LastPass has introduced a new feature that enables its password management service to monitor shadow software as a service, or SaaS, usage among employees. This capability aims to help small and midsize enterprises manage the risks and costs associated with unauthorized software use, particularly as more employees turn to artificial intelligence tools to enhance productivity. The new Business Max tier, which includes SaaS monitoring, will be priced at nine dollars per user per month, a slight increase from the seven dollars per user per month charged for the current Business Edition. LastPass’s chief product officer, Don MacLennan, stated that detecting which applications employees are accessing is a challenge traditionally addressed by expensive technology, which many mid-size enterprises cannot afford. As organizations increasingly rely on password managers to enforce credential management best practices, LastPass’s new service aims to provide these companies with critical visibility into their software usage patterns.
Why do we care?
LastPass’s move to add SaaS monitoring capabilities to its Business Max tier isn’t just a feature bump—it’s a strategic expansion into adjacent territory typically occupied by tools like Augmentt, SaaS Alerts, or Zluri. By using its position as a credential gatekeeper, LastPass is now offering lightweight shadow IT detection aimed squarely at cost-conscious SMBs and midmarket companies.
LastPass leverages its unique position. Sitting at the entry point of credentials gives LastPass first-party insight into what apps are actually being accessed, without requiring endpoint agents or complex integrations. That lowers the barrier to adoption for customers who already use LastPass for password management.
It won’t displace full-featured platforms like Augmentt or SaaS Alerts, but for MSPs serving small clients or just getting started with SaaS security, it may be “good enough”—especially when cost and simplicity trump depth. The real question: Will LastPass play nice with others, or try to own the visibility stack?