Skip to main content

Setting up Privileged Access Management

To implement privileged access management with Bravura Security Fabric :

  1. Carry out initial setup as outlined in Initial steps, including:

  2. Configure managed system policies, managed systems, and managed accounts.

    The steps required depend on whether you are implementing:

  3. Configure user access controls.

    You must set up product administrators and configure their administrative privileges before users can access administrative features. You can also fine tune access controls for regular users.

    See User types and access rules .

  4. Configure general options as described in Privileged access management options .

  5. Configure end user options as required.

    See Modules .

Push Mode Privileged Access Management

Implement push mode privileged access management by using auto discovery to find server or workstation objects on an Active Directory domain. You can then manage these discovered objects using import rules.

Alternatively, add managed system policies and managed systems manually. This is required for systems that are not on an Active Directory domain.

Push mode method 1: Automatic

  1. Add the Active Directory domain controller as a target system, configuring it as a source of Bravura Security Fabric Profile IDs and to discover computer objects.

    See Target Systems for details.

  2. Configure options for managed system policies.

    See Managed system policies for details.

  3. Import discovered objects as managed systems, either manually or by setting up import rules.

    See Infrastructure Auto Discovery for details.

Push mode method 2: Manual

  1. Configure options for managed system policies.

  2. Manually add target systems to Bravura Security Fabric , configuring them to become push mode managed systems.

  3. Assign the systems to particular managed system policies.

  4. Define the accounts that the managed system policy is going to manage on the system.

Vault-only Privileged Access Management

Implement vault-only privileged access management by manually adding a vault-only managed system, manually adding accounts to that system and then link the managed system to a vault-only managed system policy .

  1. Manually add a vault-only managed system to Bravura Security Fabric .

  2. Add managed accounts to the managed system.

  3. Create a new vault-only managed system policy.

  4. Assign the system to a particular managed system policy.

  5. Configure options for the managed system policy.

Local Service Mode Privileged Access Management

Implementing local service mode requires software to be installed on managed systems. The installed Local Workstation Service contacts the Bravura Security Fabric server and registers the system as a discovered object. You can then add these discovered objects as managed systems manually or using import rules. To configure privileged access management using a Local Workstation Service:

  1. Download the MSI installation package and the .inf file.

  2. Deploy the Local Workstation Service software on all systems that you want to manage.

  3. Allow all systems to contact the Bravura Security Fabric server and register themselves as discovered systems.

  4. Configure options for managed system policies.

  5. Import discovered objects as managed systems.

See Adding local service mode managed systems for more information.

In this section: