CyberQP Tech Vault Security Options

Background

The CyberQP vault enables you to grant appropriate access to your passwords for specific individuals. Each password can be customized with access settings through the "Security" section of a password asset. There are three options available:

All login users with access to the customer
This option allows any users with login credentials and access to the Customer to access the password.
Restrict to primary and super roles
This option limits access to ONLY individuals with primary and super roles.
Restrict to specific login groups
This option restricts access to designated login groups only. A login group will permit certain users AND all primary and super role users access to the password.

Note: If your organization previously created "Fake Logins" with "Engineer" or "Helpdesk" roles to restrict access to passwords, you can now transition to using "Restrict to specific login groups".

We recommend the following steps:

Update your "Fake login" accounts: Since the new feature allows you to restrict access through designated login groups, you can safely update the login user's role level to "Manager" or remove them all together.

Assign a manager to a group: If you wish to assign a manager to a specific group, you can do so through the new feature. This ensures efficient access control and simplifies user management.

Finally, ensure you have assigned the group access to the password using the steps in this KB article.

Prerequisites

Tenant is Enabled with Quickpass Technician Vault
Tenant has QDesk, QGuard, or the Bundle Account Plan
Primary or Super Login Role Credentials may alter Password Access Security
Customers created in Quickpass Dashboard https://support.getquickpass.com/hc/en-us/articles/360035206574-How-to-Create-New-Customer
Passwords are stored in the Quickpass Tech Vault
- https://support.getquickpass.com/hc/en-us/articles/1500004646101-How-to-Setup-Scheduled-Password-Rotation-of-Administrator-Accounts-Quickpass-Password-Vault
- https://support.getquickpass.com/hc/en-us/articles/5439054385559-3rd-Party-and-Unlinked-Accounts-with-Quickpass-Password-Manager

Default Behaviour

By default a Login Role with access to a Customer will be able to see account passwords for the areas of the Dashboard that they have access to. (See Login Roles for details)
New Password Vault Feature - Unlinked Passwords will be available to all Login Roles until Security is Adjusted.

Securing Account Passwords

Creating or Editing Groups

A Primary or Super Login Role will need to create or use an existing Group in order to secure a password.
1. Click on Login Management.
2. Click on the Configuration Drop Down and select Group Management.
3. Click "Add New Group" or edit an existing Group.
4. Type in the Name of the Group that you want to create (or keep the existing group name as is. You may use names such as "Website Passwords", "Level 3 Technicians", "Administration Group", "API Key Group" etc).
5. Select the users you want to add to the group.
6. Click Save to finish creating or editing the Group.
7. Repeat the process for all the Groups that you wish to create or edit.
8. Existing Groups that have been created can be modified to add additional or remove existing users as required.

Securing the Password Entry

Click the Customer you want to modify the Password Access to.
Click the Passwords Link on the left side of the screen.
Click the Specific Password you wish to modify the Password Access to.

NOTE: At the time of the creation of this KB Article, Password Entries must be modified individually. Future releases of this Feature will allow bulk modification.
Existing login Groups with access to view the password will be shown in the lower portion of the screen.
Click the Edit Button in the top right corner
Find the Security Section of the Password Entry in the lower portion of the Password Entry
Change the Radio Button to "Restrict to specific login groups" if not already selected and click the "Add/Edit Groups" button.
Select the groups (and through inheritance, the users) you wish to give access to the password. Click the "Select" button to save your changes.
NOTE: Login Roles that do NOT have access to the Password Entry will NOT be able to see the Account on the Dashboard, Desktop App, or via the ConnectWise POD/AutoTask Insight integration (for End User Accounts). The account entry will not appear at all to the login users.
1. Users view when they have privileges to access the password via the security settings or groups.
2. Users view when they do not have privileges to access the password via the security settings or groups.