lastpass intercepting Vierified insertion Skip to main content
https://support.okta.com/help/answers?id=906f0000000i0p8iak&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
HenkJan de VriesHenkJan de Vries 

lastpass intercepting Vierified insertion

We are experiencing problems that users can intercept admin set credentials via SWA with tools like lastpass and onepassword.

I do know of the 'prevent browser save password banner beta' (https://support.okta.com/help/blogdetail?id=a67F0000000XZBtIAO) but that doesnt stop tools like mentioned above to intercept insertions into fields.

How can we manage this?
Jesse WebbJesse Webb
In our company all IT users are required to use LastPass for admin credentials and of course we use it for every system we log into.  It is a great system.  For stored credentials in LastPass that conflict with managed apps in Okta, you can go into LastPass, edit the site of the conflict, at the bottom select advanced, and uncheck autologin and check disable autofill.  Conflict solved.

For Administrative or System websites you do not want in Okta you can tell Okta to never ask about that site too...  
HenkJan de VriesHenkJan de Vries
Hi thanks for your reply, In the giving example its the other way around, we don’t want users with lastpass tob e able to intercept Okta inserted usernames and passwords. If i would set something in okta with admin sets credentials type, and lastpass would intercept that, it would create a way of regaining confidential credentials. And because its a bring-your-own-device company, there is no IT controlled environment in which install of lastpass and sorts can get blocked.
HenkJan de VriesHenkJan de Vries
Right now, we are considering using the chrome management with google apps. Luckily the organisation uses Google apps, and therefor is able to setup the Chrome management. When users signin with their company account in chrome, they are asked to enroll or let the company manage their account. In this management, Chrome can be setup to disable extension and/or plugins like lastpass. Also as extra features, the chrome management provides, cookie and session management, preset bookmarks, homepages, save password management etc.
This is not a fix or solution, but could be a start to give extra security for SWA apps. And it will only work with chrome management enabled within organisation that use Google apps.
the link for alle the info on this topic: https://support.google.com/a/answer/2657289?hl=en
 
Justin CapitanJustin Capitan
We just ran into this issue today with LastPass and Google Chrome.  This is very concerning to us as this seems like a HUGE security risk.  We called support and they told us this is expected behavior. Not good!
HenkJan de VriesHenkJan de Vries

Hi Justin, if you are able to force browser use to google chrome, you could have users work with chrome. The good thing here is that you can manage the browser usage and installment of extensions. We have several okta customers now using this as a way to force users to go through google chrome and work, which is a good UX. and addons like lastpass and keychains are disabled. Unfortunatly when the user logs in into another browser than you still dont have any management. At least you can point out that the user wasnt following company instrcutions and went against policies, set to uphold the highest security possible within the best working environment.

good luck

Kurt MillerKurt Miller
LatsPass is offering to save OKTA passwords, this is insecure and defeats the purpose of OKTA, is there a way to sheild from this?