Password policy
Bravura Security Fabric can enforce a wide variety of rules as to what constitutes a valid new password. Use these rules to:
Enforce an enterprise-wide password security policy, or different policies for groups of target systems, or for classes of user, or different managed systems.
Ensure that passwords are strong enough to be accepted on, and compatible with, all target systems and managed systems.
Ensure that the passwords used by console-only product administrators are strong. Console-only product administrators, such as superuser, do not have an account on any target system; their passwords are validated by Bravura Security Fabric .
Control what passwords users may select when they reset their own forgotten passwords.
Control what passwords users may select when they create new accounts.
Generate random passwords.
Users can select from the list of random passwords when they type new password values. Bravura Security Fabric selects random passwords when performing resets for managed systems.
Bravura Security Fabric password policy is enforced when new passwords are created, or passwords are reset (using the web interface or via transparent synchronization).
There are three default password policies used by Bravura Security Fabric :
DEFAULT – applied to all users, including superusers
PAM_DEFAULT – applied to managed system policies, when using Bravura Privilege features
PERSONAL_VAULT – applied to personal vaults
These default policies are defined in Manage the system (PSA) module (Policies > Password policies).
For privileged access features, you can create a separate password policy for each managed system policy. Once created, it is used instead of the default policy for that group.