Concept
Accounts with Administrative Permissions in your Customer Directory Source will need to be imported to the dashboard in order to rotate or have the password changes tracked. The Automatic import runs on a 3 hour schedule starting from the initial import. Manually executed Imports (see below) will reset this 3 hour timer. This ongoing import process ensures that existing and newly created Accounts with Administrative Permissions are maintained within the Dashboard and you are able to ensure password changes are recorded.
Prerequisites
- You have created customers in Quickpass either manually or by importing from IT Glue or Hudu via integration.
- You have installed the Quickpass Agent on a Domain Controller. (if appropriate) https://support.getquickpass.com/hc/en-us/articles/360035206994-How-to-install-the-Server-Agent-Manual-and-Silent
- You have setup the integration with Office 365 (if appropriate) https://support.getquickpass.com/hc/en-us/articles/360039678373-How-to-Connect-a-Azure-AD-Office-365-tenant-to-a-Quickpass-Customer
-
NOTE: The concept of this design is to automatically import Administrative Accounts for Active Directory and/or Office 365. You can have multiple types of Administrative Imports configured.
-
NOTE: As of August 1, 2025, we recommend using Automatic Import Policies to manage the import of accounts. This KB has been modified to indicate a Customer Specific Automatic Import that is NOT a member of a Policy.
Active Directory
M365/Azure/Entra
Local Admin
- Click on the Customer you want to import accounts into
- Click on the Administrator Accounts Link in the left hand panel
- You must first enable the Administrator Account Rotation Schedule. For details on this please see the article: https://support.getquickpass.com/hc/en-us/articles/360038042153-How-to-Setup-Scheduled-Password-Rotation-of-Administrator-Accounts
- Once Rotation Settings are configured, Click on +ADD Accounts dropdown and select Automatic
-
You will be shown this screen
Modify the Automatic Import Options
- Click the Pencil Icon on the far right. (This safeguards against inadvertent toggle changes caused by unintentional clicks.)
- Turn ON the Toggle to Enable Password Rotation (according to the rotation policy you have configured) if you want to have newly imported accounts rotated on the defined schedule.
- Turn ON the Toggle to match to ITGlue or Hudu (depending on the Integration you have configured - if you have the CyberQP Vault this is automatically enabled and cannot be disabled) at the time of new account import.
- CyberQP will attempt to match the imported Administrator account to an existing entry in IT Glue or Hudu.
- If no match is found, a new password entry can be created automatically. You have the option to check the box if you want this to occur.
- Future password updates done in CyberQP will be synced back to IT Glue or Hudu.
-
(Note: This MUST be enabled for the Rotation to function properly) Existing Password entries will be automatically matched, by Account Name, if they exist, and new Password entries will be created if there is no match and you have enabled the checkbox. (Note: This option will not be available if you have not yet Integrated the Customer with IT Glue or Integrated the Customer with Hudu.)
NOTE: Quickpass makes extensive use of the ITGlue Category/Hudu Type values for the Automatic Matching process. If you have existing ITGlue/Hudu Password Entries that you want to ensure are automatically matched during import or during the Manual Matching process, please ensure that those entries are updated with the following Category/Type values:
-
Account Source Category/Type Name On Premise Active Directory Active Directory Azure/O365 Office 365 OR Microsoft 365 OR Azure AD OR Azure Active Directory Local Account Local Account If an existing password entry does NOT have the Category/Type values populated, a new Password entry may be pushed into ITGlue/Hudu as a new password entry during an automatic import.
- CyberQP will attempt to match the imported Administrator account to an existing entry in IT Glue or Hudu.
Modify the Import Jobs (Source)
- Each supported Source is listed. Sources that are currently connected/integrated for the customer are available to adjust the configuration. Sources that are not connected are greyed out.
- For each source the following options are available to configure: Import now, Pause, and Edit
- The Policy column would be populated if an Import Policy was connected to the customer.
- The Details column shows the currently configured source import selections. (OU or Security Group) A shorten display will be shown, but all details are available as a mouse over.
- If you want to Pause the Automatic Import (this is greyed out until you have configured each import the first time) for a specific source, click the Pause Button
- If you want the automatic import you currently have scheduled, click the Import Now button. An import will be executed and the import cycle schedule will be reset.
- Click edit to modify the import conditions for the source.
Active Directory
Azure/Entra/M365
Local Template
Local Group
Active Directory
-
- When Active Directory is selected you will be shown a list of OUs and Security Groups.
- You can select OU(s), OR Security Group(s) from this screen. If you have a large number of Security Groups in Active Directory, you can search for that group above the Security Group section. OUs or Security Groups that are currently configured for Automatic import via the End Users Automatic Import are greyed out.
NOTE: Nested Security Groups are not supported.
You cannot select the same OU or Security Group that is configured for an End User Account Automatic Import Policy or Customer Level End User Account Import Configuration
Note: If Administrative accounts are mixed in with other User accounts in the OU structure, a Security group would work best for this scenario.
- After Selecting the Security Group or OU(s) that you want to have imported, click ADD at the top.
NOTE: Administrator Accounts added to Security Groups that are located in the following OU/Containers will not import. Make sure they are in an OU or Container that is supported.
NOTE: As of June 20, 2022 accounts removed from the Active Directory OU or Security Group, will be removed from the Administrator Accounts screen.
Azure/Entra/M365
- When Office 365/Azure is selected you will be shown a list of Default and Custom created Administrative Roles.
- Select as many O365/Azure Administrative roles as you would like to have imported. You can search for the role via the search box at the top of the list.
- Once the roles that you want to import have been selected, click ADD at the top of the page.
NOTE: If Office 365 account(s) are BOTH a user account and an Administrator account you would NOT want to enable the Automatic import of the O365/Azure Administrator Group that the End User is a member of. An account that is both End User and Administrative will want to be managed by the End User of that account. Once imported into the End User account screen, you do not want to also import into the Administrator Accounts screen.
NOTE: As of June 20, 2022 accounts removed from the O365/Azure role selected, will be removed from the Administrator Accounts screen.
- An initial Synchronization will be executed. Any of the selected accounts that exist from the chosen Directory Sources will be imported and displayed on the list. (Note: O365/Azure Accounts that have been added to a Security Role recently may not be imported immediately after configuring this because the account security role has not fully replicated throughout the Azure Environment)
- Further Synchronizations will occur every 3 hours for each import type, independently. If an account is later added to any of those groups or AD OU(s) they will be imported within 3 hours of the creation.
Troubleshooting Automatic Matching to IT Glue, or Hudu.
On occasion the automatic import process may have troubles with matching to IT Glue, or Hudu.
Holding your mouse over the Automatic Import Status icon will show you the cause of the matching error.
- Manually match the accounts shown to the appropriate Integration that has failed to automatically create a match.
- Click Match Accounts at the top of the Administrator Accounts screen, then select IT Glue or Hudu.
- An Automatch will be performed and findings are displayed.
(If a "More than one Match" message is shown, click on the link and select the appropriate account.) - If no matches are found when clicking the Automatch button, click the check boxes for adding the IT Glue or Hudu entry, and click the Save button in the top right.
- You should now see the Integration Column displaying the ITGlue or Hudu Icon.
- You will now need to turn on the rotation for those accounts that you want to have rotated on the defined schedule by turning the Auto Rotate toggle on.
Adjusting the Automatic Import Settings
At times, you may want to adjust the Automatic Import Settings.
Click here to review the Article
NEXT STEPS
- Automatic Import Policy method - Configure a Policy and have it apply to multiple customers.
Comments
0 comments
Please sign in to leave a comment.