Passwords

Introduction

This article will show you how to save and organize your passwords in IT Glue. If you want to import passwords, please refer to our Importing CSV data into your account topic instead.

You can create two kinds of passwords:

  • General passwords - A password that can be used for anything. Usually these are linked as related items to multiple relevant assets. To enhance the security of the password, you can add security permissions directly to these passwords or choose to generate a six-digit OTP code.
  • Embedded passwords - A password that can only be used in one specific context. Security permissions will be inherited from the immediate parent object and cannot be changed directly from the password.

IMPORTANT  Starting from August 29th, a new functionality is added to mobile apps of IT Glue where IT Glue users will be able to generate secure passwords in both IT Glue Android and iOS mobile application. Users can now easily and quickly create passwords when they are away from their main laptops or PCs.
Also launched the update for IT Glue's Chrome and Firefox extensions where users can generate passwords in these extensions according to the new password policy enforcement.

Preparation

  • Review the password types (Account > Password Types) available in your account. If you already have a well established set of categories you use to organize passwords, you can edit the types to reflect your existing categories.

    NOTE  Each password can have only one category/type.

Instructions

Creating a general password

Quickly create new passwords from the main Passwords section in each organization. We recommend adding most network and server passwords here, knowing that you will probably want to restrict their access to certain users and groups.

  1. Navigate to the organization that the password belongs to.
  2. Click on Passwords in the left sidebar and then on the + New button in the top-right corner.
    Password_New.png
  3. In the Create Password screen, complete the below fields:
    1. Name - Give the password a name that will be easy to search or find in the list view.
    2. Category - Select the type of password you want to create from the options in the drop-down menu.
    3. Username - Enter the email address or name associated with the new password.
    4. Password - Enter a password of your choosing or, click the Generate button to generate a random one.

      NOTE  Tip! You can click the View/Hide button to toggle the visibility of the password.
      Skitch_Background_-_Google_Docs.png

    5. One-time Password (optional) - Enter the secret key from any third-party authentication application that you used to create the OTP. The secret key must be at least 16 characters long and use Base32 formatting.
    6. URL - Enter a valid URL.
    7. Notes - Add optional notes and comments as required.
    8. Security (right side panel) - Click the down arrow to expand the Security section. Users with a role of Creator can choose between the below two security settings by clicking the radio button beside the options. Users with a role of Editor or above can additionally choose the "Only me" security setting. 
      Security_Password.png
  4. Click on the Save button to add your new password.

The new password will be found in the General tab when you open the Passwords list view, unless it is a personal password which will appear in the Personal tab. 

Creating an embedded password

  1. Search for and open the configuration in IT Glue.
  2. Under Embedded Passwords in the right side panel, click Add Password.
  3. Complete the Name, Username, Password, and URL fields.
    embedded_password.png

    NOTE  For Documents only, there are two additional fields available - Categories and Notes. You can search for the Password Type in the Category field and add notes as required.
    Documents_-_DOC-1332824-604542.png

  4. Click the Add button to save the password.

The new password will be found in a separate Embedded tab when you open the Passwords list view.

Editing a password

  1. On the Password show page, click on the Edit button in the top-right corner.
    Canon_C2230_Admin_Web_Interface___IT_Glue.png
  2. In the Edit Password screen, you can edit any of the below fields:

    Editable FieldsTips
    NameCannot be left blank and must be more than two characters long
    CategoryTyping in the category name will select the item in the drop-down menu
    Username - 
    PasswordLeave blank to keep the current password
    One-Time PasswordThough you will not be able to view or edit the secret key, you can click the Clear button to remove the key if you have a Creator or above role in IT Glue.
    URLIf a valid URL is detected, it will display as a hyperlink
    Notes - 

    Edit_Password.png

  3. Click the Save button to save your changes.

Creating a password folder

  1. Navigate to Organizations > Passwords and then click + New in the top-right corner.


    Password_New.png

  2. In the dropdown, click Folder. A Name field will appear allowing you to name your new password folder. 
    Skitch_Background_-_Google_Docs-2.png

    Your new password folder will now appear in the Password list view. You can click to select, drag, and drop one password into the new password folder at a time. Please refer to our Bulk Move and Bulk Delete KB articles for instructions on how to move multiple passwords into password folders or how to delete password folders, respectively.

