Local admin credentials have always been a weak link in enterprise security. They are inevitably (and often) shared, rarely rotated, and easily overlooked. A single exposed local admin password can grant attackers unrestricted access to a device or, worse, an entire network.
At Scalefusion, our focus with OneIdP has been to close these access gaps by unifying identity, device, and endpoint controls. This is why we are excited to announce the latest addition to OneIdP – OneIdP LAPS (Local Administrator Password Solution). This new feature helps take a significant step forward in securing local accounts while simplifying how IT manages them.
With OneIdP LAPS, IT teams can now automatically manage and secure local administrator credentials across Windows and macOS devices. The solution ensures that every local admin password is:
- Securely stored within OneIdP
- Automatically rotated after use or at defined intervals
- Centrally managed with complete visibility and audit history
Administrators have granular control over which local accounts are managed by LAPS, how frequently passwords rotate, and what actions are taken when changes occur. In many cases, admins or field technicians need quick access to local credentials for troubleshooting. OneIdP LAPS simplifies this with a self-service option.
IT admins can share a one-time-use code, allowing users to view the local admin password securely and temporarily. Once used, the password is automatically rotated as per the configured settings, ensuring no credentials remain static.
Smarter Local Admin management
Beyond basic password rotation, OneIdP LAPS brings automation and self-healing capabilities:
- Account restoration: If a managed admin account is deleted, OneIdP can automatically recreate it.
- Privilege enforcement: If a scoped account is downgraded from the Admin group, OneIdP re-upgrades it.
- Password reset enforcement: If a local password is changed manually, it’s automatically reset to policy-defined credentials.
These capabilities ensure consistent policy enforcement without manual intervention, helping IT teams maintain compliance effortlessly.
Visibility and Audit Reporting
Transparency is key to maintaining trust and control. To ensure this, OneIdP LAPS includes detailed reporting and audit trails, covering every password retrieval, rotation event, and admin activity. IT teams can also view the history of the last five passwords for each device, ensuring traceability during audits or investigations. On macOS, users with Just-In-Time (JIT) Admin access can also view local admin passwords directly, maintaining flexibility without compromising control.
Unified Identity and Endpoint Security
With OneIdP LAPS, password hygiene becomes part of your broader identity strategy. It closes one of the last open loops in endpoint security – local admin management. It not only protects endpoints from local credential misuse but also complements OneIdP’s zero-trust approach, ensuring every identity and device is continuously verified and secure.
By embedding password rotation, verification, and reporting into your identity framework, OneIdP LAPS ensures that trust isn’t assumed; it’s continuously maintained. This is unified security in action: automated, auditable, and built for a zero-trust world.
We invite you to explore OneIdP LAPS and experience how automated local admin management can strengthen your organization’s endpoint security posture while freeing IT from repetitive, error-prone manual tasks.
