Skip to main content

Example: Onboard a system

This example shows you how to install an optional scenario component to support Windows system onboarding. Acting as a trustee, we will onboard a system for our team.

Requirements

This example assumes:

  • Bravura Security Fabric and Connector Pack are installed.

  • Bravura Privilege Pattern is installed.

  • Global team groups and privileges are set up.

Click below to view a demonstration:

Install the Windows onboarding and disclosure components

To manage accounts on a Windows workstation, the Windows system type component must be installed. The RDP disclosure component will also be installed as it provides access disclosure to Windows workstations through RDP sessions.

  1. Log in to the Bravura Security Fabric Front-end (PSF) as superuser .

  2. Click Manage Components > Scenario.

  3. Select two components:

    Scenario.pam_system_type_winnt

    Scenario.pam_disclosure_rdp_local_account

  4. Click Install component(s) from the Actions panel on the right.

    The component management program installs the components along with any dependencies. You should see Completed install for component messages for the selected components in the TASK STATUS section of the Actions panel .

Onboard a Windows system

  1. Open another browser tab to Bravura Security Fabric .

  2. Log in to the Front-end (PSF) as cordeh. Since she has the System Trustees privileges for the Windows Account Admins team, she is able to onboard systems to the team.

  3. In the REQUESTS section of the main menu, click Manage Resources.

  4. Select System: Onboard.

  5. In the System Type field, select Windows Server.

  6. Click Next .

  7. Enter the following:

    System FQDN wkstn1.bravura.corp

    System Team Windows Admin Accounts

    lab-onboard-windows

    Click Next .

  8. Add the credentials for the Windows server.

  9. Click Submit.

  10. Click the View request link at the top of the page to view the status of the request.

  11. In the DETAILS panel on the right, click the Request: ID link to review the details of the request.

  12. Next to Display details: check the box for Operations to ensure the onboarding operation is listed as successful.

    lab-onboard-success
    lab-onboard-success2
Verify the managed systems

When a system is successfully onboarded to a team, it will be listed as a managed system in Bravura Security Fabric .

To view the managed systems in Bravura Security Fabric :

  1. Log in to the Bravura Security Fabric Front-end (PSF) as superuser.

  2. Click Manage the system > Privileged access > Managed systems.

  3. Verify that your Windows target system is listed as a managed system.

    lab-onboard-managed

If your onboarded Windows system shows up in the Managed systems list, then you have completed the lab successfully. Systems onboarded through the System: Onboard pre-defined request are automatically added to the ONBOARDED_ACCOUNTS managed system policy. The managed system being part of a managed system policy allows accounts to be managed from that system and onboarded to teams.

In this section: