If you're looking to import local administrator accounts by using an account's username as a template, please see Automatic Import for Local Administrator Accounts (Template Account).
Prerequisites
- You have created customers in Quickpass either manually or by importing from IT Glue or Hudu via integration.
- You have installed the CyberQP Agent on systems you wish to pull Local Administrator accounts from.
- Agent Version on the system must be 3.6.5.0 or later for this function to work. Older agents are unsupported and will be skipped until updated.
- NOTE: The concept of this feature is to automatically import account(s) that are on multiple computers in your Customers' environment. You will select local groups to use as a common attribute for all systems in the customer.
- You can have multiple types of sources for Administrative Imports configured.
Steps
- Click on the Customer you want to import accounts into
- Click on the Administrator Accounts Link in the sidebar
- You must first enable the Administrator Account Rotation Schedule. For details on this please see the article How to Setup Scheduled Password Rotation of Service Accounts with External Password Vault.
- Once Rotation Settings are configured, Click on +Add Accounts dropdown and select Automatic Import
- Select Local Account
- You will be shown this screen "Automatic Import Options"
- Turn on the Pause Automatic Import if you want to Pause the Automatic Import (this is greyed out until you have configured the import the first time)
- Turn ON the Password Entry Matching if you want to store Administrator Account Password changes in whichever Password Storage option you have in your Tenant. (Note: This MUST be enabled for the Rotation to function properly) Existing Password entries will be automatically matched by Account Name (username), if they exist, and new Password entries will be created if there is no match. (Note: This option will not be available if you have not yet Integrated the Customer with IT Glue (if applicable) or Integrated the Customer with Hudu.)
NOTE: Quickpass makes extensive use of the ITGlue Category/Hudu Type values for the Automatic Matching process. If you have existing ITGlue/Hudu Password Entries that you want to ensure are automatically matched during import or during the Manual Matching process, please ensure that those entries are updated with the following Category/Type values:Account Source Category/Type Name On Premise Active Directory Active Directory Azure/O365 Office 365 OR Microsoft 365 OR Azure AD OR Azure Active Directory Local Account Local Account If an existing password entry does NOT have the Category/Type values populated, a new Password entry may be pushed into ITGlue/Hudu as a new password entry during an automatic import.
- Turn ON the Enable Password Rotation if you want any newly imported accounts to be Automatically rotated on the schedule you set above. (Note: If you Enable Password Rotation, the Password Entry Matching toggle will automatically be turned on)
NOTE: In Workgroup environments it is common for the End User to be an Administrator. Turn this on at time of import ONLY if you are sure that End Users are NOT set to Administrators on the system.
- Turn on the Pause Automatic Import if you want to Pause the Automatic Import (this is greyed out until you have configured the import the first time)
- You will then be prompted to select what types of Agent Roles you want to automatically import Administrator Accounts for. Select the Agent Roles that are appropriate for your Customers' environment.
- Select the button "Local Groups" button to tell CyberQP to pull accounts by local groups.
- Select the specific groups you are interested in pulling local accounts with. (EG: the "Administrator" group)
- Click "Save & Run" to begin the automatic import process.
- An initial Synchronization will be executed. Any of the selected accounts that exist on any of the Member or Standalone Systems that already have the Agent installed will be imported, and the options you selected on the Auto-Enrollment screen will be enabled.
- If you did NOT enable the Automatic rotation of accounts during the import process, turn ON the Toggle switch for any account that you DO wish to rotate automatically.
- Further Synchronizations will occur every 3 hours. If an agent is installed on a system role that you had selected above in Step 7, those accounts with the same account name will be automatically imported.
Comments
0 comments
Article is closed for comments.