No multifactor authentication policies enforced within LastPass – You must disable all multifactor authentication policies in the LastPass Admin Console ( learn how here) because this authentication occurs at the Identity Provider level.If enabled within LastPass, it will result in federated users being unable to access their vault.
It must be disabled within the LastPass Admin Console ( learn how here) and end user Account Settings ( learn how here). No multifactor authentication enabled within LastPass – Multifactor authentication must be set up at the Identity Service Provider level, not at the LastPass level.
Password reset using the "Permit super admins to reset master passwords" policy within LastPass, however, this will change the user's status from federated to non-federated – please see Reset a User's Master Password (Super Admin) for more information.Password reset via Azure AD, Okta or Google Workspace (if applicable).Password reset via the Active Directory user management (if applicable).Therefore, password recovery can be done in either of the following ways: Limited account recovery options – For federated users, the organization's chosen Identity Provider (IdP) provides authentication.No One-Time Password – This feature is not available as the master password comes from the user's Active Directory (AD FS, Azure AD, Okta or Google Workspace) environment.
For this reason, offline login is not available.