Introduction-to-IT-Glue-Offline-Mode-for-passwords

General Information

This feature has been optimized for Windows 10/11 Pro devices only. The browser extension is available exclusively through the Chrome Web Store, providing a secure platform to access your general passwords, including vaulted passwords stored in IT Glue. This ensures access even in the unlikely event that the IT Glue web app is inaccessible or undergoing maintenance. Offline mode can only be activated by IT Glue administrators, and they are responsible for approving all offline mode requests. Once a user and their machine are authorized, users will still need to have their device connected to a network to first install the sync service and extension. Once installed, users can authenticate without an internet connection using their password and MFA.

By default, this feature is turned off in the IT Glue Account settings. Administrators should navigate to Account > Settings under the Offline Mode tab to enable the feature, where they can also access the link to set up the Chrome extension. Administrators can later turn off Offline Mode in case of any security concerns. Turning off the feature auto revokes and wipes all data synced to the approved devices and browser extension. Offline mode incorporates a security feature to manage data when a device is offline or unreachable from IT Glue servers for an extended period, known as the data removal period, set to a default of 7 days but customizable within a range of 1-30 days. After this period expires, data on the user's machine will be automatically deleted, and Offline Mode passwords will become inaccessible for that user.

Administrators setting up the extension can configure it without requiring approval if they remain within the allowed extension instances. Users will start by downloading the Offline Mode Chrome extension, and then proceed to download the Windows sync service and complete the necessary local setup steps.

Sync Service Information

Offline Mode’s Sync Service is a Windows service that will run on the local machine where IT Glue Offline Mode is installed. This service is responsible for syncing data like Passwords, Organizations, and User Permissions to the local machine, as well as syncing activity logs back to IT Glue servers.

The Offline Mode Sync Service synchronizes with IT Glue servers every 60 minutes. Between each synchronization, IT Glue servers are unable to communicate with local machines where the Sync Service is installed. Changes made within IT Glue, such as:

User Deletions
Security Permission Updates
User Role Changes
Authentication Changes
Vault Changes
Password Updates

will not be immediately reflected on the local machine. These changes will only become visible after the next scheduled synchronization and can take up to 60 minutes.

Activity Logs will be synced back to IT Glue servers once five actions have happened, actions are things like password viewing, password accessing, logging into the extension, or logging out. If the machine does not have an internet connection, activity logs will be queued and when a connection is restored the logs will be sent to IT Glue servers.

NOTE Password Workflow notifications will not be triggered when an Offline Mode local machine is either offline, or unable to communicate with IT Glue servers. Once the local machine can communicate with IT Glue servers and a sync occurs, the Workflow notification will be sent.

Additionally, if the local machine goes offline, and the user is using MFA to authenticate and not Single Sign-On, the user will be able to login into the Offline Mode extension until one of two things happens:

The machine regains an internet connection, and a sync is completed between IT Glue servers and the local machine.
The IT Glue Offline Mode data removal period is reached. By default, this is set at 7 days and can be configured by an IT Glue Administrator. The Data Removal period is the time between when the Sync Service makes its last sync with IT Glue servers.

Security recommendations

To limit the replication of IT Glue data files across devices, we recommend the following setup:

NOTE An instance of the extension only supports login from the user who has set it up. Two different users cannot configure a single extension on the same device.

Ensure disk encryption is set up on the Windows device where the extension is being installed. In the event of your device being compromised, this is an additional security measure to prevent bad actors from accessing the locally stored IT Glue data files.
Do not connect your device to any public network (eg: Airport or Café Wi-Fi) when Offline Mode is installed. A secure network connection is recommended to ensure that your device is protected from potential threats.

For more information about Offline Mode security please refer to our Offline Mode for Passwords Security Overview.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.