IT Glue Password Asset: Best Practices
Never use embedded passwords. Only use general passwords. This is best security practice.
1. Each password entry should have a title that is unique within the organization. If there is more than one of the same type of password, differentiate the title by including the user name. The purpose of this policy is to make it easier to search for passwords.
Example: There are two domain admins, one with user name nygeekgirls and one with username administrator. Don't use "domain admin" as the title for both, as there is no way to know which domain admin you are adding to the asset. Instead, use the following titles:
domain admin - administrator
domain admin - nygeekgirls
2. Create and use folders when necessary to organize large numbers of passwords in the same category. The following are approved folder titles and uses:
- User Accounts. Can contain subfolders for different categories of user accounts such as email passwords, AD passwords, application passwords, and other logins.
- Administrative. For internal use by Geek Girls, generally admin passwords. IT Glue Lite users should be excluded from permissions to this folder, even if they have access to other passwords.
- Archived, Passwords no longer in use or for applications or devices no longer in use ("just in case").
- Computers. Device passwords. Can be sub-divided into end user passwords and local admin passwords.
3. If the password is for a web login, always include the URL. If the password is for an SSID, always include the SSID.
4. Use the notes field freely to explain what the password is for if it won't be obvious to others.
5. If the password is for an end user, always add the user’s IT Glue contact asset as a related item. Add other related items to the password as applicable. to make both items more useful and easy to find.
There is an integrations between AT And IT Glue. So connecting the contact to the password will allow us to easily find passwords directly from a ticket.
6. Always fill out the category field in the password asset. Here are some tips for the less self-explanatory password categories:
a. Application: for logging directly into an application or application file on the LAN (Quickbooks company file, etc). Also for API users.
b. Cloud: for logging into a cloud-based application.
c. Vendor: for logging into a vendor's site to make purchases (not to use an application).
d. OTP secret key. This is to store the secret key (seed) used to generate OTPs, in case we ever need to set up authentication on another device. Always link the OTP secret key password asset as a related item to the primary password asset. (The primary password asset is where the OTP is generated and viewable.) Set the permissions for the OTP code asset to "senior staff" only.
e. Local Machine. Local password for a computer or server. Not for other devices.
f. Printer. For printers that have an admin login.
g. Network: For admin access to a network device's settings.
h. Remote Desktop Access. Anything that we’re using to remote in directly to a machine
to control the machine, such as Splashtop, LogMeIn, RDP, etc.
i. VPN A VPN connection to shares and other resources would go
under VPN category.
j. WiFi. For Wifi access keys. Not for admin access passwords to Wi-Fi devices. (Use network for network admin passwords.)
k. Backup Device Mainly backup appliances or devices used for backup caching - local login.
l. Domain Management Web host, domain registrar, DNS hosting, email hosting, web host, cpanel, etc.
7. Password Permissions in IT Glue. When adding passwords to IT Glue, please double-check to make sure that only the users you intend have access to the passwords. Some passwords should be accessible by the customer authorization contact(s) (when the contact has an ITG Lite account), and some should not be. You can and should edit the permissions. Mouse over the lock icon in the list of passwords to view the users who can see the item.
8. When adding a password, ask yourself if the password is for
an item that should itself be documented. For example, you are adding a password asset for an application. was the application documented as an application flexible asset? If not, add the flexible asset, clearly detailing what the item is for and how to access it.
Connect the two assets as related items.
When you document something in IT Glue, treat is as if it will be read for the first time by a brand new technician. In other words, assume they do not have background information on the situation. Spell everything out.
Related Articles
Documentation: Best Practices
IT Glue Basics Here's a video overview of IT Glue. Document Anything New or Changed When we set up or learn about anything new or changed, it must be documented. When something is changed by a technician, it is generally that technician's ...Where to Put Information in IT Glue
Items That Are Added Automatically to IT Glue via Sync Some items are automatically synced from our RMM and PSA (Autotask) systems to IT Glue. We generally don't edit them on the IT Glue side. (In some cases we cannot do so.) We edit them on the ...Process to Add Customers as IT Glue Lite Users and IT Glue Lite Basics
What is an IT Glue Lite User? An IT Glue Lite User is a free account given to a customer contact so they can view specific documentation and update limited items without having full technician or admin access. We generally don't give them password ...Reading the KB: Best Practices
There is a fundamental flaw in the Zoho KB. If you are logged in as an "agent" (for example, in order to edit a document), you cannot access articles via the permalinks. In order to see articles via permalinks, you need to have an end user account in ...Asset Tracker
How to Access It URL: https://trackasst.securenotes.app/ Log in with Single Sign-On. Asset Types There are various types of assets: 1. Assets - tech items and larger devices that we use that can be returned/swapped (label maker, wire crimper, ...