Skip to main content

Example: Sending email when a user is locked out

This example shows you how to configure Bravura Security Fabric to send an email to an administrator when a user is locked out due to too many failed login attempts.

Click below to view a demonstration.

Requirements

This use case assumes that:

  • Bravura Security Fabric and Connector Pack are installed.

  • An Active Directory system has been targeted as a source of profiles.

  • All users have values defined in the mail attribute on the Active Directory target system.

Configure email settings

To configure email settings :

  1. Log in to Bravura Security Fabric as superuser.

  2. Click Manage the system > Workflow > Email configuration .

    Note

    When you select the Workflow tab, Bravura Security Fabric directs you to the Email configuration menu until the required variables are set.

  3. Note the following settings which are set during installation:

    • BASE IDSYNCH URL The URL that will display in all emails to direct users to the Bravura Security Fabric application.

    • GLOBAL MAIL PLUGIN The plugin that sends email to users.

      The default setting, global-mail-plugin, is overwritten by the hid_policy_wfemail component to use the plugin_wfemail.py plugin.

    • GLOBAL MAIL PLUGINDIR The directory path to store messages when they are written to a file.

      The default is <Program Files path>\Bravura Security\Bravura Security Fabric\Logs\<instance> mail.

  4. Set the following:

    • MAIL SEND METHOD SMTP,FILE

      These are the delivery options for notification messages. When the MAIL SEND METHOD value includes FILE, it writes to a file in the directory specified by GLOBAL MAIL PLUGIN MAILDIR , which by default is <Program Files path>\Bravura Security\Bravura Security Fabric\Logs\<instance>mail. When the value includes SMTP , the plugin sends emails.

    • MAIL_SERVER This can be localhost .

    • RECIPIENT_EMAIL The comma-delimited list email addresses of the Bravura Security Fabric administrators who should receive notification of events relating to the running of the server; for example admin@example.corp .

    • SENDER_EMAIL The email address that will appear as the sender of emails; for example bravura@example.corp.

  5. Click Update.

Configure the event action

To set up an email action when a user is locked out of Bravura Security Fabric :

  1. Click Manage the system > Policies > Login options .

  2. Select Configure event under the USER LOGIN LOCKOUT field.

    A pop-up form appears.

  3. Select Each time this event occurs under send email.

  4. Define the message; for example:

    To admin@example.corp

    From bravura@example.corp

    Subject User Lockout

    Message body

    Due to several failed password attempts
%USERID% has been locked out. Check for suspicious behavior.

    The Event action strings help link at the bottom left of the form gives you a guide to variable strings that you can use in the message body.

  5. Click Update.

  6. Close the pop-up form.

  7. Click Update. The settings will be saved.

Test the event action

To test the event action:

  1. As an end user, attempt to log into Bravura Security Fabric with the wrong password until you are locked out (3 attempts).

  2. Open your email client as the admin user, or go to the <Program Files path>\Bravura Security\Bravura Security Fabric\Logs\<instance> mail\ directory.

    You should see that there is a "User lockout" message. Open this message to confirm that it appears as you intended.

    When the MAIL SEND METHOD includes FILE a copy of this email will also be created in the <Program Files path>\Bravura Security\Bravura Security Fabric\Logs\<instance> mail\ directory as a <date>.eml file.

  3. Open an Administrator Command Prompt and navigate to:

    <Program Files path>\Bravura Security\Bravura Security Fabric\<instance>\util\

  4. Run the following command to unlock the user:

    userunlock.exe -user <username>

  5. Close the command prompt.

In this section: