Skip to main content

Allowing users to specify a destination container

You can configure Bravura Security Fabric to use a profile and request attribute to prompt users for the destination container when creating or moving accounts on a target system that supports contexts, such as LDAP Directory Service, NDS, Exchange 2007/2010/2013/2016, and Active Directory.

When the Profile/request attribute to use as the container DN option is configured on the Target system information page (Manage the system > Resources > Target systems), users can:

  • Set the destination container when creating new accounts.

    Users do this by setting the profile/request attribute value in the request form. By default, Bravura Security Fabric creates new accounts in the same container as the template. Without the profile/request attribute, you may need to set up identical templates for each container.

    If enabled when setting the target system address, Bravura Security Fabric can also create a container if a non-existing one is specified.

  • Move existing accounts on the target system to a different container.

    Users do this by setting the To container value – the profile/request attribute, but with a different name – on the move accounts page. Bravura Security Fabric only displays the move operation (the Move button) for users with accounts that can be moved between containers.

To allow users to select a container for a create account or move context operation:

  1. Add a profile attribute to provide a place to prompt the user for this information.

    It is recommended that you configure the profile attribute to have a set of restricted values, so that the requester or product administrator can select from a drop-down list.

  2. Ensure that you set read/write permissions for the profile attribute.

  3. Provide a group of users the "Move user from one context to another" rule.

  4. Update the Target system information page (Manage the system > Resources > Target systems) by typing the name of the profile attribute in the Profile/request attribute to use as the container DN field.

    This allows Bravura Security Fabric to use the profile attribute for this purpose.

In this section: