Implementing Transparent Password Synchronization
This section provides an overview of the steps required to implement transparent password synchronization. It assumes you have set up basic requirements for password management, including email notification and at least one target system that is a source of Bravura Security Fabric profiles.
To implement transparent password synchronization:
Add target systems that will be triggers for transparent password synchronization.
If required, enable the API SOAP Service (
idapisoap) and ensure it is accessible by the host running the interceptor. The API Service (idapi) configuration file requires the URL of the API SOAP Service.Note
The API SOAP Service is not required for Windows or LDAP Triggers.
Gather the information that you will need when you install the necessary software:
Trigger system’s target system ID
The communication key (or Master Key)
The CommKey value is encrypted in Bravura Security Fabric . If you did not record the key in a secure location, copy the
idmsetup.inffile from <instance> \ psconfig \ on the Bravura Security Fabric server to the same location as the installer. The installer will extract the Communication Key value from the file.TCP port number on which the Password Manager service is listening for the LDAP interceptor.
URL of the API SOAP Service, for interceptors other than the LDAP and Windows interceptors.
DNS host name of each Bravura Security Fabric server
Install the required software on the trigger system:
Inform users that:
All password changes for users (with a Bravura Security Fabric profile ID) will be subjected to the password policies enforced on the Bravura Security Fabric server. By default transparent password synchronization is available to all users.
When users change their passwords on the relevant system (Microsoft Active Directory, LDAP Directory Service, OS/390), their new password will be applied automatically to all of their accounts on other systems.