Personal Passwords

Easily access and manage your personal work passwords directly in IT Glue. Your personal passwords are only visible to you and can be viewed in one consolidated view, on the account-level Personal Passwords page. Please visit our comprehensive topic about Personal Passwords more details. 

Prerequisites: You must be an Administrator, Manager, or Editor in IT Glue to create personal passwords and view the Personal Passwords page.

Instructions:

  1. Log in to IT Glue and navigate to Organization > Passwords.
  2. Click + New to create a new password.
  3. On the password creation page, enter the password information, expand the Security Settings section and select the Only me radio button. Click Save.
  4. To view your personal passwords for an organization, navigate  to the Personal tab in the Password list view within that organization. 
  5. To view all of your personal passwords, click Personal in the top menu bar and then click Personal Passwords in the left side menu. 

Important Notes:

  • Users with the role Editor and above can make any public or restricted password be their personal password by editing the password's security settings. A personal password can likewise be converted to a public or shared password. 
  • An IT Glue user cannot change the security settings on a MyGlue password. Likewise, a MyGlue user cannot change the security settings on an IT Glue password. 
  • Only you can export your personal passwords by navigating to the Personal Passwords tab on an organization's Password list view and clicking Export
  • IT Glue Administrators can see logs related to personal passwords in the Activity Log. However, they do not have the ability to navigate to the password record or view the password value.
  • Decommissioning a user’s IT Glue account (in the case of a departure, for example) will permanently delete all personal passwords created by that user.
  • Deleting an organization in which personal passwords are stored will also permanently delete those passwords.
  • Personal Passwords can be Vaulted
  • Personal Passwords will not be included in account exports
  • Personal Passwords will not be included in the Global password view
  • Personal Passwords will not be included in Global > Reports > At-risk Password
  • Personal Passwords will not be included in account runbooks
  • Personal Passwords will not be included in Global > Completion

Passwords checklist

Using the checklist below, locate any remaining passwords and add them to your account.

  1. Active Directory domain admin credentials
  2. Active Directory’s Directory Services Recovery Mode (ADRM) password
  3. Local admin accounts for standalone servers, virtual hosts, etc.
  4. Local admin accounts for each workstation
  5. Firewall admin web interface
  6. Switch admin web interface
  7. On-premises applications
  8. Maintenance agreements and licensing (software, hardware)
  9. Cloud applications
  10. Cloud licensing
  11. Domain management (registrar, web host)
  12. Certificate management
  13. Backup console
  14. Lights out management console
  15. Site-to-site VPN

The Vault

Now that you have created passwords and passwords folders, you have the option of enabling an additional security layer to the ones you deem most sensitive. With Vault, host-proof hosting (or, local-only encryption/decryption) is designed to allow a user to encrypt and decrypt exclusively at the endpoint level in the user’s browser with a user-specific passphrase rather than leaving it to the IT Glue system.

The Vault gives each user total control with a user-specific passphrase, rather than an organization-based passphrase that every employee shares. Having a user-based passphrase means that only the user has the decryption key to the Vault and that the encrypted Vault passwords are meaningless to anyone without the user-specific decryption key. This also means an IT Glue administrator doesn’t have to change the passphrase every time an employee leaves.

For more details on how to enable Vault for your account, please have your IT Glue Administrator follow the steps in our topic.

Archiving Passwords

As you document more of your client’s assets, you may want to archive some inactive or old ones that are no longer in regular use. Follow our Archiving Assets topic for instructions.

Password Access Workflow

If the IT Glue administrator has set up a Password Access Workflow, specific actions detailed in our KB article here will trigger a notification. This allows administrators to know immediately when highly sensitive passwords are accessed and reduces the time gap between a potential compromise/exposure and a subsequent audit performed by the administrator.