Skip to main content

Example: Configuring implementers

Often, organizations will have a Human Resources target that populates Bravura Security Fabric. For various security and privacy reasons, these targets usually do not not allow Bravura Security Fabric to write back to them. However, organizations still require an audit trail if the target is updated manually.

In this example, you will set up implementers to update a new employee’s information on an HR system after an account has been created on the AD target. Using Bravura Security Fabric to initiate the request to an implementer will provide the required audit trail.

Requirements

This example assumes that:

  • Bravura Security Fabric is installed.

  • An Active Directory target has been configured.

  • A template account for the AD target has been created.

  • A target is configured to retrieve data from a Human Resources system.

Configure an implementer target

By default, all target system operations are set to be carried out by a connector. You can override resource operations at the target system, group, and template level. If the operation is set at target-system-level to be carried out by an implementer, you must assign at least one implementer to the target system. If you do not do this, requests involving the target system will be put on hold unless implementers are dynamically assigned by a plugin.

  1. Log in to Bravura Security Fabric as superuser.

  2. Click Manage the system > Resources > Target systems > Manually defined.

  3. Select the Human Resources target.

  4. Under the Auto discovery options make sure the option to Allow child resources, including templates and managed groups, to inherit implementation configuration is enabled.

    lab-implementers-allow-SUI

  5. Click Update.

  6. Click the Resource operations tab.

  7. Select Implementer operation for all listed operations.

    lab-implementers-target-SUI

  8. Click Update.

    Bravura Security Fabric displays the "Insufficient implementers assigned" warning, and includes an implementers table below the operations table.

Assign individual implementers

You can add individual static implementers in the bottom table on the Resource operations page. Individual implementers assigned at the target system level are inherited by dependent template accounts and managed groups.

To assign an individual implementer:

  1. In the Implementers table, click Select…

  2. Search 27134.png 3332.png for and select a user.

  3. Click Select .

Assign implementers by user class

To assign implementers based on user class:

  1. On the Resource operations page, click the User classes sub-tab.

  2. Click Select…

  3. Select the _GLOBAL_HELP_DESK_ class and click Select.

    Bravura Security Fabric displays an error because you have not mapped the participants in the user class yet.

  4. Under Participant mapping for USERID, select IMPLEMENTER.

  5. Click Update.

Now all members of the _GLOBAL_HELP_DESK_ user class are implementers on the HR system.

Add a new employee

  1. As a member of the human resources team, log in to the HR system as a user with privileges.

  2. Create a new account.

    Bravura Security Fabric is triggered to create accounts on various targets. For example, an account on the Active Directory target. As part of this process, an email address is generated.

    A notification is sent to the implementers to update the HR system.

Accept the implementation task

You can now carry out the implementation tasks:

  1. Log in to Bravura Security Fabric as an implementer.

  2. Click the You have 1 request(s) awaiting your fulfillment link or the Requests link.

  3. Click on the most recent request.

  4. Click the Tasks button on the action panel.

    lab-implementers-tasks-SUI

  5. Click Accept .

    The task is now assigned to you.

    lab-implementers-accepted-SUI

  6. Click Home to return to the main menu.

    You should see that the task notification is still there. It will remain until you update the task’s status.

Carry out the task and update the task status

  1. Log into the HR system as the implementer and add the new employee’s email account.

  2. Log in to Bravura Security Fabric as the implementer again.

  3. Click the There are 1 request(s) awaiting your fulfillment link or the Requests link.

  4. Select the most recent request.

  5. Click Tasks.

  6. Click Complete.

Demo: Configure implementers

Click below to view a demonstration including the following steps:

  • Configuring an implementer target

  • Assigning implementers individually and by user class

  • Setting the implementer target to copy data from an AD target and creating a psupdate script to handle copying

  • Creating an implementer template account, adding it to a PDR and removing additional authorization

  • Submitting a request to create a new implementer target account

  • Accepting an implementation task and updating its status

In this section: