Prerequisites

• Install the Quickpass agent on the systems that have accounts you wish to rotate passwords for. https://support.getquickpass.com/hc/en-us/articles/360035206994-How-to-install-the-Server-Agent-Manual-and-Silent 

  IT Glue	Hudu
  Ensure you have followed the IT Glue Integration Setup Guide (if you use IT Glue) https://support.getquickpass.com/hc/en-us/articles/1500009501742-IT-Glue-Integration-Setup-Guide-New	Ensure you have followed the Hudu Integration Setup Guide (if you use Hudu) https://support.getquickpass.com/hc/en-us/articles/4408662234519-Hudu-Integration-Setup-Guide
  Ensure you have completed all steps to match Accounts to IT Glue https://support.getquickpass.com/hc/en-us/articles/1500012161922-IT-Glue-Matching-Administrator-Service-and-End-User-Accounts Important - IT Glue Password Vault: Passwords from IT Glue that are added to the IT Glue host proof Vault are not supported. In this case neither IT Glue or Quickpass will have the ability to read and/or update the password for any matched accounts. Important - IT Glue Password Security set to "Only Me": Passwords in IT Glue that have visibility security set to "Only Me" are not supported as this setting will move the password entry to the "Personal" password entries list.	Ensure you have completed all steps to match Accounts to Hudu https://support.getquickpass.com/hc/en-us/articles/4408663929239-Hudu-Matching-Administrator-Service-and-End-User-Accounts

Set Auto Rotation Default Settings

1. Click the Rotate Settings - Administrator button in the lower left hand corner while in the Administrator Accounts screen. 

Rotate Settings for Administrator Accounts is separate from the Rotate Settings for Service Accounts. You can now adjust the settings for BOTH types of accounts from either the Administrator Accounts or Service Accounts screen.

2. Select the customer's Time Zone, Time, default number of Days between rotations and Password Type (random complex passwords up to 99 characters or random passphrases) for the scheduled password rotation. Then click Save.

Password Type

- Random complex password: This is the default option for password rotation and allows you to choose a password length between 8 and 99 characters. If the Active Directory password policy is greater than 8 characters then the slider/character count will start at the minimum password length and you will only be allowed to select a length as low as the password policy minimum.  Type the number of characters you want to use, or use the slider to select the Random Complex Character Password length.

- Random Passphrases: This is a more secure option which creates passwords that are roughly 30 characters in length using actual words that are easy to read and type. This option will satisfy complexity requirements from both Active Directory and Azure Active Directory / Office 365.

To Enable this option select either Four Long Words or Five Short Words from the appropriate radio button. 

Four long word passphrase example

Five short word passphrase example

Caution: Some versions of Windows Server Essentials include a built in utility to sync Active Directory passwords with Office 365 / Azure. This utility enforces a maximum password length of 16 characters and therefore passphrases will not work in these cases. Similarly, if you are using an older version of AD Connect from prior to May 2019 when they increased the password length in Azure Active Directory to 256 characters you will experience the same issue. Be sure to test that the Active Directory server supports passwords greater than 16 characters prior to enabling this option. 

Enable Auto Rotation

1. In the Administrator Accounts screen click the Auto Rotate toggle switch beside the Administrator Account you wish to setup scheduled password rotation for. 

The Frequency column will populate with the default number of days from the Auto Rotate Settings and the date of the next scheduled password rotation will show in the Next Column. The Last column at this time will be blank until the first scheduled password rotation takes place. 

The exact time for the scheduled password rotation will be taken from the Auto Rotate settings previously setup.

Alternatively you also have the option to Enable Auto Rotate for all accounts at once. To do this select either use the select all check box or individually select all the Admin user accounts you wish to enable auto rotation for. 

Once Complete all the admin accounts you selected to be enabled for auto password rotation have been activated. 

Note

• After a password is rotated by Quickpass the password entry in IT Glue or Hudu will be automatically updated. 
• Quickpass resets passwords to a new randomly generated password using the options selected in the Auto Rotate settings for the customer. 
• IT Glue or Hudu will show the audit history of all Password changes including the date, time and by who as well as being able to see the previous passwords which you can refer back to as needed. 

Next Steps:

• Scheduled Password Rotations - https://support.getquickpass.com/hc/en-us/articles/9907473165975-Password-Rotation-Retry