Skip to main content

Access certification features

Bravura Security Fabric addresses the problem of identifying and removing excess access rights by coordinating and securing distributed review and cleanup of users and privileges.

Bravura Security Fabric periodically requires selected reviewers to use the self-service interface to view user entitlements, flag unneeded access rights for removal, and confirm remaining rights. The reviewers are required to sign off with an electronic signature to assure that the remaining entitlements are appropriate. The workflow engine routes change requests identified during the certification process (for example to delete accounts or group memberships) to suitable authorizers and completes change requests upon approval.

Bravura Security Fabric can also allow certain users to perform ad hoc quick reviews on individual users.

The Bravura Security Fabric configuration interface allows for a high degree of flexibility in how the review process is set up. A wizard-like series of configuration pages allows you to define:

  • Resources on which users are to be certified

    Resources, for the purposes of certification, include:

    • Target systems

    • Managed groups

    • Segregation of duties rules

    • Roles

  • Users to be certified

    You can include all users associated with a resource, select individual users, or a user class.

  • Profile and request attributes to be displayed

    User information defined by profile and request attributes can be viewed by reviewers to help them determine what action to take.

  • Remediation requests to be submitted

    You can specify remediation requests to determine what happens when a review revokes an entitlement, transfers a user, or resolves an SoD violation.

  • Certification method

    You can choose to have users reviewed by a single reviewer, or split the work among multiple reviewers according to:

    • Segments defined by user class

      Classes can be determined by attributes, groups, or PSLang expression.

    • Resource managers

      Reviewers are assigned to each selected application or group to review users privileges. This is practical where the resources have few members.

    • Organization chart

      This method begins with a simple premise: managers can recognize inappropriate rights assigned to their subordinates.

      Unlike other methods, the Bravura Security Fabric administrator does not need to determine all reviewers, but only the manager whose branch of the organizational tree is to be reviewed. Each manager below the level of the selected manager reviews their direct subordinates.

      This method is tightly integrated with OrgChart data to identify managers and their subordinates.

Once a certification campaign has been configured, it can be started immediately, and/or saved for later use. A certification campaign configuration can be saved and exported into a data component, to made part of a reference implementation.

Certification campaign s can be scheduled to start automatically and at regular intervals, like a scheduled job.

In this section: