LAPS for computers

Overview

When idemeum desktop agent is installed and Cloud LAPS is enabled, agent generates local admin or domain admin (on domain controllers) account, sets random password, encrypts credentials locally with master key and uploads to idemeum zero-knowledge vault. Moreover, account passwords are secured with daily password rotation. Technicians who are entitled to view these credentials can always retrieve them from idemeum portal.

Configure LAPS for computers

• Access customer tenant where you would like to enable LAPS for computers
• Access Settings → PAM

• You can now configure LAPS for local and domain computer accounts:
  • Local admin accounts - if you enable this option, idemeum will automatically secure and rotate passwords for local admin accounts on each domain-joined and local workstation. By default the account to be used is Administrator, however you can specify any account you like. If the account exists, idemeum will take over and will start rotating passwords. If account does not exist, idemeum will create the specified account.
  • Domain admin accounts - when enabled, and when idemeum is installed on domain controller, idemeum will start rotating the domain admin account password. By default the account to be used is Administrator, however you can specify any account you like. If the account exists, idemeum will take over and will start rotating passwords. If account does not exist, idemeum will create the specified account.
• Once enabled and accounts are specified, Save the configuration

View LAPS computer accounts

• Navigate to customer tenant and access user portal
• Find the device you want to view LAPS credentials for and click on ...
• Choose View LAPS credentials