When choosing how to deploy LastPass, IT teams must balance their own needs with employees’ expectations. On the one hand, IT will want to automate as much of the process as possible. Integration with existing systems and directories is often crucial, too. End users, conversely, want minimal disruption to their workday. This means avoiding downtime and making setup as straightforward as possible.
That’s why the Managed Browser Policy can be ideal for deploying LastPass. We chatted with Blake Lewis, an Enterprise Customer Success Manager for LastPass at LogMeIn, to learn more about the policy and why you should consider enabling it for your LastPass deployment.
As a CSM, Lewis is a go-to expert for clients looking to “deploy, maintain, and maximize the value of LastPass.” He thinks through use cases and figures out how clients can best utilize LastPass in their environments. Clients often ask him how to connect LastPass to their user directory, set up federated login, enable master password recovery features or train employees on best practices.
When it comes to deploying LastPass, Lewis reviews all the options available to clients and helps them choose the best one. The Managed Browser Policy, he said, is one he frequently recommends.
What is the Managed Browser Policy?
Utilizing Managed Browser Policy gives IT admins direct control over available settings and extensions in the browser while causing minimal disruption to the employee. “Most browsers let businesses manage browser functionality through a set of policies configured and deployed as part of an install package or via GPO,” says Lewis. “In the case of LastPass, we have sample code for Edge, Chrome, and Firefox that allows you to enable LastPass in the browser while disabling the built-in password manager, too.”
What are the advantages of the Managed Browser Policy?
Lewis highlighted three key advantages of the policy:
- Convenience: The policy offers a seamless install experience with no user interaction. “With the MSI install, we leverage a technology called side-loading,” says Lewis. “This method of installation requires users to accept the permissions for the app via a pop-up notification. If they fail to do so, the app won’t fully install.” In other words, the successful installation of LastPass comes down to user action, which creates an opportunity for failure.
- Flexibility: The Managed Browser Policy is easily added to an existing browser policy configuration. According to Lewis, “the policy also allows you to put the extension ‘on deck’ as an installed extension, but not activated, which can be useful if LastPass will be an opt-in service.”
- Security: Using the policy to disable the built-in password managers limits employees’ opportunities to store passwords in unapproved, insecure ways. The policy can also prevent users from accidentally uninstalling the LastPass extension. Plus, “browsers are moving away from supporting side-loading as a security enhancement,” Lewis mentions. “Our MSI installer can no longer install LastPass to Firefox.
Is the Managed Browser Policy right for me?
LastPass offers different deployment options for a reason. The deployment process should be as easy as possible while accounting for differences in technical environments. Lewis says that his clients’ number one worry is always, “How can I provide the most seamless experience for my end users?”
When helping them figure out which deployment options to choose, he first asks them to explain how they’re doing it today. “Is the IT team managing browsers already? If not, how can I help them learn more?” he explains. “This method provides a lot of flexibility and security controls for an organization looking to keep Shadow IT at bay.”
If your organization is new to managing browsers, Lewis recommends learning more about how it works for Chrome, Firefox, and Edge.
Of course, the policy may not be the right choice for everyone. “For organizations who don’t leverage a software distribution tool or cannot take advantage of the policy, we do host direct links to the browser extension stores on our downloads page,” Lewis says. The self-service download is still a quick option, though it offers less centralized control for IT.
(By Amber Steel, LogMeIn)