Skip to main content

Manual account attachment examples

When users have account names on systems that do not align with their chosen profile ID, you may need to develop a process to manually associate accounts from those multiple targets with the single user.

For the following examples it is assumed:

  • Bravura Security Fabric is installed and includes a Bravura Pass license.

  • An Active Directory target system is added as a source of profiles.

  • A Linux target system is also added that is not a source of user profiles and does not automatically attach accounts.

Batch loading

Attaching other accounts can be achieved by use of a text file that maps the accounts to each other. During discovery, if <instance>\psconfig\malias.txt exists, accounts will be attached according to the contents of that file.

For this example, we will be assigning the adm account from the Linux target to the user abbiel from the AD target.

Account entries in the malias.txt file must be made in the following format:

"<Target system ID>" "<Login ID>" "<Profile ID>"

So for this example, enter the following into the text file:

"AD" "abbiel" "abbiel"
"LINUX" "adm" "abbiel"

Click below to view a demonstration of this example:

Attach using text file

  1. Log in to the instance server as an administrator.

  2. Navigate to the \<instance>\psconfig\ directory.

  3. Open a text editor and enter the account entries described above.

  4. Save the file as <instance>\psconfig\malias.txt.

  5. Log in to the Bravura Security Fabric server as a superuser.

  6. Navigate to Manage the system > Maintenance > Auto discovery > Execute auto discovery.

  7. Click the Continue button and wait until discovery is completed.

  8. Log into Bravura Security Fabric as ABBIEL.

  9. Click Attach other accounts.

  10. Confirm that adm has been added to attached accounts and the proper Linux target is specified.

  11. Return to the main user page by clicking the Home icon.

  12. Click Change Passwords.

  13. Specify a new password and confirm. Click Change passwords to proceed.

  14. Verify that both passwords on the AD and Linux target are changed.

  15. Log in to Linux as adm to confirm that the password has been changed.

Now we will use the help desk user to detach the adm account to set up the next example. We must also remove the association from the malias.txt file, so that it is not re-added the next time auto discovery runs.

Detach account

  1. Log into Bravura Security Fabric as the help desk user.

  2. Click Help users.

  3. Find and select ABBIEL.

  4. Click Skip authentication when prompted for a security question and click Continue.

  5. Click the Attach other accounts tab.

  6. Click the checkbox next to adm to detach the account.

  7. Click Update.

  8. Open the malias.txt file and remove the entry for ABBIEL. Save the file.

  9. Confirm that adm is no longer attached to ABBIEL.

Attach accounts - simplified

This example demonstrates the attachment of an account from the Linux system to an existing Active Directory account using the PSL simplified mode. Unlike the advanced mode example, the simplified mode does not require information about the target for the attached account to proceed.

Click below to view a demonstration:

Configuration

  1. Log in to the Bravura Security Fabric Front-end (PSF) as superuser.

  2. Navigate to Manage the system > Modules > Attach other accounts (PSL).

  3. Ensure that PSL ENABLED and PSL SIMPLIFIED are set to Enabled.

  4. Click Update if any changes are made to the settings.

For this example, a user with an AD account named ABBIEL will add an account named "adm" on the Linux system to their attached accounts. The account will then be detached by the help desk user to reset for the advanced example.

Attach in simple mode

  1. Log into Bravura Security Fabric as ABBIEL.

  2. Click Attach other accounts.

  3. Enter adm and the current password in the Account and Password fields.

  4. Click Attach.

  5. Confirm that adm has been added to attached accounts and the proper Linux target is specified.

  6. Return to the main user page by clicking the Home icon.

  7. Click Change Passwords.

  8. Enter a new password and confirm. Click Change passwords to proceed.

  9. Verify that both passwords on the AD and Linux target are changed.

  10. Log into Linux as adm to confirm that the password has been changed.

Detach account

  1. Log into Bravura Security Fabric as the help-desk user.

  2. Click Help users.

  3. Find and select ABBIEL.

  4. Click Skip authentication when prompted for a security question.

  5. Click the Attach other accounts tab.

  6. Click the checkbox next to adm to detach the account.

  7. Click Update.

  8. Confirm that adm is no longer attached to ABBIEL.

Attach account - advanced

This scenario demonstrates the attachment of an account from the Linux system to an existing Active Directory account using the PSL advanced mode. The account will then be detached by the help desk user to reset.

Click below to view a demonstration:

Configuration

  1. Log in to the Bravura Security Fabric Front-end (PSF) as superuser.

  2. Navigate to Manage the system > Modules > Attach other accounts (PSL).

  3. Ensure that PSL ENABLED is enabled.

  4. Set PSL SIMPLIFIED to disabled.

  5. Click Update.

Method of Use

This example demonstrates using the advanced mode to attach the same adm account to ABBIEL.

Attach in advanced mode

  1. Log into Bravura Security Fabric as ABBIEL.

  2. Click Attach other accounts.

    Notice that the Linux target is now specified.

  3. Enter adm and the password into the Account and Password fields for the Linux target row.

  4. Click Update.

  5. Confirm that adm has been added to attached accounts and the proper Linux target is specified.

  6. Return to the main user page by clicking the Home icon.

  7. Click Change Passwords.

  8. Enter a new password and confirm. Click Change passwords to proceed.

  9. Verify that both passwords on the AD and Linux target are changed.

  10. Log into Linux as adm to confirm that the password has been changed.

Detach account

  1. Log into Bravura Security Fabric as the help desk user.

  2. Click Help users.

  3. Find and select ABBIEL.

  4. Click Skip authentication when prompted for a security question.

  5. Click the Attach other accounts tab.

  6. Click the checkbox next to adm to detach the account.

  7. Click Update.

  8. Confirm that adm is no longer attached to ABBIEL.

Attach account as a help desk user

In this scenario, the help desk user attaches the adm account to abbiel. The account will remain attached for the following example.

Click below to view a demonstration.

Attach account

  1. Log into Bravura Security Fabric as the help desk user.

  2. Click Help users.

  3. Find and select ABBIEL.

  4. Click Skip authentication when prompted for a security question.

  5. Click the Attach other accounts tab.

  6. Enter adm in the Account field for the Linux target row.

  7. Click Update.

  8. Confirm that adm is now attached to ABBIEL.

Account attachment when account is already assigned

In this scenario, there is an attempt to attach the adm account to user ADAMC while it has already been attached to ABBIEL.

Click below to view a demonstration.

Attempt to attach an assigned account

  1. Log into Bravura Security Fabric as ADAMC .

  2. Click Attach other accounts.

  3. Enter adm and the password in the Account and Password fields for the Linux target row.

  4. Click Update.

  5. Verify that the attempt to attach the account fails with the following message:

    Account [adm] on [Linux lab server] is already attached to someone else.

In this section: