Skip to main content


Quick-start - Cloud LAPS for computer accounts

In this guide we will set up cloud LAPS so that you can protect your break-glass local and domain admin accounts with automated password rotation.

1. Prepare your MSP tenant

First and foremost sign up for idemeum cloud tenant and make sure you orient yourself with basic set up, such as adding technicians, creating customer tenants for your MSP, setting up branding and more. We have created a basic MSP tenant set up guide.

Quick-start - MSP tenant set up guide
In this guide we will configure your MSP tenant with basic settings - technicians onboarding, user management, branding, customer tenant creation, and more.

2. Configure customer tenant

Now access the customer tenant you created in the previous step. You can directly navigate to a customer tenant URL at customer-<your msp domain> or navigate to your MSP postal, Customers section and click on the link from there.

Enable local directory for customer tenant

  • Navigate to Users → User source
  • Choose Local from the dropdown and Save the configuration

Enable LAPS for customer tenant

Follow the steps below to configure LAPS for customer tenant.

Configure cloud LAPS
In this guide we will take a look at how you can enable LAPS for local and domain admin accounts.

3. Install idemeum desktop application

Now you can install idemeum desktop application to a customer workstation.

If you want to rotate local admin accounts on local and domain-joined workstations only, then install idemeum desktop client only on these workstations.

If you want to also rotate domain admin account, install idemeum desktop client on domain controller.

Follow the steps below to install idemeum desktop client with command line.

Command-line installation
This guide demonstrates how you can install idemeum desktop client with a command line command.

4. View LAPS credentials

You can now view LAPS credentials for workstations.

View LAPS credentials
Who can view LAPS credentials Today only MSP tenant admins have access to LAPS credentials: * If you onboard a technician and promote him to MSP tenant admin, he will have access to all LAPS credentials of all customers * If you onboard a technician, and delegate access to customer tenant directly,


If you have any questions please join our Discord chat, and we will help.