Break-glass accounts/credentials

uhdamm

I was wondering how to go about this topic, and how others handle important msp emergency/break-glass accounts.

I was thinking adding an "internal" client inside ITFlow, with access only to users with a certain Role or a group membership, and add all msp related services/accounts/credentials and other important documents to that client.

From what i see in ITFlow, I could use "restricted access" for every single user.

As far as I remember from using ITGlue, that creates some work everytime a normal client is added - even with the use of groups in ITGlue, as you would add that new client to a gtoup of technicians.

What are you guys using to protect your most important information - not meant for the eyes of a normal technician?
An entirely different system? A safety deposit box?

felix

Great work flow idea using the internal client. Once the roles feature is finished it will streamline your process.

One man shop here. I have all my passwords in a password manager and its password is in my gun safe. I need to update my "if/when I die" instructions, but the wife has some idea of what to do. I guess that's a scenario we should trial run as long as she knows the disaster doesn't need to be actualized to simulate the disaster recovery scenario.

wrongecho

Maybe drop +1 here?: https://forum.itflow.org/d/424-login-entries-require-techs-enter-a-justification-to-access-passwords/2