LastPass Forums

[Soteria]

I would like to restrict the ability to create shared folders to specific users or user groups. Is this possible in LastPass Enterprise. I looked through the available security controls and the only thing that came close was Prohibit Sharing setting. It sounds like this setting would be global and prevent everyone from sharing, however. My goal is to limit people who can share credentials to a few individuals within our organization. Any thoughts on how to best accomplish this?

[mpowers891]

If you use Windows Active Directory you can set up synchronization of groups and users by following:
https://enterprise.lastpass.com/users/s ... tory-sync/
There is probably a way to do above in Linux but we have not yet advanced to Linux
Then, permission the groups rather than users to shared folders following
https://enterprise.lastpass.com/shared-folders/
We had good luck with this for some years but recently have seen LastPass Enterprise Shared Folder entries occasionally revert to old entries. We have a question posted in this forum on that problem.

[Soteria]

Thanks for the reply. I understand that I can create groups in AD, that those groups can be synched to LastPass, and then I can set policies for those groups in last pass. I imagine that the sharing option must be on for anyone to access or use shared folders. In that case, would all the users who weren't specified in a group from AD also have the ability to create and share folders on their own? Would the best solution be to put everyone who doesn't get access to share into a group and everyone who does get access into another group, then set the policies for those two groups?