Skip to main content

How users log in

Users log in using the Front-end. The way that users access the login pages can vary according to how organizations customize the interface between Bravura Security Fabric , the corporate intranet, and other applications.

The Front-end provides access to multiple Bravura Security Fabric web modules using a single authentication point, rather than requiring authentication for each individual module. In general, the Front-end authentication process works as follows:

  1. A user visits the Front-end login page by following a link from your corporate intranet, or typing the URL in a browser:

    • http[s]:// < host name >

    if the index page for this instance is set up as the default web page, or

    • http[s]:// < host name > / < virtual directory > /

    to access the login page for an instance that is not set up as the default web page.

  2. Depending on how the identification priority list is configured, the Front-end displays a list of trusted systems for the user to select from.

  3. The user enters an ID.

    This is a login ID for a trusted system, profile ID, email address, or other attribute.

    Console-only users do not have accounts, and therefore must always enter their profile ID.

  4. The Front-end determines the authentication methods that are available to the user. If more than one method is available, the Front-end displays a pre-configured list for the user to select from.

  5. The user authenticates to Bravura Security Fabric using the selected method.

  6. Depending on how the module is configured, the Front-end ensures that the user has a complete profile, then presents the user with a list of available options.

  7. The user clicks a link on the main menu to access functionality provided by another Bravura Security Fabric module.

Identification vs Authentication

The two main parts of the Login process, identification and authentication, work differently because they work on different data.

As described below in this chapter in more detail, users can identify themselves with either:

  • Account names currently associated to that profile from a user-selected target from the Identification priority list. The default is the first target system added.

  • Profile ID in Bravura Security Fabric. This is default if all targets are removed from the Identification priority list.

  • Profile attributes, if configured .

That first default requires a user-selected target on purpose, because depending on account association logic, Account "johnd" can be associated to one profile on one target, and to another profile on another target; for example, in different target Directories (LDAP or Active Directory domains) resulting from company mergers, "johnd"can be a different person in different pre-merger companies.

So:

  • Identification requires you to choose a target from the provided list if there are more than one Sources of Profiles in the configured product instance.

  • Once a profile was identified, Authentication can perform failover for the verify]operation from one target on the authentication list to the next.

In this section: