- You have created customers in Quickpass either manually or by importing from IT Glue or Hudu via integration.
- You have installed the Quickpass Agent on a Domain Controller. (if appropriate) https://support.getquickpass.com/hc/en-us/articles/360035206994-How-to-install-the-Server-Agent-Manual-and-Silent
- You have setup the integration with Office 365 (if appropriate) https://support.getquickpass.com/hc/en-us/articles/360039678373-How-to-Connect-a-Azure-AD-Office-365-tenant-to-a-Quickpass-Customer
- NOTE: The concept of this design is to automatically import Administrative Accounts for Active Directory and/or Office 365. You can have multiple types of Administrative Imports configured.
- Click on the Customer you want to import accounts into
- Click on the Administrator Accounts Link in the left hand panel
- You must first enable the Administrator Account Rotation Schedule. For details on this please see the article: https://support.getquickpass.com/hc/en-us/articles/360038042153-How-to-Setup-Scheduled-Password-Rotation-of-Administrator-Accounts-IT-Glue
- Once Rotation Settings are configured, Click on +ADD Accounts dropdown and select Automatic Import
- You will be shown this screen
- Turn on the Pause Automatic Import if you want to Pause the Automatic Import (this is greyed out until you have configured each import the first time)
- Turn ON the Password Entry Matching if you want to store Administrator Account Password changes in whichever Password Storage option you have in your Tenant. (Note: This MUST be enabled for the Rotation to function properly) Existing Password entries will be automatically matched, by Account Name, if they exist, and new Password entries will be created if there is no match. (Note: This option will not be available if you have not yet Integrated the Customer with IT Glue (if applicable) or Integrated the Customer with Hudu.
- Turn ON the Enable Password Rotation if you want any newly imported accounts to be Automatically rotated on the schedule you set above. (Note: If you Enable Password Rotation, the Password Entry Matching toggle will automatically be turned on)
- When Active Directory is selected you will be shown a list of OUs and Security Groups.
- You can select OU(s), OR Security Group(s) from this screen. If you have a large number of Security Groups in Active Directory, you can search for that group above the Security Group section. OUs or Security Groups that are currently configured for Automatic import via the End Users Automatic Import are greyed out.
NOTE: Nested Security Groups are not supported.
Note: If Administrative accounts are mixed in with other User accounts in the OU structure, a Security group would work best for this scenario.
- After Selecting the Security Group or OU(s) that you want to have imported, click ADD at the top.
NOTE: Administrator Accounts added to Security Groups that are located in the following OU/Containers will not import. Make sure they are in an OU or Container that is supported.
- When Office 365/Azure is selected you will be shown a list of Default and Custom created Administrative Roles.
- Select as many O365/Azure Administrative roles as you would like to have imported. You can search for the role via the search box at the top of the list.
- Once the roles that you want to import have been selected, click ADD at the top of the page.
NOTE: If Office 365 account(s) are BOTH a user account and an Administrator account you would NOT want to enable the Automatic import of the O365/Azure Administrator Group that the End User is a member of. An account that is both End User and Administrative will want to be managed by the End User of that account. Once imported into the End User account screen, you do not want to also import into the Administrator Accounts screen.
- An initial Synchronization will be executed. Any of the selected accounts that exist from the chosen Directory Sources will be imported and displayed on the list. (Note: O365/Azure Accounts that have been added to a Security Role recently may not be imported immediately after configuring this because the account security role has not fully replicated throughout the Azure Environment)
- Further Synchronizations will occur every hour for each import type, independently. If an account is later added to any of those groups or AD OU(s) they will be imported within 1 hour of the creation.
Troubleshooting Automatic Matching to IT Glue, or Hudu.
On occasion the automatic import process may have troubles with matching to IT Glue, or Hudu.
Holding your mouse over the Automatic Import Status icon will show you the cause of the matching error.
- Manually match the accounts shown to the appropriate Integration that has failed to automatically create a match.
- Click Match Accounts at the top of the End User Accounts screen
- Select the Automatch Button at the top of the screen
- If a "More than one Match" message is shown, click on the link and select the appropriate account.
- If no matches are found when clicking the Automatch button, click the check boxes for adding the IT Glue or Hudu entry, and click the Add button in the top left.
- You should now see the Integration Column displaying the ITGlue or Hudu Icon.
- You will now need to turn on the rotation for those accounts that you want to have rotated on the defined schedule by turning the Auto Rotate toggle on.
Adjusting the Automatic Import Settings
At times, you may want to adjust the Automatic Import Settings.
- Automatic Import of Standardized Local Administrator Accounts - https://support.getquickpass.com/hc/en-us/articles/4403760615703-Automatic-Import-for-Local-Administrator-Accounts