Skip to main content

Setting up user provisioning

To implement user provisioning with Bravura Identity :

  1. Set up email notification.

    Bravura Security Fabric actively notifies users about events that may require their attention; this is generally done through email. It is recommended that all users have email addresses configured.

    Ensure that the email server and port are correctly configured on the Manage the system > Workflow > Email configuration page.

    See Email notification .

  2. Add target systems.

    Add at least one target system that will be an authoritative list of users to be imported into Bravura Security Fabric . If supported, ensure that all users have email addresses configured on the target. At least one target system should be able to verify passwords for users.

    See Target Systems .

  3. Set up accounts on each managed system to use as templates in Bravura Identity .

    See the Connector Pack documentation for information about creating accounts on specific systems. Ensure that you note the login ID of each model account.

    This is not necessary if new account requests will be fulfilled by human implementers.

    It is recommended that you do not add template accounts to managed groups. Managed group memberships should be handled by including them in roles.

  4. Configure account attributes if required

    The term account attributes refers to the attributes of accounts on target systems. Bravura Identity uses an attribute catalog to determine rules for “handling” each attribute when managing users. You can override the default settings for templates, target systems, or target types.

    See Account attributes .

  5. Import users

    Run auto discovery to import a list of users, their accounts and other attributes, from one or more target systems.

    See Users and accounts .

  6. Configure authentication.

    Ensure that the Authentication priority list and Identification priority list are configured on the Policies menu. This is required to allow users to access the main menu.

    See Login and authentication .

  7. Add profile and request attributes

    Profile and request attributes are used to collect and display information about a user. They can be mapped to account attributes.

    See Profile and request attributes .

  8. Add profile and request attribute groups for access control

    Grouping attributes allows you to configure access controls to determine users’ read / write privileges. They also determine how profile and request attributes are displayed to users.

    See Attribute groups .

  9. Add template accounts

    Bravura Identity template accounts are mapped to model accounts on target systems. See the Connector Pack documentation to learn how to set up template accounts for each target type.

    Users set up or request new accounts based on individual templates or named sets of templates referred to as roles.

    See Template accounts .

  10. Configure managed groups

    Bravura Identity uses managed groups to manage memberships in groups on target systems.

    See Groups .

  11. Add roles

    Users assign required resources to a set of users by using roles. Users can also request a role.

    See Roles .

  12. Configure access rules.

    Access rules determine what users can do for themselves or others.

    See User types and access rules .

  13. Add segregation of duties rules.

    Users request exceptions to roles or possible access conflicts.

    See Segregation of duties rules .

  14. Configure role enforcement rules and options, if Bravura Security Fabric should automatically issue requests to correct violations in a user’s access compared to their role.

    See Role enforcement .

  15. Configure authorization workflow.

    See Authorization workflow options .

  16. Configure user provisioning options, including:

  17. Configure web features for request input, validation, and authorization.

In this section: