Plugin points and programs
Plugin programs with a .pss extension are built-in.
Plugin point | Purpose | Shipped / Built-in |
|---|---|---|
Manage the System > Resources > Target systems | ||
Program to generate a list of target systems | Generate a list of sub hosts for the target systems. | dcselect, discgrpw, unixsub, w2kranddc |
Program to set the case of new IDs | Defines the case of new IDs created on a target system or creates numerical ID based on a user attribute. | upper.pss, lower.pss |
Manage the system > Policies > Password policies | ||
require the password to be approved by this plugin | Displays and enforces additional password strength rules. | passfit.psl or netvalidatepwpol.exe |
warn if the password is not approved by this plugin | A warning will be generated if the password does not pass the password policy of the specified plugin. | passfit.psl |
generate random passwords using this plugin | Specify a plugin to generate random passwords instead of the built-in password generator. | advrandpasswd.exe,randpasswd.exe |
Manage the system > Policies > Login options | ||
LOGOUT REDIRECT PLUGIN | Provides a method to redirect users after logging out. | None |
Manage the system > Policies > Question sets | ||
External program | Print questions that the user or help desk user must answer, and either print or validate answers. | odbcqa, resextqa |
Plugin for validating answers | Test the strength of questions and answers when a user is updating their Question sets. | None |
Manage the system > Policies > Segregation of duties rules | ||
Plugin to enable exception | Allow exceptions in some cases when the Exceptions not allowed option is enabled. | None |
Manage the system > Policies > System interfaces | ||
GET PASSWORD EXT | Supply a password to the Change passwords page when a help desk user changes a caller’s password from the Help users (IDA) module. | None |
PARSE ACCOUNT EXT | Not currently supported. | None |
Manage the system > Workflow > Profile and request attributes > Attribute logic | ||
ATTR VALIDATION PLUGIN | Validates and provides values for attributes according to business logic. | None |
PAM ATTR VALIDATION PLUGIN | Validates and provides values for attributes according to business logic for Bravura Privilege requests. | None |
Plugin used to generate a list of restricted values | Supplies values for profile and request attributes. See Restricted values . | None |
Manage the system > Workflow > Email configuration | ||
GLOBAL MAIL PLUGIN | Sends email, either to users or to a file. | global-mail-plugin.py, plugin-email-domino.exe |
Manage the system > Workflow > Options > Delegation | ||
DELEGATION OPTIONS PLUGIN | Restricts delegation options such as to whom a primary can delegate. | delegation-default.psl |
Manage the system > Workflow > Options > Escalation | ||
ESCALATION PLUGIN | Determines to whom a request should be escalated when an authorizer does not act in time. See Escalation . | escorgchart.pss |
FIRST CHANCE ESCALATION PLUGIN | Determines whether a request should be escalated at the time an authorizer is first assigned to a request. See Escalating requests immediately when authorizers are assigned . | None |
Manage the system > Workflow > Options > Automation | ||
AUTO ASSIGNMENT REQUEST SPLIT | The name of the plugin script to split an automatic assignment request into separate requests. | None |
AUTO ASSIGNMENT VARIANCE FILTER | The name of the plugin script to filter automatic assignment variance detections before automatic submission. | None |
Manage the system > Workflow > Options > Plugins | ||
IDACCESS OWNERS PLUGIN | Dynamically assigns group owners in addition to, or instead of, those assigned by the network resource plugin. | None |
AUTHORIZATION DETAIL MASK PLUGIN | Determine whether authorization details about the request should be displayed to the user viewing the request. | None |
IDSYNCH AUTH CRITERIA MOD PLUGIN | Dynamically assigns authorizers to approve requests. Adds or removes authorizers after the request has been worked on. | None |
IDSYNCH ID PLUGIN | Automatically generates a profile ID. See Assigning Profile IDs . | plugin-id.psl |
IDSYNCH IMPLEMENTER PLUGIN | Produces a list of implementers who can be assigned to fulfill requests. See Determining implementers . | None |
IDSYNCH IMPLTASK PLUGIN | Decides if an operation is performed by an implementer or connector. | None |
IDSYNCH USERS EMAIL PLUGIN | Determines users’ email addresses. | None |
IDSYNCH WORKFLOW MOD VIEW PLUGIN | Modify what operations are displayed to viewers of a request. | |
IDWFM REQUEST REWRITE PLUGIN | Rewrites requests before they are sent to authorizers. | None |
PAM IDWFM REQUEST REWRITE PLUGIN | Rewrites requests before they are sent to authorizers for Bravura Privilege requests. | None |
VIEW GROUPS PLUGIN | Allow members of a user class to access group reports. The reports can be saved in CSV format and downloaded for viewing. See View groups plugin . | view_group_filter_and_clickable_link.py |
WF WIZARD PLUGIN | Allows requests to be validated and updated. Provides control over user interaction when submitting a request. | None |
PASSWORD GEN PLUGIN | Automatically generates initial passwords for new requests. | None |
Manage the system > Inventory > Options | ||
CHECK INVENTORY PLUGIN | Checks levels of inventory and notifies inventory managers when stocks are low. | checkstock.exe |
EXT INVENTORY PLUGIN | Manages inventory item information in an external source. | None |
Manage the system > Modules > Digital ID (DID) | ||
DID REG VALIDATION PLUGIN | Validate incoming requests for new Digital ID registration requests. See Digital ID registration . | nos-validate.pss |
Manage the system > Modules > External Data Store (DBE) | ||
DBE ACL PLUGIN | Grant write access to the Manage external data store to particular product administrators. See External Data Store . | |
Manage the system > Modules > Front-end (PSF) | ||
