IT Glue Password Asset: Best Practices
Never use embedded passwords. Only use general passwords. This is best security practice.
1. Each password entry should have a title that is unique within the organization. If there is more than one of the same type of password, differentiate the title by including the user name. The purpose of this policy is to make it easier to tag.
For example, there are two domain admins, one with user name nygeekgirls and one with username administrator. Don't use "domain admin" as there is no way to know when tagging which domain admin you are adding to the asset. Instead, use the following titles:
domain admin - administrator
domain admin - nygeekgirls
2. Create and use folders when necessary to organize large numbers of passwords in the same category. The following are approved folder titles and uses:
- User Accounts. Can contain subfolders for different categories of user accounts such as email passwords, AD passwords, application passwords, and other logins.
- Internal. For internal use by Geek Girls, generally admin passwords. IT Glue Lite users should be excluded from permissions to this folder, even if they have access to other passwords.
- Archived, Passwords no longer in use or for applications or devices no longer in use ("just in case").
- Computers. Device passwords. Can be sub-divided into end user passwords and local admin passwords.
3. If the password is for a web login, always include the URL. If the password is for an SSID, always include an SSID.
4. Use the notes field freely to explain what the password is for.
5. If the password is for an end user, always add the user’s IT Glue “contact” asset as a related item. Add other related items to the password as applicable. to make both items more useful and easy to find.
There is an integrations between AT And IT Glue. So connecting the contact to the password will allow us to easily find passwords directly from a ticket.
6. Always add a "category" to the password asset. Here are some tips for the less self-explanatory password categories:
a. Application: for logging directly into an application or application file on the LAN (Quickbooks company file, etc). Also for API users.
b. Cloud: for logging into a cloud-based application.
c. Vendor: for logging into a vendor's site to make purchases (not to use an application). E.g., the admin account to manage settings or users for an application, but not for application usage.
d. OTP secret key. This is to store the secret key used to generate OTPs, in case we ever need to set up authentication on another device. Always link the OTP secret key password asset as a related item to the primary password asset. (The primary password asset is where the OTP should be generated.) Set the permissions for the OTP code asset to "senior staff" only.
e. Local Machine. Local password for a computer or server. Not for other devices.
f. Printer. For printers that have an admin login.
g. Network: For admin access to a network device's settings.
h. Remote Desktop Access. Anything that we’re using to remote in directly to a machine
to control the machine, such as Splashtop, LogMeIn, RDP, etc.
i. VPN A VPN connection to shares and other resources would go
under VPN category.
j. WiFi. For Wifi Access keys. Not for admin access passwords to wifi devices. (Use network for network admin passwords.)
k. Backup Device Mainly backup appliances or devices used for backup caching - local login.
l. Domain Management Web host, domain registrar, DNS hosting, email hosting, web host, cpanel, etc.
7. Password Permissions in IT Glue. When adding passwords to IT Glue, please double-check to make sure that only the users you intend have access to the passwords. Some passwords should be accessible by the customer authorization contact(s) (when the contact has an ITG Lite account), and some should not be. You can and should edit the permissions.
8. When adding a password, ask yourself if the password is for
something that should be documented, for example, an application or a file
share. If so, add the appropriate flexible asset, clearly detailing what the item is for and how to access it.
Connect the two assets as related items. Just adding the
password is not enough.
When you document something in IT Glue, treat is as if it will be read for the first time by a brand new technician. In other words, assume they do not have background information on the situation. Spell everything out.
Related Articles
Documentation: Best Practices
Document Anything New or Changed When we set up anything that can be defined as “new” or “changed”, it must be documented. For example: a customer that wasn’t using Splashtop is now using it. That’s something new so we need to add a remote access ...Where to Put Information in IT Glue
Items That Are Manually Added to IT Glue Cybersecurity insurance Add to organization as a vendor flexible asset and link the vendor to the Security flexible asset as a related item. Authorization Contacts Under Site Summary Flex asset, we can tag ...Process to Add Customers as IT Glue Lite Users
Preliminary Steps If for a non-primary contact, primary contact must approves access before proceeding (in writing, via email or fax or postal mail Verify what other authorizations this user should have (if any - options are listed in IT Glue Site ...Reading the KB: Best Practices
There is a fundamental flaw in the Zoho KB. If you are logged in as an "agent" (for example, in order to edit a document), you cannot access articles via the permalinks. In order to see articles via permalinks, you need to have an end user account in ...Asset Tracker
How to Access It URL: https://trackasst.securenotes.app/ Log in with Single Sign-On. Asset Types There are various types of assets: 1. Assets - tech items and larger devices that we use that can be returned/swapped (label maker, wire crimper, ...