Prerequisites
- Install the Quickpass agent on the systems that have accounts you wish to rotate passwords for. https://support.getquickpass.com/hc/en-us/articles/360035206994-How-to-install-the-Server-Agent-Manual-and-Silent
- Alternatively, setup the Office 365 integration. https://support.getquickpass.com/hc/en-us/articles/360039678373-How-to-Connect-a-Azure-Office-365-tenant-to-Quickpass-Customer
Set Auto Rotation Default Settings
1. Click the Admin Rotation button in the lower left hand corner while in the Administrator Accounts screen. This only needs to be done once before the first scheduled password rotation is enabled and the settings will apply to all accounts within the Administrator Accounts menu.
Rotate Settings for Administrator Accounts is separate from the Rotate Settings for Service Accounts. You can now adjust the settings for BOTH types of accounts from either the Administrator Accounts or Service Accounts screen.
2. Select the customer's Time Zone, Time, default number of Days between rotations and Password Type (random complex passwords up to 99 characters or random passphrases) for the scheduled password rotation. Then click Save.
Password Type
- Random complex password: This is the default option for password rotation and allows you to choose a password length between 8 and 99 characters. If the Active Directory password policy is greater than 8 characters then the slider/character count will start at the minimum password length and you will only be allowed to select a length as low as the password policy minimum. Type the number of characters you want to use, or use the slider to select the Random Complex Character Password length.
- Random Passphrases: This is a more secure option which creates passwords that are roughly 30 characters in length using actual words that are easy to read and type. This option will satisfy complexity requirements from both Active Directory and Azure Active Directory / Office 365.
To Enable this option select either Four Long Words or Five Short Words from the appropriate radio button.
Four long word passphrase example
Five short word passphrase example
Caution: Some versions of Windows Server Essentials include a built in utility to sync Active Directory passwords with Office 365 / Azure. This utility enforces a maximum password length of 16 characters and therefore passphrases will not work in these cases. Similarly, if you are using an older version of AD Connect from prior to May 2019 when they increased the password length in Azure Active Directory to 256 characters you will experience the same issue. Be sure to test that the Active Directory server supports passwords greater than 16 characters prior to enabling this option.
Import Administrator Accounts
1. As a Quickpass Administrator, log in to Quickpass and select the Customer you wish to setup scheduled password rotation > Administrator Accounts
2. Select Administrator Accounts menu on the left hand side
3. Click the +Add Accounts button in the top right hand corner to import Administrator Accounts.
4. If you have more than one directory source setup with the Quickpass Customer you will be prompted to choose which directory you wish to import accounts from such as Active Directory, Office 365 or Local Accounts. Select the appropriate directory source you wish to import accounts from.
5a. Active Directory: Select the Organizational Unit (OU) that contains the Administrator Accounts you wish to import.
Note: Only OU's with user objects will appear on this screen.
***Skip this step if importing from Office 365 or Local Accounts***
Then select one or more Administrator accounts you wish to import then click Add button when you are done.
5b. Office 365: Select one ore more Office 365 accounts and click the ADD button when done.
***Skip this step if importing from Active Directory or Local Accounts***
5c. Local Accounts: Click the server or workstation where you want to import the local account from.
***Skip this step if importing from Office 365 or Active Directory***
Select one ore more Local accounts and click the ADD button when done.
6. The newly imported administrator accounts will now appear in the Administrator Accounts menu.
Enable Auto Rotation
1. In the Administrator Accounts screen click the Auto Rotate toggle switch beside the Administrator Account you wish to setup scheduled password rotation for.
The Frequency column will populate with the default number of days from the Auto Rotate Settings and the date of the next scheduled password rotation will show in the Next Column. The Last column at this time will be blank until the first scheduled password rotation takes place.
The exact time for the scheduled password rotation will be taken from the Auto Rotate settings previously setup.
Alternatively you also have the option to Enable Auto Rotate for all accounts at once. To do this select either use the select all check box or individually select all the Admin user accounts you wish to enable auto rotation for.
Once complete all the admin accounts you selected to be enabled for auto password rotation have been activated.
Note
- After a password is rotated by Quickpass the password entry will be saved in the Passwords Menu or you can click the account to drill down to the saved password.
- The QP Status will change to Success after the rotation is successfully completed. Conversely, if the password rotation failed the QP Status will show failed.
- Logs for the password rotations are included in the Events menu to see confirmations and/or to troubleshoot issues.
Access the Password after its Rotated
Option 1 - Passwords Menu
1. Click the Passwords Menu on the left hand side
2. Select the account you wish to access the Password for.
3. View the current and previous previsions as needed. Click the eye icon to decrypt the password.
Option 2 - Click on the Account
1. Navigate to the account you wish to access the password for in the Administrator Accounts menu.
2. Hover the mouse over the account you wish to access the password for so that the row is highlighted then click to access the password screen for that account.
3. View the current and previous previsions as needed. Click the eye icon to decrypt the password.
NOTE: As of June 20, 2022 accounts removed from the Active Directory OU or Security Group, will be removed from the Administrator Accounts screen.
Next Steps
- Quickpass Password Vault - Securing Passwords: https://support.getquickpass.com/hc/en-us/articles/5414744454295-Quickpass-Password-Vault-Security
- Scheduled Password Rotation Rety - https://support.getquickpass.com/hc/en-us/articles/9907473165975-Password-Rotation-Retry
Comments
0 comments
Please sign in to leave a comment.