customization for JAMF LAPS

New Contributor III

with Jamf 10.50 pro cloud now, we have JAMF laps using JAMF api. (

however, i do have 2 question.

1. Can we define the password requirement for JAMF laps? 

Lets say I want so that the password will only have 15 characters and it only have upper case, lower case and number. can i define this?

2. I had a look of this post. ( and I was wondering can we parse/escrow the password from JAMF LAPS to some extension attributes? By doing this, any admins who can login to jamf pro portal would be able to see the admin password. 


Valued Contributor II

1. Not at this time. I would file a feature request as that sounds like a great idea. (The current password is fine if you can copy/paste).

2. While you COULD write a script/EA that calls the API and then pushes the password to an EA, it probably wouldn't work very well. As soon as you retrieve the LAPS via API, a 60 minute (by default) clock starts. At 60 minutes, the password will be rotated, so chances are anything uploaded to an EA would be outdated before someone needed it. The LAPS password is meant to be used when it is retrieved. 

Hopefully Jamf will eventually add the LAPS password to the GUI with the permissions similar to the Personal Recovery Key.  

New Contributor III

Someone wrote a EA for LAPS:

I don't use it as per @Tribruin comment, it will be out of date quickly.  I instead altered it to retrieve the password and show in a swift dialog for 20 secs and added it to a policy.  Made it available via Self Service for all our engineers to see only

New Contributor III

For the password rotation, i actually change the jamf laps api to below

so that password rotation time would be 8 hours and rotating once every week

{  "autoDeployEnabled": true,
"passwordRotationTime": 28800,
"autoRotateEnabled": true,
"autoRotateExpirationTime": 604800 }


New Contributor III

as far as feature request, i believe this has been mention in here

New Contributor II

 You can retrieve the LAPS password with this tool from the JSS