Profile IDs
A profile ID is a unique identifier for a user in Bravura Security Fabric . Profile IDs are assigned when you import users into Bravura Security Fabric , when you create a new user in the View and update profile (IDR) module, or when you create a new product administrator with console-only access. Bravura Identity automated administration can also trigger the creation of a new profile ID.
All users who need to login to Bravura Security Fabric need to have at least one profile ID. Bravura Security Fabric preserves the case of what is imported or entered, (it can create two different profiles for IDs that only differ in case), although the usage of profile names in the Web interface is case insensitive; for example a search for user1 will also list User1 .
Designating a source of Profile IDs
Select a system or set of systems to designate as your Bravura Security Fabric profile ID source, by selecting the Source of profile IDs checkbox on a target system's General page . This system or set of systems should contain a login ID for all, or most, of the Bravura Security Fabric users in your organization. If possible, designate a system that uses the most common or standardized naming convention.
By default, Bravura Security Fabric automatically uses the short ID on a Source of Profiles to define the profile name. If you want to use a different account attribute to create the profile ID, type the name of the account attribute in the Account attribute to use as profile ID field. Make sure the chosen attribute is loaded from the target system and that it is populated for all accounts with a unique value. The accounts for which this attribute is blank or doesn’t exist won’t create a profile. If the attribute has the same value for more than one account, no profile will be created and an error notice about "duplicate accounts" will be logged. If the attribute has the same value for more than one account, all of those accounts will be associated with the first profile to be created (usually in alphabetical order).
Renaming accounts on target systems
Renaming an account on a target system that is a source of profiles (SoP) may trigger a renaming of the user’s Profile ID. The following table outlines the result of renaming accounts in various cases:
Case | Result |
|---|---|
If the user has a single account on an SoP target system: | Renaming the account on the target system will trigger a renaming of the user’s profile ID. If the user is logged in, he should log out and log back in. |
If the user has multiple accounts on an SoP target system: | Renaming only one of the accounts will not trigger a profile ID rename. The renamed account will still be associated with the user. |
If the user has an account on an SoP target system, and an auto-associated account on a non-SoP target system: | Renaming the account on the SoP target system will trigger a renaming of the user’s profile ID. The auto-associated account will be detached from the user’s profile. |
Renaming an auto-associated account by renaming attributes used for auto-association – such as logon name on Active Directory – will cause the account to be detached from the user’s profile. | |
Renaming an auto-associated account by renaming attributes not used for auto-association – such as first name or last name on Active Directory – will not cause the account to be detached from the user’s profile. | |
If the user has a single account on an SoP target system, and an manually-associated account on a non-SoP target system: | Renaming the account on the target system will trigger a renaming of the user’s profile ID. The manually-associated account will remain attached to the user’s profile. |
If the user has accounts of the same name on multiple SoP target systems: | Renaming the account on one of the SoP target systems will not trigger a profile ID rename. All accounts will remain attached to the user. |
Renaming the accounts with different IDs will not trigger a profile ID rename. All accounts will remain attached to the user. | |
Renaming all account with the same ID will trigger a profile ID rename. | |
If the user has an account on a non-SoP Active Directory target system: | The user logon name and the userPrincipalName attribute must both be renamed. |