Process
Transparent password synchronization, triggered by a native password change on a monitored system works as follows:
User: decides to change their password(s) or has been asked to during the login process (password has expired).
User: enters their login ID, current password and desired new password.
Login server: validates password quality internally, then calls a Bravura Pass interceptor library to further validate password quality.
Bravura Pass interceptor: contacts the Bravura Pass server; establishes an encrypted connection; forwards a request for password policy check.
Bravura Pass : validates password quality; returns result. In the event of an attempted policy violation, Bravura Pass may send a message directly to the user by email or a Windows pop-up message.
Login server: updates the user’s password field internally, calls the Bravura Pass interceptor to notify it of the successful change. Note that a failure to meet the Bravura Pass policy will normally block the initial password change from completing.
Bravura Pass interceptor: contacts the Bravura Pass server; establishes an encrypted connection; forwards a request for password synchronization.
Bravura Pass : queues up the new password for synchronization.
Bravura Pass : resolves the single-queued event to a list of passwords that must be set for this user (one per login account).
Bravura Pass : administratively sets the user’s passwords on each system to the new value.
Bravura Pass : in the event of failure, re-queues and retries; may send the user one or more emails to notify of the problem; may create a ticket on an incident management system to alert someone of an integration problem.
Transparent password synchronization triggers are provided with Bravura Pass for Active Directory, Windows servers, LDAP, Linux and Unix (various), iSeries and z/OS (optional component).