LastPass

LastPass is a cloud-based password management and access management platform for individuals, teams, and enterprises.

• Enterprise password management and secure credential vaulting for workforce users (identity and access management).
• Single Sign-On (SSO) and federated access to cloud and on-premises (on-prem) applications (access management).
• Multi-factor and adaptive authentication for user login protection (authentication security).
• Secure sharing of passwords and secrets across teams and business units (collaboration security).
• Administrative console, policy controls, and reporting for compliance and governance (security administration).

More About LastPass

LastPass provides password management and access management services that enterprises use to centralize how employees create, store, and use credentials for web, Software-as-a-Service (SaaS), and internal applications. The platform is delivered as a cloud service with client components available as browser extensions, desktop applications, and mobile apps, enabling coverage across common enterprise endpoints and user workflows.

In enterprise environments, LastPass functions as an identity and access management (IAM) tool that layers on top of existing identity providers. It integrates with directory services through standards-based federation protocols such as Security Assertion Markup Language (SAML) (security assertion markup language) for SSO and supports SCIM (system for cross-domain identity management) in many deployments for automated user provisioning and deprovisioning. These capabilities allow IT teams to enforce centralized access policies while delegating primary identity to services such as corporate identity directories.

The password management component maintains an encrypted vault per user, where credentials and other secrets are stored. Encryption and decryption occur on the client side, with a master password or equivalent key material controlling access, aligning with a zero-knowledge design approach described by the company. Enterprise administrators can define policies that govern password complexity, rotation expectations, Multifactor Authentication (MFA) requirements, and sharing rules, as well as control which features are available to users.

LastPass also offers SSO (access management) capabilities that map users to assigned applications and use federation for login, reducing direct password use where supported. MFA (authentication security) can be enforced at login, using factors such as time-based one-time passwords, push notifications, or biometrics on supported devices, adding additional checks beyond username and password. These services position the platform within enterprise security stacks alongside other Identity Access Management (IAM), endpoint security, and Security Operations (SecOps) tools.

From a governance and compliance perspective, LastPass includes an administrative console where security teams can configure policies, review security scores, and access audit and usage reports. These reporting features help organizations monitor credential hygiene, identify risky behaviors such as password reuse, and demonstrate adherence to internal controls or external requirements. Secure password and secret sharing functions support collaboration use cases, for example within IT, development, and operations groups that manage shared accounts.

In marketplace taxonomies, LastPass maps primarily to password management, enterprise password vaulting, SSO (access management), and MFA (authentication security). Its offerings are used by organizations that want cloud-delivered identity and access tooling that integrates with browsers and mobile devices, reduces friction in credential use, and supports centralized security policies around workforce authentication.