- Install the Quickpass agent on the systems that have accounts you wish to rotate passwords for. https://support.getquickpass.com/hc/en-us/articles/360035206994-How-to-install-the-Server-Agent-Manual-and-Silent
Ensure you have followed the IT Glue Integration Setup Guide (if you use IT Glue)
Ensure you have followed the Hudu Integration Setup Guide (if you use Hudu)
Ensure you have completed all steps to match Accounts to IT Glue
- Important - IT Glue Password Vault: Passwords from IT Glue that are added to the IT Glue host proof Vault are not supported. In this case neither IT Glue or Quickpass will have the ability to read and/or update the password for any matched accounts.
- Important - IT Glue Password Security set to "Only Me": Passwords in IT Glue that have visibility security set to "Only Me" are not supported as this setting will move the password entry to the "Personal" password entries list.
Ensure you have completed all steps to match Accounts to IT Glue or Hudu
Set Auto Rotation Default Settings
1. Click the Auto Rotate Settings button in the lower left hand corner while in the Administrator Accounts screen.
Caution: The Auto Rotate Settings for Administrator Accounts is separate from the Auto Rotate Settings for Service Accounts. Be sure you have first selected the Administrator Accounts menu before clicking Auto Rotate Settings.
2. Select the customers time zone, time, default number of days and password type (random complex passwords up to 16 characters or random passphrases) for the scheduled password rotation. Then click Save.
- Random complex password: This is the default option for password rotation and allows you to choose a password length between 8 and 16 characters. If the Active Directory password policy is greater than 8 characters then you will only be allowed to select a length as low as the password policy minimum.
- Random Passphrases: This is a more secure option which creates passwords that are roughly 30 characters in length using actual words that are easy to read and type. This option will satisfy complexity requirements from both Active Directory and Azure Active Directory / Office 365.
To Enable this option select Enable Passphrases then select either Four Long Words or Five short words from the drop down list.
Four long word passphrase example
Five short word passphrase example
Caution: Some versions of Windows Server Essentials include a built in utility to sync Active Directory passwords with Office 365 / Azure. This utility enforces a maximum password length of 16 characters and therefore passphrases will not work in these cases. Similarly, if you are using an older version of AD Connect from prior to May 2019 when they increased the password length in Azure Active Directory to 256 characters you will experience the same issue. Be sure to test that the Active Directory server supports passwords greater than 16 characters prior to enabling this option.
Enable Auto Rotation
1. In the Administrator Accounts screen click the Auto Rotate toggle switch beside the Administrator Account you wish to setup scheduled password rotation for.
The Frequency column will fill in with the default number of days from the Auto Rotate Settings and the date of the next scheduled password rotation will show in the Next Column. The Last column at this time will be blank until the first scheduled password rotation takes place.
The exact time for the scheduled password rotation will be taken from the Auto Rotate settings previously setup.
Alternatively you also have the option to Enable Auto Rotate for all accounts at once. To do this select either use the select all check box or individually select all the Admin user accounts you wish to enable auto rotation for.
Once Complete all the admin accounts you selected to be enabled for auto password rotation have been activated.
- After a password is rotated by Quickpass the password entry in IT Glue or Hudu will be automatically updated.
- Quickpass resets passwords to a new randomly generated password using the options selected in the Auto Rotate settings for the customer.
- IT Glue or Hudu will show the audit history of all Password changes including the date, time and by who as well as being able to see the previous passwords which you can refer back to as needed.