Example: Adding an Active Directory target system as a source of profiles
Click below to view a demonstration of defining an Active Directory target system as the source of profiles (users) for Bravura Security Fabric including the following steps:
Creating a list file with the OUs to list users from
Specifying the target system as a source of profiles
Adding target system administrator credentials
Testing the connectionRunning auto discovery
This section shows you the typical procedure for adding an Active Directory target. For this demonstration, this target will be set up so that it becomes the source of Bravura Security Fabric profiles. This means that users with accounts in Active Directory will have profiles, including full user name, created for them in Bravura Security Fabric .
Click Manage the System > Resources > Target systems > Manually defined.
Click Add new... to add a new target system.
Enter a unique identifier for the new target system. The target ID can contain only letters (A-Za-z), digits (0-9), and underscores (_).
Select the target system’s Type; for example, Active Directory DN.
Type a Description for the target system.
Click Change next to the Address field to enter values for the target system address. For Active Directory, there are three primary methods for specifying the Active Directory target address:
globaldomain.example.com
\\mydomaincontroller.example.com
\\mydomaincontroller
You can restrict user listing by container or group membership.
Enable Automatically create a Privileged Access Manager managed system if you want to manage privileged access to this system.
Select the Source of profile IDs checkbox.
If you want Bravura Security Fabric to generate a list of attributes for each account during auto discovery, select List attributes. You must select this checkbox if you want Bravura Security Fabric to import OrgChart data from the target system.
Select the Allowed in the certification process checkbox.
For this demonstration installation, leave other parameters with default values.
Click Add.
The Administrator credentials page displays so you can add a target system administrator for the target.
Type the target system administrator’s login ID in the Administrator ID field.
Type the account password in the Password and Confirm password fields.
For this demonstration, the Workstation ID and Account ID do not apply.
Click Update.
Test the connection
To test that your target system is configured correctly:
Click the Test connection tab.
Click Test credentials .
Results should show "Success". If not, verify that the address, target type and administrator credentials are entered correctly.
For the next test, Bravura Security Fabric performs a list operation to enumerate user accounts on the target system. The results of the list operation are for testing purposes only and, unlike during auto discovery, will not be loaded into the database.
Click Test list .
Warning
In a production environment, listing can be a costly operation on the target system. This may take a long time on some systems. The Test list is practical for testing the listing capabilities on target systems that are expected to finish quickly.
If the listing takes longer than the value defined in Timeout (in seconds) for list operation, it will return nothing.
While the list operation is running, click the Refresh icon on the Bravura Security Fabric navigation bar to update the list results.
When the operation completes, the "Number of users found" (at bottom left) should match the number of enabled accounts on the target system.
Click Show users .
Bravura Security Fabric displays the results of the generated user list.
Run auto discovery
Once a target system has been added and is flagged as a source of profile IDs, you need to run psupdate to list accounts and create user profiles:
Click the General tab.
At the bottom of the page, click Run discovery .
Alternatively, on the Target systems list page, select the target system and click Run discovery .
Click OK to confirm that you want to run discovery for the selected target system.
Depending on the number and type of target systems, this process may take several minutes to complete.
Verify that AD accounts have been auto-associated to Bravura Security Fabric user profiles by running a user accounts report:
Click Home.
Click Manage reports > Reports > Users > Accounts .
Click Run at the bottom of the report form.
If auto discovery was successful, you should see a number of accounts with their Account status listed as "Auto-associated".
