Whether its a full certificate chain or self-signed certificate for intranet usage, OVERLAPS wants to make sure your communications are secure so supports full SSL/TLS (HTTPS) encryption.
Active Directory permissions are notoriously difficult to interpret and manage, so OVERLAPS simplifies this by implementing a easy-to-manage user/group management system and per-OU permissions to make controlling who has access to the LAPS managed passwords much easier.
OVERLAPS simply acts as the intermediary between your users and the LAPS managed passwords in Active Directory. In order to guarantee your service security, it will never record or store any of the passwords.
It requires absolutely no connection to the internet as it doesn't transmit or receive anything either to/from our servers or to those of third parties. This allows you to setup the OVERLAPS computer/server in any security configuration you want, be that completely locked down behind your firewall, or in a DMZ.