What's new
Release highlights 12.10.0 and Connector Pack 4.9.0
Bravura Security Fabric 12.10.0
This release delivers enhanced password reset capabilities, a fully modernized user interface, customer branding in the UI, expanded REST API coverage, and important security and platform updates. Together, these enhancements strengthen operational efficiency, improve the end-user experience, and extend automation possibilities across the Bravura Security Fabric platform.
Single-user password reset
A new single-user password reset capability allows all managed accounts belonging to one user to be reset in a single operation, whether initiated through self-service or the help desk:
Users can reset all of their own managed account passwords at once through the self-service portal.
Help desk operators can trigger a complete credential refresh for any user without resetting accounts individually.
This reduces response time during security events and simplifies routine credential maintenance.
Mass password reset enhancements
Mass Password Reset, introduced in 12.9.0, has been enhanced with better visibility and communication features:
Pre-notification reminders alert users before a scheduled mass reset occurs.
Post-reset email notifications confirm completion and provide next steps.
A new dashboard status card gives administrators real-time visibility into reset progress.
Optional user class scoping allows resets to be targeted to specific groups of users.
React UI is now the primary interface
The modern React-based user interface is now the default experience, replacing the legacy Angular interface. This milestone delivers a faster, more accessible, and fully brandable front end:
Customer branding and theming system allows organizations to apply their own logos, colors, and visual identity.
A centralized notifications center, Favorites, and Frequently Used Actions improve daily productivity.
REST API expansion
The REST API continues to grow, enabling deeper integration and automation:
New UserSetting resource allows applications to store and retrieve persistent user preferences.
Customer branding API provides programmatic control over logos, colors, and theme settings.
Default authorization policies simplify API access configuration for common scenarios.
A published OpenAPI specification enables automated client generation and integration testing.
Security and platform updates
The platform foundation has been updated to address known vulnerabilities and expand compatibility:
ASP.NET Core 8.0.23 is now the baseline, incorporating recent CVE patches.
jQuery 3.7 is now supported for all active releases.
SQL Server 2025 is now supported as a backend database.
Python 3.14 compatibility ensures continued support for scripted extensions and integrations.
Privileged access improvements
Privileged access management workflows have been refined for better usability and traceability:
Consolidated auto-denied checkout emails reduce notification noise by combining multiple denials into a single message.
Windows Authentication support for MSSQL targets simplifies privileged session configuration.
Session correlation logging improves audit trail continuity across privileged access events.
Operational improvements
Several enhancements improve day-to-day administration and upgrade workflows:
KMKeyGetByAccount fallback logic supports external scanners that query credential vaults.
CC recipients can now be added to notification emails for broader team awareness.
Multi-node upgrade pause support allows administrators to control upgrade rollout timing across nodes.
Non-destructive UI installs preserve existing customizations during interface updates.
Browser extension update
Firefox browser extensions have been removed from the product. Chrome, Edge, and Safari extensions continue to be supported and maintained.
Connector Pack 4.9.0
Connector Pack 4.9.0 extends platform support, introduces a new Oracle NetSuite connector, and delivers authentication and reliability improvements across several enterprise connectors. This release also resolves issues affecting Azure AD, Okta, Google Workspace, and other widely deployed targets.
SQL Server 2025 support
The agtsql and agtsqlscript connectors now support Microsoft SQL Server 2025 as a managed target, ensuring organizations can manage credentials on the latest database platform.
Security and platform updates
Python 3.14 compatibility ensures continued support for scripted extensions and integrations.
Added alternate Python connectors for
agtpython-3-14.exepxpython-3-14.exe.Removed the alternate Python connectors for
agtpython-3-10.exe,agtpython-3-7.exe,pxpython-3-10.exe, andpxpython-3-7.exesince the Python versions are no longer in support.
SAP Server
The SAP Server (Netweaver 7.5+) (
agtsapnw) connector has been moved from Bravura Security-Verified to Customer-Verified status.The SAP Server (
agtsap) and SAP Human Capital Management (HCM) (agtsaphr) connectors are now fully deprecated and removed.
Oracle NetSuite connector
A new Oracle NetSuite connector (agtnetsuite) is now available:
Supports group membership add and remove operations for NetSuite roles and permissions.
Classified as Customer-Verified, reflecting real-world validation in production environments.
Enhanced Dayforce connector with fault tolerance and bulk API support.
Bravura Safe CLI migration
The Bravura Safe (2025+) connector has been updated to use the current bsafe.exe command-line interface, replacing the legacy bw.exe tool. This aligns the connector with the supported CLI for Bravura Safe 2025 and later.
Exchange connector enhancements
The Exchange connector has been improved for modern authentication and operational clarity:
OAuth 2.0 authentication is now supported for Exchange Online list operations.
Create operations now return longid output for improved traceability.
Directory and identity connector updates
Active Directory, Azure AD, and Salesforce connectors have been enhanced:
Active Directory restores the AD_VERIFY_EXPIRED_PW and AD_VERIFY_EXPIRED_ACCT registry options for expired credential handling.
Azure AD adds retry logic for eventual consistency when provisioning new users, plus the onPremisesSyncEnabled attribute for hybrid environment visibility.
Salesforce now supports SOAP API version 65.0.
PowerShell connector improvements
Log noise from the PowerShell connector has been reduced by moving variable conversion messages to Debug level, keeping operational logs cleaner during normal use.
Resolved issues
This release resolves several issues across enterprise connectors:
Azure AD filter URL construction corrected for reliable group and user queries.
Okta timestamp log spam eliminated during listing operations.
Google Workspace includeInGlobalAddressList attribute now handled correctly.
NetSuite entityId properly populated on account create operations.
PeopleSoft session crash resolved for improved stability.
Siteminder list override issue corrected.