Prerequisites
- Ensure you have followed the IT Glue Integration Setup Guide https://support.getquickpass.com/hc/en-us/articles/360035649393-IT-Glue-Integration-Setup-Guide
- Install the Quickpass server agent on all Windows Servers that contain Windows Services and/or Scheduled Tasks that you wish to rotate. Both Domain Controllers and Member Servers are supported. https://support.getquickpass.com/hc/en-us/articles/360035206994-How-to-install-the-Server-Agent-Manual-and-Silent
Import Administrator Accounts
1. As a Quickpass Administrator, log in to Quickpass and select the Customer you wish to setup scheduled password rotation > Administrator Accounts
2. Select Administrator Accounts menu on the left hand side
3. Click the +IMPORT ACCOUNTS button in the top right hand corner to import Administrator Accounts from Active Directory.
4. If you have both Active Directory and Office 365 connected to the same Quickpass customer you will see an option to import Active Directory or Office 365 accounts. Select the appropriate directory source you wish to import accounts from.
5. Select the Active Directory Organizational Unit (OU) that contains the Administrator Accounts you wish to import.
Note: Only OU's with user objects will appear on this screen.
***If importing from Office 365 skip this step***
6. Select one or more Administrator accounts you wish to import then click Add button when you are done.
7. The newly imported administrator accounts will now appear in the Administrator Accounts menu.
Set Auto Rotation Default Settings
1. Click the Auto Rotate Settings button in the lower left hand corner while in the Administrator Accounts screen.
Caution: The Auto Rotate Settings for Administrator Accounts is separate from the Auto Rotate Settings for Service Accounts. Be sure you have first selected the Administrator Accounts menu before clicking Auto Rotate Settings.
2. Select the customers time zone, time, default number of days and password type (random complex passwords up to 16 characters or random passphrases) for the scheduled password rotation. Then click Save.
Password Type
- Random complex password: This is the default option for password rotation and allows you to choose a password length between 8 and 16 characters. If the Active Directory password policy is greater than 8 characters then you will only be allowed to select a length as low as the password policy minimum.
- Random Passphrases: This is a more secure option which creates passwords that are roughly 30 characters in length using actual words that are easy to read and type. This option will satisfy complexity requirements from both Active Directory and Azure Active Directory / Office 365.
To Enable this option select Enable Passphrases then select either Four Long Words or Five short words from the drop down list.
Four long word passphrase example
Five short word passphrase example
Caution: Some versions of Windows Server Essentials include a built in utility to sync Active Directory passwords with Office 365 / Azure. This utility enforces a maximum password length of 16 characters and therefore passphrases will not work in these cases. Similarly, if you are using an older version of AD Connect from prior to May 2019 when they increased the password length in Azure Active Directory to 256 characters you will experience the same issue. Be sure to test that the Active Directory server supports passwords greater than 16 characters prior to enabling this option.
Match Administrator Accounts to IT Glue Password Entries
1. Click MATCH ACCOUNTS button to connect an Active Directory admin user with an IT Glue password entry.
2. In the Match Administrator Accounts screen you have three options to match a Quickpass account to an IT Glue password entry.
Manually Match
Drag the IT Glue password entry on the left-hand side to the corresponding Quickpass Account on the right-hand side. The entry will turn green in the IT Glue Password Entry column.
Note: The search box for IT Glue only supports exact match searching due to IT Glue's API limitation.
Note: The search box for IT Glue only supports exact match searching due to IT Glue's API limitation.
Auto Match
Click the AUTOMATCH button at the top of the Match Administrator Accounts window.
Quickpass will look for IT Glue password entries that satisfy the following criteria
Active Directory Accounts and Matched AD / O365 Accounts
- Username = samAccountName (Ie. Username = jsmith)
- Username = userPrinpalName (Ie. Username = jsmith@quickpass.local)
- Username = domain\samAccountName (Ie. Username = quickpass\jsmith)
Office 365 Accounts
- Username = userPrincipalName (Ie. Username = jsmith@quickpass.com)
If Quickpass finds suitable matches it will list the results and allow you to select all and click the ADD button to complete the process. If no matches are found you will see a message on screen showing No Matches Found.
Create IT Glue Password Entry
If the IT Glue password entry does not currently exist you have the option for Quickpass to automatically create the password entries for you. To do this click the check boxes to the right of the Quickpass Accounts listed in the table or clicking the All button to select all. Then click the ADD button when done.
Note: The search box for IT Glue only supports exact match searching due to IT Glue's API limitation.
Back in the Accounts screen you will notice the IT Glue icon under the Integration column showing that the account is connected to an IT Glue password entry.
Enable Auto Rotation
1. In the Administrator Accounts screen click the Auto Rotate toggle switch beside the Administrator Account you wish to setup scheduled password rotation for.
The Frequency column will fill in with the default number of days from the Auto Rotate Settings and the date of the next scheduled password rotation will show in the Next Column. The Last column at this time will be blank until the first scheduled password rotation takes place.
The exact time for the scheduled password rotation will be taken from the Auto Rotate settings previously setup.
Alternatively you also have the option to Enable Auto Rotate for all accounts at once. To do this select either use the select all check box or individually select all the Admin user accounts you wish to enable auto rotation for.
Once Complete all the admin accounts you selected to be enabled for auto password rotation have been activated.
Note
- After a password is rotated by Quickpass the password entry in IT Glue will be automatically updated.
- Quickpass resets passwords to a new randomly generated password using the options selected in the Auto Rotate settings for the customer.
- IT Glue will show the audit history of all Password changes including the date, time and by who as well as being able to see the previous passwords which you can refer back to as needed.
Comments
0 comments
Please sign in to leave a comment.