Skip to main content

Setting up web-based password management

To implement web-based password management with Bravura Pass :

  1. Carry out initial setup as outlined in Initial steps, including:

  2. Configure target systems for password management. In particular, you can set the following options:

    • Check password expiry

      For Novell Directory Services (NDS), Microsoft Windows server, Active Directory, and Microsoft SQL Server target systems, Bravura Pass can extract a list of users whose passwords will expire soon, or have already expired.

      The list can be used by the Bravura Security Fabric notification system to warn users of pending expiry.

    • Program to generate a list of target systems

      For Active Directory, Unix, or GroupWise systems composed of Multiple servers, you can use a sub-host plugin to enforce or speed up synchronization.

      See Target systems composed of multiple servers to learn how to write a sub-host plugin.

    • Allow users to change passwords

      This setting allows the connector (or agent) to change passwords on the system.

    • Accounts must be included in all password changes

      This prevents users from de-selecting accounts on the target system when changing passwords using the web interface.

      This applies only when the target system belongs to a target system group where web password change restrictions are set to Any number of accounts can be selected for a password change or All accounts are selected for password change .

    • Allow users to unlock accounts

      This setting allows users to unlock accounts using either the Unlock accounts (PSK) module or Help users (IDA) module.

    • Display module settings

      Determine whether to include accounts from a target system on the Change passwords (PSS) module, Unlock accounts (PSK) module, or Help users (IDA) module web interface.

    See Target Systems for a full list of target system settings.

  3. Configure password strength rules

    See Password policy .

    You may also need to determine whether a single password policy will apply to all target systems and all users.

  4. Configure target system groups to apply password policy and web synchronization restrictions

    You can set target system group options to determine whether passwords must be synchronized, can be unique, or must be unique across target systems.

    See Target system groups .

  5. Configure user access controls

    You must set up product administrators and configure their administrative privileges before users can access administrative features. You can also fine tune access controls for regular users.

    See User types and access rules .

  6. Configure user notification as required.

    You can use the notification system to warn users of pending password expiry, enforce deployment compliance, or other requirements.

    See Notification > Batch and web notification .

  7. Configure modules as required

    The Change passwords (PSS) module is enabled by default. The User notifications (PSN) module and Unlock accounts (PSK) module must be enabled for these features to be activated.

    See Modules .

In this section: