass also allows users and admins to share passwords across teams, groups and users, making it easy for people to access the accounts they need to securely. Policies even also admins to share access to the account, without giving the user visibility over what the password is, stopping users from continuing to share the password outside of the LastPass system. Admins can also revoke access as needed, ensuring that if an employee leaves, they’re no longer able to access company accounts.
Admins also have access to a range of security reports and configurable policies. This means that they can get visibility into, and manage, all of the accounts across the organization, ensuring that accounts are being used properly and securely, and helping to reduce the reliance on end users managing their own passwords securely.
LastPass is a market leading identity and access management vendor. It provides key identity management features including a password manager, secure password sharing, multi-factor authentication, single sign-on and security reports into one comprehensive platform, primarily marketed at small and mid-sized organizations. LastPass was acquired by LogMeIn in 2015, and has grown to be one of the most popular identity management platforms for businesses worldwide, after focussing initially on the consumer market.
Research has found that 47% of organizations find that balancing ease of use for users with greater control over access management for admins is a challenge. In our experience, LastPass helps to solve that issue head-on. From an end user perspective, the service is easy-to-use, fast, and well designed. It automatically saves passwords as you navigate around the web, and auto-fills passwords as needed. Using the vault is extremely straightforward, for even the least tech-savvy people.
For IT admins, the service is easy to deploy and manage. Configuring policies and managing access to accounts and shared passwords is quick and easy. Revoking access is immediate. The service gives admins the visibility they need to see password hygiene across the organization, and the tools toimplement policies as needed.
There are four different tiers of access, and the features and benefits of the service do vary between them. LastPass Teams is their core password manager service, which is recommended for businesses of 50 employees or less. LastPass Identity is a mid-market focussed solution, which includes single sign-on functionality. LastPass MFA solely provides multi-factor authentication features. LastPass Identity is the upper mid-market and enterprise offering, which provides all identity management features in one comprehensive platform.
LastPass is a strong solution for businesses to manage user access, authentication and passwords. The platform is intuitive, easy to use and easy to administer. It’s especially well-suited to small and mid-market teams who need an affordable password management solution which will be popular with their employees. Reviewers on Expert Insights praise the service for its user friendliness and for the time it saves with auto-filling passwords.