Skip to main content

Addigy Managed Admin (LAPS)

Addigy Managed Admin accounts deployed via OS Users is a Local Admin Password Solution (LAPS) that allows for secure end users machines administrator accounts with rotating, unique, randomized passwords while also preserving the ability to have an administrator account available for the IT technician.

Deploying a Managed Admin Account

  1. Navigate to Catalog -> OS Users -> New
  2. Select Managed Admin from the Type dropdown
 
Screenshot 2025-06-19 at 20.01.46.png
  1. Configure the desired Full Name, Account Name, and Rotation Cadence from the dropdown.
  2. Save the account values
  3. Add this OS User to a policy and deploy

Once deployed the OS user will have a unique password per device that will be rotated in the cadence set in the OS User set up after the cadence period passes, the backend service marks it for rotation, and the device hits it's next audit check-in run.

Note: A Managed Admin OS User cannot be changed/demoted to a regular admin once saved and deployed.

 

Viewing and rotating per device the password for an Addigy Managed Admin

The OS User password can be viewed on the devices GoLive page after the policy containing the Managed Admin account is deployed from the scoped OS Users in the policy.

  1. Navigate to the desired device's GoLive page [Note: Device in question needs to be online for this to populate]
  2. Under the Users tab there will be an account that has the Managed Admin tag
     
  3. Click on the to the right of the destined Managed Admin account under the actions
  4. To view the password choose View Password and the account Username, Full Name, and Password items will appear. To see the unique per device password click on the Show link to the right of the redacted password in the View Password modal. Once the password has been viewed it will rotate after at least one hour.
  5. To rotate the password or view when it was last changed select Rotate Password from the actions dropdown referenced in step 3. The Rotate Password modal will appear on screen, that modal will show the cadence of the password rotation for the user in question, and when the password was last rotated. To rotate on demand choose Rotate Now from the lower right of the Rotate Password modal.
 

Audit password changes

The events Dashboard will show when a password is manually rotated and when an Addigy user views a password in the Addigy portal.

 

Addigy will also log when a LAPS account is created. This is both in the events dashboard and on the device events.

 

 

FAQ

  • When is the Managed Admin user created around ADE (Automated Device Enrollment)?
    • The Managed Admin is made after ADE completes and the Addigy binary is installed on the device
  • Does the Managed Admin have a Secure Token?
    • Yes, but only after a login on an already unlocked disk. If the disk was unlocked via a FV2 bypass code or using another FV2 enabled user the Managed Admin will then have a Secure Token for the duration of that rotation cadence on macOS.
  • Are there reporting events for when a password is shown?
    • Yes, see the above section titled Audit password changes

 

Didn’t find what you’re looking for?

Contact our Support Team