Skip to main content

Example: Install Bravura Privilege Pattern and onboard a system vault

This procedure describes how to install a Bravura Privilege Pattern component, a scenario component, create a team, onboard a system vault and add users to that vault.

A System vault represents systems in the environment and allows you to store account information without a connector or technical integration.

Install the components

This example requires the following components:

  • RefBuild.pam_team_management.

  • Scenario.pam_system_type_vault.

Configure the Corporate AD target system

  1. Click Manage the system > Resources > Target systems > Manually defined .

  2. Select the Corporate AD target system.

  3. Click Change next to the Address field and enter the domain for your environment.

  4. Click Continue.

  5. Click Update.

  6. Click the Credentials tab.

  7. Enter your target’s credentials.

  8. Click Update.

  9. Click Maintenance > Auto discovery Execute auto discovery.

  10. Click Continue.

Create and set up a team

Create a team administrator:

  1. Click Manage the system > Policies > User classes .

  2. Select the PAM_TEAM_ADMINS.

  3. Click the Explicit users tab.

  4. Click Select .

  5. Search and select a user.

  6. Click Add.

This user can now log in and create, delete and manage teams.

  1. Log into Front-end (PSF) as the team administrator.

  2. Click Manage Resources.

    The Pre-defined requests page is displayed.

    3488.png

    The team administrator can create, delete and manage teams using these pre-defined requests.

  3. Click Team: Create.

    Bravura Security Fabric displays the team creation wizard

  4. Enter the following information:

    • Team Name: Vault-Management-Team

    • Team Description: Team to manage system vault

    Click Next .

  5. Add seven groups. Use the ”More” icon to add more team name fields to the list.

    • Team Trustees Users who can make team management requests.

    • Account Trustees Users who can make account management requests (onboard accounts).

    • Approvers Users who allow or disallow access requests.

    • Auto Approved Users who can check-out access to systems and accounts without making an access request.

    • Requesters Users who can make access requests.

    • Credential_Managers Users who can override or randomize the stored password on a checked-out account.

    • System Trustee Users who can make system management requests (onboard systems).

    • Vault Trustees Users who can make vault management requests.

    3489.png

  6. Click Next and add team descriptions.

    Click Next .

  7. Assign privileges to the team groups:

    • Team Trustees Team trustees

    • Account Trustees Account trustees

    • Approvers Approvers

    • Auto Approved Auto_Approved and requesters

    • Requesters Requesters

    • Credential Managers Requesters and Credential_manager

    • System Trustees System trustees

    • Vault Trustees Vault trustees

    The Credential_Manager privilege allows a user to override or randomize the stored password on a checked-out account.

    3490.png

    Click Next .

  8. Set the initial team trustees for the new team. There must be at least one team trustee to create a team.

  9. Click Submit.

    Bravura Security Fabric notifies authorizers to review the request if required.

  10. Click the View request link at the top of the page to view the status of the request.

    Once the request has been approved, the team will be configured.

Add users to the additional groups in the team.

  1. Log into Front-end (PSF) as a team trustee.

  2. From the home page, click Manage resources.

  3. Click Team: Manage Group Membership.

  4. Select the Vault-Team.

    Click Next .

  5. Select the Account Trustees, Approvers, Auto Approved, Requesters, System Trustees, Vault Trustees, Credential Managers and Team Trustees groups.

    3491.png

    Click Next .

  6. Add members to each team group.

  7. Click Submit.

    Bravura Security Fabric notifies authorizers to review the request if required.

  8. Click the View request link at the top of the page to view the status of the request.

Once submitted and approved, the group’s membership will be updated to include the selected users.

Onboard a system vault

  1. Log into Front-end (PSF) as the system trustee for the vault-management-team.

  2. Click Manage Resources.

    The Pre-defined requests page is displayed.

    3493.png

  3. Click System: Onboard.

  4. Select the Vault System type from the drop-down menu.

    Click Next .

  5. Enter the System FQDN. A system vault will be created with this name.

  6. Select the System Team to manage the system vault.

    3494.png

  7. Click Submit.

    Bravura Security Fabric notifies authorizers to review the request if required.

  8. Click the View request link at the top of the page to view the status of the request.

    Once the request has been approved, trustees can manage accounts on this system.

Create vault users

  1. Log into Front-end (PSF) as the vault trustee for the vault-management-team.

  2. Click Manage Resources.

  3. Click Vault Account: Create.

  4. Select the Vault:system-vault managed system.

    3496.png

    Click Next .

  5. Enter the account information:

    • Account Name

    • Managed Password

    3497.png

  6. Click Submit.

    Bravura Security Fabric notifies authorizers to review the request if required.

  7. Click the View request link at the top of the page to view the status of the request.

Once the request has been approved, users assigned the requester or auto-approved privileges in the Vault-Management-Team can now check out this account and view the password.

In this section: