Manually attaching accounts

To allow a user to attach a non-standard login ID that is associated with another user, enable the Allow other users to attach auto-associated IDs setting on the target system’s Target system information page.

A user can only attach an account that is associated with another user if the account exists on an auto-associated target system. A user cannot attach an account that has been manually attached to another user’s profile.

Set the default behavior for detaching accounts by enabling or disabling the PSL ALLOW DELETE option on the Attach other accounts (PSL) module configuration page.

You can override the default behavior for individual target systems. To do this, set the Allow users to detach manually-attached accounts option on the Target system information page. Select:

You can enable the Users must have accounts setting for a target system so that if the Attach other accounts (PSL) module is enabled (it is by default), the user must either already have an account associated with this target system or must attach an account on this target system before other self-service functionality is made available.

When the PSF FORCE ENROLLMENT setting includes the psl value (default), users are redirected to the Attach other accounts (PSL) module to complete their profile when they login. This is useful during the enrollment phase in particular. If this setting is disabled for the Attach other accounts (PSL) module by removing the psl code from PSF FORCE ENROLLMENT, users are reminded that they require an account on the specified target system, but compliance is not enforced.

You can set a minimum number of accounts that users must have registered in their profiles by typing an appropriate value in the PSL MIN ACCOUNTS field.

If users have not registered enough accounts, Bravura Security Fabric can enforce this requirement by directing users to the Attach other accounts (PSL) module after they log in, and displaying an error message.

When you change this setting, Bravura Security Fabric

Bravura Security Fabric automatically schedules the psdonechk program to run once to check compliance. To modify the scheduled job, click Manage the system > Maintenance > Scheduled jobs, then select PSDONECHK.

To prevent users from attempting to attach accounts that do not belong to them, the logged-in user is locked out of Bravura Security Fabric after a pre-defined number of password authentication failures. An authentication failure is counted only if an ID/password pair fails to match any account. For example, if there are two accounts called “user1” on different systems, and the password “mypassword” succeeds on one account but not the other, no authentication failure is counted. If the password does not succeed on both accounts, an authentication failure is counted.

This is controlled by the PSL VERIFY COUNTS option, which is enabled by default. If you disable this option, no failure is counted when an ID/password pair fails for all claimed accounts, and users are not locked out of Bravura Security Fabric.