Featured image

How to Seamlessly Integrate Privileged Access Management with Your Documentation Tool (And Why You Shouldn’t Be Storing Passwords in Your Documentation)

  • QGuard

An MSP’s documentation tool is a component of business operations, serving as the “map of the kingdom.” Managed service providers depend on robust solutions such as IT Glue and Hudu to meticulously track processes, workflows, and vital details within their distinctive IT environments.

However, one of the most frustrating tasks is creating and maintaining visibility into admin credentials across your customer base.

Manually recording all of these details remains time-consuming and frustrating.

That’s why MSPs need a dedicated Privileged Access Management (PAM) solution to get an Automated Inventory of their Privileged Accounts.

In this post, we’ll show you how you can use CyberQP’s integrations with documentation tools like IT Glue and Hudu to write back passwords to a documentation tool, and how a MSP geared PAM solution can help you get visibility into your technicians’ privileged access with minimal manual intervention.

Before we dive into the benefits Privileged Access Management provides by separating the map (your IT documentation) and the keys (your privileged credentials) to your kingdom, you’ll have to ensure that you’ve fully completed onboarding for your new documentation tool. For the sake of this post, we’ll use our integration with IT Glue as an example.  

For Readers with Empty IT Glue Accounts:

As a new or empty IT Glue tenant, you have two options for setting up your IT Glue account:

Prioritize General Passwords
You can opt to integrate CyberQP first. In this case, we will create general passwords because we won’t have visibility into any configurations/devices on IT Glue. General passwords offer standalone access management in IT Glue if you prefer this option.

Please note that in IT Glue, embedded passwords are the only type of passwords that can appear directly on the right-hand side panel of a configuration/device with the “copy password” feature in IT Glue. General passwords can only be linked as a “related” item, and new IT Glue tenants may be unaware of the differences in security between embedded passwords and general passwords.

Prioritize Embedded Passwords
Alternatively, you can start by connecting your PSA and/or RMM integration first, build out your organizations and configurations/devices, and then connect CyberQP.

We will attempt to match to existing configurations and create embedded passwords. Embedded passwords offer access management that mirrors whatever is set on the parent configuration/contacts. Please refer to IT Glue’s Knowledge Base to understand this inheritance based security model.

A Quick Refresher: How to Create and Update Passwords in Your Documentation Tool

Here’s a quick 5-step guide (and a video) to help you create and update passwords in your documentation tool. You can either create password entries manually or use a CSV file to import password entries into IT Glue. 

How to Manually Create and Update Passwords  

  1. Open your customer’s organization in IT Glue.
  2. Click the Passwords link on the left-hand side.
  3. Click the “+ New” button at the top right of the screen and select “Password.”

  1. Fill in the “Name,” “Username,” and “Password” field. Select a category, if applicable, and click Save.

  1. Repeat Steps 3 and 4 until you’ve created all of your passwords.

How to Import Passwords Using a CSV File 

  1. Create a spreadsheet in Microsoft Excel or Google Sheets. Ensure you have column headings labeled “Organization,” “Name, “password_category,” “Username,” “Password,” “URL,” and “Notes.”

  1. Fill in your customers’ password information into the spreadsheet.
  2. Save the file as a CSV file.
  3. Ensure you are logged in as a user with administrative permissions in IT Glue. 
  4. Click the “Account” menu at the top of the window.

  1. Select the “Import Data” menu on the left-hand side.

  1. Click the “+New” button at the top right of the screen and select “Passwords” from the drop-down list.


  1. Click the “Choose File” button, select your CSV file, and click “Continue.”


Why MSPs Need a Dedicated PAM Solution to Automatically Maintain Their Privileged Account Inventory

While your current documentation tool may catalog all admin and end user accounts, the potentially static nature of this account inventory poses inherent risks.

This susceptibility to human error leaves your MSP exposed to insider threats, especially in scenarios such as the departure of a disgruntled technician that necessitates manual refreshing of critical credentials.

While CyberQP encourages its partners to deter threat actors from gaining all the information they need in one go by separating their credentials from IT documentation, we also recognize that our partners need solutions that offer security without compromising efficiency. Here’s how help desks use QGuard with their documentation tool of choice to create a Moving Target Defense and maintain continual visibility into their privileged accounts.  

Match IT Glue Password Entries with Ease 

To get started, CyberQP Partners can import IT Glue or Hudu organizations and match customers with ease. To learn more, you can refer to our Knowledge Base.  

An Automated Moving Target Defense for Your Documentation Tool 

Once technicians have finished matching entries between QGuard and their documentation tool, you can create automated password rotation cadences or rotate on-demand, and our integrations will automatically write back updates to your IT Glue instance, keeping documentation current and accurate without manual intervention. 

Choose a Solution That Supports All Microsoft Directory Types

CyberQP offers MSPs a solution that automates password rotations across Active Directory, Microsoft 365/Entra ID, local administrator and service accounts, all from one dashboard. For a lower price than a documentation tool’s password rotation add-on fee, MSPs trust QGuard to: 

  • Discover anomalous and suspicious privileged accounts across a customer’s endpoint fleet, accelerating and securing customer onboardings and an MSP’s internal privileged access 
  • Offer daily alerts on how their technicians are using their privileged access 
  • And separate crucial information about their technology deployment with a technician vault, packaged with QGuard at no extra cost.  

Want to learn more? You can meet with one of our product specialists now.