DOWNLOAD PLUGIN | Downloads files from the Front-end user page. | None |
PSF PLUGIN | Displays additional HTML on the Front-end user page. | control/plugin_psf.py |
Manage the system > Modules > Change passwords (PSS) | ||
S CHANGE EXT | Supply HTML to the Change passwords page of the Change passwords (PSS) module. | scpinplugin |
S STATUS EXT | Supply HTML to the password status page of the Change passwords (PSS) module. | cgilocalr |
Manage the system > Modules > Help users (IDA) | ||
A RESET EXT | Supply HTML to the Change passwords page of the Help users (IDA) module. | scpinplugin |
Manage the system > Modules > Manage certification process (CERT) | ||
CERT DELEGATION PLUGIN | Specify a plugin to select a reviewer and delegate to a certification segment. | certifier_and_delegates |
Manage the system > Modules > Privileged access | ||
PSW DISCLOSURE PLUGIN | Determine what access disclosure plugins, and with what settings, are available to users when attempting to access privileged passwords. | None |
Manage the system > Modules > Session monitor | ||
SMON OPTIONS PLUGIN | Activate session monitoring based on the requester, privileged account, or system, and override policy settings See Session monitor app . | plugin-smon-options.psl |
Manage the system > Modules > User notifications (PSN) | ||
PSN MODIFY ORDER AND REDIRECT PLUGIN | Modify the order of notifications and redirect users as they navigate and act on notifications. | None |
Manage the system > Modules > Manage reports (RPT) | ||
REPORT GRAPH PLUGIN | Generate report graphs. See Report graph plugin . | |
REPORT TO PDR REQUEST CANCELLATION PLUGIN | Allow cancellation of requests generated from reports. | report_to_pdr_request _cancellation_plugin |
REPORT CRITERIA PLUGIN | Control report search criteria. See Report criteria plugin . | |
Manage the system > Modules > Options | ||
CGI DISPLAY PLUGIN | Generates static HTML to include on a specific page or all pages. See Display custom HTML . | None |
DIGITAL SIGN PLUGIN | Specifies a digital signing program that is used to sign files created by the Bravura Security Fabric server. See Digitally sign files . | None |
DISPLAY GROUPID PLUGIN | Changes the way Bravura Security Fabric IDs are displayed in Bravura Security Fabric . See Display group IDs . | longid.pss, shortid.pss |
FILTER ACCOUNT PLUGIN | Filters out accounts that users are not allowed to manage. See Resource filtering . | None |
FILTER ACCTGROUP PLUGIN | Filters out groups that users are not allowed to manage. See Resource filtering . | None |
FILTER GROUP MEMBER PLUGIN | Filters managed groups that are available for group membership changes. See Resource filtering . | None |
FILTER PREQUEST PLUGIN | Filters out pre-defined requests that are available to users. | None |
FILTER REQUEST PLUGIN | Filters out requests that users are not allowed to view or manage. See Filter requests . | None |
FILTER RESOURCEGROUP PLUGIN | Filters out resource groups that Bravura Security Fabric users are not allowed to view or request access to. | None |
FILTER ROLE PLUGIN | Filters out roles that users are not allowed to manage. See Filter resources . | None |
FILTER TEMPLATE PLUGIN | Filters out templates that users are not allowed to manage. See Filter resources . | None |
FILTER USER PLUGIN | Filters out profiles that users are not allowed to manage. See Filter users . | None |
GENERATE GROUP PLUGIN | Generates a list of managed account groups. | None |
GENERATE ROLE PLUGIN | Generates a list of roles. See Generate role list . | None |
GENERATE USER PLUGIN | Provides a list of users that users are allowed to manage. See Filter users . | None |
KEEP USER PLUGIN | Keeps profiles that users are allowed to manage. See Filter users . | None |
SAVED SEARCH PLUGIN | Add or remove saved searches for users, based on the type of search engine. | hid_saved_search_sample |
SEARCH DOWNLOAD PLUGIN | Allows information from search results and Manage external data store (DBE) module tables to be available for download. See Download search results . | plugin-download-csv.exe |
SEARCH FILTER PLUGIN | Filters search results available available to users. | idmlib.plugins.searchfilter.criteria |
SESSION IDENT PLUGIN | Provides contents for the identifier field in session log entries. By default, it will be populated by the IP address of the person performing the operation. | None |
VIEW REQUEST PLUGIN | Plugin to determine if users can view workflow requests where they are not the requester, recipient or authorizer. See View requests (IDW) . | None |
Manage the system > Security> Options | ||
API ADMIN PLUGIN | Filters API function calls made by API users. This overrides the default API functions that API users are allowed to call. | |
USER OPERATION FILTER PLUGIN | Restricts operations available to authorizers, OrgChart managers, implementors, and requesters for security purposes. See Operation filtering . | userOperationFilter.psl |
Manage the system > Maintenance > Services > Transaction Monitor Service | ||
IDTM BATCH OPREP PLUGIN | Allows the Transaction Monitor to rewrite change requests. For example, an update operation may map to update and rename operations on a specific target system. | None |
Manage the system > Privileged access > Import rules | ||
Import rule requirement | Define requirement as the basis for an import rule to manage discovered objects. | None |
Manage the system > Privileged access > Options> Account access request | ||
RES PWD ACL PLUGIN | Plugin to determine user access controls when viewing passwords via the API. See Application accounts . | None |
Manage the system > Privileged access > Options > Password randomization | ||
RES PWDPOL GET | Control which password policy to apply to a managed account. | None |
PAMSA SUBSCRIBER NOTIFICATION | Give notifications of imminent service account password randomization to subscribers and receive orchestration information. See Subscriber notification . | subscriber-notification.py |