3 Ways to Delete Users from Your LastPass Account

Learn three straightforward methods to delete users from your LastPass account, tightening vault security and overall control
The author of the article Chris Shuptrine
Aug 2025
3 Ways to Delete Users from Your LastPass Account

Old coworkers, test accounts, or devices sometimes stay in your LastPass users list long after you stop needing them. Each idle profile is a door to your vault that you never meant to leave open.

This guide shows you how to shut those doors fast. You’ll learn three simple paths, Admin Console, Shared Folder settings, and direct user management, so you can drop unwanted users, clean up permissions, and regain full control.

Table of Contents

Pro Tip: Too long? Ask ChatGPT to summarize →

Use Lastpass’s UI

Use the LastPass Admin Console to remove a user from your business account. Make sure you verify your vault first, because deletion is permanent and cannot be undone later.

1. Open the Admin Console

  • Log in to LastPass with an admin account.
  • Select Admin Console from the left navigation panel.

2. Head to the Users page

  • Click Users.
  • The list combines active, invited, and suspended users in one table.

3. Locate the user

  • Enter the name or email in the search bar or scroll through the list.
  • Tick the checkbox next to the correct user.

4. Start the delete action

  • Select Actions at the top of the table.
  • Choose Delete User.

5. Review the warning

  • LastPass displays a prompt that explains the user’s vault items and shared folder access will be removed.
  • If you still need anything from their vault, click Cancel, export what you need, then restart the delete steps.

6. Confirm

  • In the confirmation box, type DELETE (if prompted) or click Yes, Delete.
  • LastPass completes the request and removes the user right away.

7. Reassign shared folder ownership (if needed)

  • While you’re still in the Admin Console, choose Shared Folders.
  • Any folder marked No Owner needs a new one.
  • Select the folder, click Change Owner, and pick another admin or user with proper rights.

8. Spot-check completion

  • Return to Users; the deleted person should no longer appear.
  • Test a shared folder or two to be sure permissions look right.

That’s it. The user is removed, vault access revoked, and shared data handed off to the right people.

Use Torii

Rather than logging into Lastpass, you can use Torii, a SaaS Management Platform, to remove a user. SMPs provide one command center for the SaaS stack, so teams can automate onboarding, offboarding, track subscriptions, and handle other chores.

Unlike the manual process in Lastpass, Torii lets you automate user removal whenever a chosen trigger fires. Typical triggers include a new hire, a role change, someone’s departure, a contract renewal, or any other event your team tracks. If you need to perform this task often, the automation can save considerable time.

To delete a user in Lastpass directly from Torii, follow these steps:

1. Sign up for Torii

Reach out via Contact Torii to start a free two-week proof of concept. The trial gives you access to all features, including workflow automation and integration setup, so you can test deletion end to end.

2. Connect your Lastpass account to Torii

After Torii spins up your environment, connect your Lastpass tenant in a few clicks through the Integrations page. Here are the instructions for the Lastpass integration.

torii lastpass dashboard

3. Create a Torii workflow for Lastpass

Within Torii, build an automated workflow that deletes a user in Lastpass whenever the defined trigger runs. Open the Workflows tab, set the trigger, and add the action to remove the user. After that, whenever the conditions match, Lastpass updates on its own.

creating lastpass workflows in torii

Use Lastpass’s API

Removing an employee or orphaned account is fast when you use the LastPass Enterprise API directly. No browser clicks needed.

1. Gather what LastPass needs

  • Company ID (cid)
  • Provisioning hash (provhash)
  • Username you want gone

You’ll find the first two in the Admin Console under Advanced Options → Enterprise API.

2. Build the delete payload

Start by creating a small JSON file named delete_user.json on your workstation. A basic template looks like:

{
    "cid": 123456, // your company ID
    "provhash": "YOUR_PROV_HASH", // your provisioning hash
    "cmd": "delete", // API command
    "data": [
        {
            "username": "[email protected]",
            "deleteVault": 1 // 1 purges the vault, 0 keeps it for recovery
        }
    ]
}

Keep a few practical details in mind before you post the file:

  • cmd can be delete for a single user or bulkdelete for many.
  • Leaving out deleteVault only disables the account; adding deleteVault = 1 wipes everything.

3. Post the request to LastPass

From any machine with curl (or Postman, or your favorite client):

curl -X POST https://lastpass.com/enterpriseapi.php \
-H "Content-Type: application/json" \
--data @delete_user.json

4. Check the reply

If the request works, LastPass returns a response similar to this:

{
    "Delete": [
        {
            "username": "[email protected]",
            "success": true
        }
    ],
    "status": "OK"
}

If success is false, the message field explains why, often a typo in the username or a bad hash.

5. Confirm the user is really gone

To confirm, run a quick listusers call and make sure the user vanished:

{
    "cid": 123456,
    "provhash": "YOUR_PROV_HASH",
    "cmd": "listusers"
}

At that point, the user’s email should no longer appear in the list. If it does, rerun the delete with deleteVault set to 1 or double-check for stray spaces in the username.

Torii for SaaS Management

Looking to finally gain clear, measurable control over every corner of your sprawling SaaS environment today?

Torii’s SaaS Management Platform lets you:

  • Discover shadow IT: Automated monitoring continuously scans your organization, quickly flags unapproved apps, and logs them for review before risk spreads.
  • Reduce spending: Reclaim budget by cutting unused licenses, consolidating overlapping tools, and pushing vendors for fair, usage-based pricing.
  • Automate onboarding/offboarding: Remove manual busywork and reduce errors with fully automated user-join, move, and exit workflows that run in minutes.
  • Never miss a renewal: Proactive alerts land well before contract deadlines, giving you breathing room to negotiate terms or cancel unused services.

Torii unifies SaaS data in one dashboard that Finance, IT, and Security teams can trust and act on.

See the platform in action and get answers to your questions at Torii, then decide if it’s right for your team.

Frequently Asked Questions

You can delete a LastPass user through the Admin Console, Shared Folder settings, or the Enterprise API. Open Admin Console, find the user, choose Delete, confirm, then reassign any orphaned shared folders to maintain access continuity.

Yes. After connecting your LastPass tenant inside Torii, you can build a workflow that automatically deletes users when a trigger fires—such as off‑boarding, role change, or contract end—saving admins time and ensuring accounts close instantly.

When you delete a user, their personal vault items and shared‑folder permissions disappear immediately. Any shared folder they owned shows "No Owner" until you assign it to another admin or user, preventing abandoned data.

Yes. The Enterprise API supports the "bulkdelete" command. Supply your company ID, provisioning hash, and a data array listing each username, then POST the JSON to lastpass.com/enterpriseapi.php. Setting "deleteVault":1 purges every listed vault in one request.

You need three items: your company ID (cid), your provisioning hash (provhash), and the exact username or usernames to act on. Both cid and provhash are found in Admin Console > Advanced Options > Enterprise API.

A SaaS Management Platform centralizes discovery, spend tracking, and workflow automation. With Torii, IT can offboard users across apps in minutes, cut unused licenses, catch renewal dates early, and expose shadow IT, all from one trusted dashboard.