Using ITGlue Security to Limit Access to Passwords
Introduction
MSPs may want to allow limited access to passwords stored in ITGlue. Although the limitation to view specific accounts in Quickpass is not possible, ITGlue provides a security mechanism to allow or prevent an ITGlue User from Accessing those passwords.
Requirements
- Administrator Level Access to ITGlue
Process
- Sign into ITGlue with an Administrator Account.
- Click Account at the top of the screen
Create the User
- Click on Users on the left side of the screen
- Create a new user or click on an existing user you wish to limit the access to ITGlue for.
- When Assigning the Role decide how much access you want to give that user for the specific entries they will have access to.
- Uncheck the "Allow all Organizations" box.
- Search for and select the specific ITGlue Organization you do want the account to have access to.
- When Assigning the Role decide how much access you want to give that user for the specific entries they will have access to.
Create the Security Groups
- Click on Groups on the left hand side of the screen
- Create a Group for Allowed Access and a Group for Limited Access. Naming them per customer will simplify the process.
- Limited Access Group
- When creating the Limited Access Security Group add in the account you just created to the Members section. (Note Administrator accounts have access automatically and cannot be limited to access to this group)
- In the Organization Access section search for and Select the Organization you want to limit access to.
- Determine if there are any sections of ITGlue that you do NOT want the Users in this Group to have access to. Put those checkmarks in the boxes. (For example you might not want them to have access to anything except passwords for the Quickpass imported accounts and Configurations to look for Embedded Passwords - as shown in this example)
- Click Save when you have completed all entries.
- When creating the Limited Access Security Group add in the account you just created to the Members section. (Note Administrator accounts have access automatically and cannot be limited to access to this group)
-
Allowed Access Group
- Create a similarly named group that will have access to the rest of the password entries you want.
NOTE: You need to do this in order to isolate the accounts that the ITGlue login created above will NOT be able to see. - Ensure that any accounts that you DO want to have access to the remainder of the accounts are added here. If all other accounts in ITGlue are Administrators you don't need to explicitly add them to the group.
- Specify the Organization Access as you did above if the accounts are not all Administrators.
- Click save
- Create a similarly named group that will have access to the rest of the password entries you want.
- Limited Access Group
Setting ITGlue Security
- Open the specific Organization you want to limit access to from the Organizations header in ITGlue.
- Create 2 Folders and Name them appropriately - this screenshot is an example
- Put the checkmark in the box you want to have the user you created above TO have access to.
- Select the drop down box at the top of the selection interface and select Security
- Select "Specific groups and/or users can access this Folder" and then select the Group you created to limit access to.
- Click Save
- Repeat this process for the other folder, this time selecting the other group and click save.
At this point you are ready to move the passwords that you WANT the limited access user to see into the "Limited Access folder".
Administrator Account View
Limited Account View
NOTE: The Limited account cannot see the "Remainder of Passwords" folder because this account does not have access. Also the Password Quantity numbers are different because of security access changes made to specific password entries.
Moving Password Entries to the Folders
- Select individually or in bulk the passwords you DO want the limited access user to see.
- Select the Drop Down selector and select MOVE
- Select the folder you want to move those passwords to and click Save. Click confirm on the warning message about this action cannot be undone.
- Select the remainder of the Password entries that you DO NOT want the user to have access to and repeat this process - selecting the other folder this time.
- Once the move process is completed the screens should now look similar to this:
Administrator Account View
Limited Account View
Notice that the Limited account now only sees the folder and password entries that permission was given to.
Additional Information
- Access to Configurations (Computer Assets) can be limited following a similar process.
Admin Access Limited User Access - Because Quickpass uses an API to communicate with ITGlue (API is considered an ITGlue Administrator) these folder adjustments do not affect the link to the accounts within Quickpass.
- Future password rotations/changes made from Quickpass will follow the defined schedule because we communicate via the API.
- Searching for accounts by ITGlue Administrators will continue to search within the folders.
Comments
0 comments
Please sign in to leave a comment.