Whether its a full certificate chain or self-signed certificate for intranet usage, OVERLAPS wants to make sure your communications are secure so supports full SSL/TLS (HTTPS) encryption.
OVERLAPS now makes use of Google Authenticator to provide Multi-Factor Authentication. When this option is enabled on a user's profile, they will now have to provide an additional One-Time Password code from the Authenticator app on their smartphone before they will be able to login to OVERLAPS.
Active Directory permissions are notoriously difficult to interpret and manage, so OVERLAPS simplifies this by implementing a easy-to-manage user/group management system and per-OU permissions to make controlling who has access to the LAPS managed passwords much easier.
OVERLAPS simply acts as the intermediary between your users and the LAPS managed passwords in Active Directory. In order to guarantee your service security, it will never record or store any of the passwords.
It requires absolutely no connection to the internet as it doesn't transmit or receive anything either to/from our servers or to those of third parties. This allows you to setup the OVERLAPS computer/server in any security configuration you want, be that completely locked down behind your firewall, or in a DMZ.