> ## Documentation Index
> Fetch the complete documentation index at: https://docs.idemeum.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Guide - LAPS for Entra ID

> Set up break-glass account management for your customer Entra ID tenants.

## What is LAPS for Entra ID?

In this guide we will set up the Cloud LAPS feature that is part of the [Privileged Access Management (PAM)](/pam-for-msps-overview) offering for MSPs.

Cloud LAPS allows you to create break-glass / emergency accounts for all Entra ID tenants connected to idemeum. You first create an organization in idemeum, then you connect Entra ID tenant to that organization, and enable LAPS to create `Global admin` account and rotate passwords every `24 hours`.

Credentials are store in demeum zero-knowledge cloud vault.

<Note>
  Idemeum cloud is end-to-end encrypted, meaning our team does not see the passwords of your customers.
</Note>

## Set up LAPS for Entra ID

<Info>
  We are assuming you already have your MSP idemeum cloud tenant provisioned. If not, reach out to our [support](/support) team for help.
</Info>

<Steps>
  <Step title="Create idemeum child tenant">
    As a first step you need to create a child organization in your parent MSP tenant.

    * Login to MSP admin portal
    * Navigate to `Tenants` and create a child organization

    <Info>
      More information about how to [create](/multi-tenant-portal/multi-tenant-portal-overview) a child organization.
    </Info>
  </Step>

  <Step title="Connect Entra ID tenant to idemeum child tenant">
    In this step we need to connect Entra ID tenant to the organization we just created so that idemeum could create and manage lifecycle of admin accounts.

    Please follow this page to [connect Entra ID tenant](/jit-entra/configure-jit-for-entra).
  </Step>

  <Step title="Enable LAPS for Entra ID">
    Once you connect the application to idemeum, please make sure you configure LAPS for Entra in the configuration. You need to enable it and specify the account name to use.

    <img src="https://mintcdn.com/idemeum/q9vuvyjdGpQu3RHR/images/llaps.png?fit=max&auto=format&n=q9vuvyjdGpQu3RHR&q=85&s=824b7c7e2dabc87c6acdb1730ecb95f9" alt="Llaps" width="3002" height="2090" data-path="images/llaps.png" />
  </Step>

  <Step title="View Entra LAPS credentials">
    You can now view LAPS credentials for Entra ID. Navigate to your idemeum app portal for child organization (click on the top right), search for Entra application, click on it and choose `View LAPS credentials`.

    <img src="https://mintcdn.com/idemeum/WXRY2FMFwfuyyJxa/images/mlaps.png?fit=max&auto=format&n=WXRY2FMFwfuyyJxa&q=85&s=000e016a1e3033ff3aaf660fc6640d64" alt="Mlaps" width="3002" height="2090" data-path="images/mlaps.png" />
  </Step>
</Steps>