> ## Documentation Index
> Fetch the complete documentation index at: https://docs.idemeum.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Quickstart - Cloud LAPS

> Set up break-glass password rotation for computers and Entra tenants.

## What is LAPS for computers?

Cloud LAPS allows you to create break-glass / emergency accounts on all customer workstations (including domain controllers), automatically rotate passwords for these accounts every `24 hours`, and store the credentials in idemeum zero-knowledge cloud vault.

<Card title="Cloud LAPS overview" icon="page" horizontal href="/jit/cloud-laps-overview">
  Full documentation section for Cloud LAPS
</Card>

## Get started with Cloud LAPS

### LAPS for computers

In this section we will set up break-glass account rotation on workstations. We will need to enable LAPS and install idemeum control agent on workstations.

<Steps>
  <Step title="Sign up for idemeum tenant">
    Sign up for free idemeum IT or MSP tenant on our website → [idemeum.com](https://idemeum.com)
  </Step>

  <Step title="(MSP) - Create child tenant">
    If you are an MSP, please create a child tenant / organization. 

    * Login to your MSP admin portal
    * Navigate to `Tenants` → click `Add tenant` and choose manually
    * Provide subdomain and display names and save the configuration

          <img src="https://mintcdn.com/idemeum/NHk_znfdxs-hO07k/images/CleanShot-2026-05-27-at-10.40.29@2x.png?fit=max&auto=format&n=NHk_znfdxs-hO07k&q=85&s=f67c477bb503262d86f18103b092280c" alt="Clean Shot 2026 05 27 At 10 40 29@2x" width="3244" height="2142" data-path="images/CleanShot-2026-05-27-at-10.40.29@2x.png" />
  </Step>

  <Step title="Configure LAPS settings">
    * In your tenant navigate to `Control settings` → `JIT access` and scroll down to the LAPS section
    * Enable LAPS (you can enable LAPS for workstations to rotate local admin accounts, and for domain controllers to rotate domain admin accounts)
    * Specify the account name to use (if account exists, it will be taken over for password rotation)

          <img src="https://mintcdn.com/idemeum/ic7ypocvP2wwD2eH/images/CleanShot-2026-05-27-at-11.19.17@2x.png?fit=max&auto=format&n=ic7ypocvP2wwD2eH&q=85&s=78b99b4557b77a3cbad47205292597fb" alt="Clean Shot 2026 05 27 At 11 19 17@2x" width="3244" height="2142" data-path="images/CleanShot-2026-05-27-at-11.19.17@2x.png" />
  </Step>

  <Step title="Grab installation command to deploy agents">
    <Warning>
      macOS agent deployment requires privacy and security permissions so it is recommended to deploy the agent with an MDM profile. 
    </Warning>

    Click on the `Install agent` → choose `Control agent` and copy the installation command for Windows or macOS. 

    <img src="https://mintcdn.com/idemeum/NHk_znfdxs-hO07k/images/CleanShot-2026-05-27-at-10.46.44@2x.png?fit=max&auto=format&n=NHk_znfdxs-hO07k&q=85&s=375b42ec485b444929631c2a2567620c" alt="Clean Shot 2026 05 27 At 10 46 44@2x" width="3244" height="2142" data-path="images/CleanShot-2026-05-27-at-10.46.44@2x.png" />
  </Step>

  <Step title="View LAPS credentials">
    Navigate to `Devices` table and search for the device agent that you installed, click on `...` and choose `View LAPS credentials`.

    <img src="https://mintcdn.com/idemeum/ic7ypocvP2wwD2eH/images/CleanShot-2026-05-27-at-11.21.26@2x.png?fit=max&auto=format&n=ic7ypocvP2wwD2eH&q=85&s=7c777e6bea54c242e02a9079d7dba2ad" alt="Clean Shot 2026 05 27 At 11 21 26@2x" width="3244" height="2142" data-path="images/CleanShot-2026-05-27-at-11.21.26@2x.png" />
  </Step>
</Steps>

### LAPS for Entra ID

In this section we will configure break-glass password rotation for Microsoft Entra ID tenants. We will need to connect Entra ID tenant to idemeum tenant to create accounts and rotate passwords.

<Steps>
  <Step title="Connect Entra ID to idemeum tenant">
    At this step you need to create an application in Entra ID tenant and set up idemeum to connect to M365 tenant using that application.

    Follow these [steps](/jit/jit-for-entra-configuration) to perform this configuration.
  </Step>

  <Step title="Make sure LAPS is enabled">
    At the bottom of the Entra ID application configuration make sure you have LAPS enabled and the account name specified.

    <img src="https://mintcdn.com/idemeum/1S9caR2rNdnNfjbA/images/CleanShot-2026-05-27-at-11.51.54@2x.png?fit=max&auto=format&n=1S9caR2rNdnNfjbA&q=85&s=e3b14c8e9a8f9abc2a73589629278249" alt="Clean Shot 2026 05 27 At 11 51 54@2x" width="3244" height="2142" data-path="images/CleanShot-2026-05-27-at-11.51.54@2x.png" />
  </Step>

  <Step title="View Entra ID LAPS credentials">
    * Navigate to the customer / organization user portal
    * Search for Entra ID application and click on `...`
    * Choose `View LAPS credentials`

          <img src="https://mintcdn.com/idemeum/1S9caR2rNdnNfjbA/images/CleanShot-2026-05-27-at-11.52.46@2x.png?fit=max&auto=format&n=1S9caR2rNdnNfjbA&q=85&s=aed5f2f45f874eb0e2b3f9aa027d62fc" alt="Clean Shot 2026 05 27 At 11 52 46@2x" width="3244" height="2142" data-path="images/CleanShot-2026-05-27-at-11.52.46@2x.png" />
  </Step>
</Steps>