What's new
Release highlights 12.9.0 and Connector Pack 4.8.0
Bravura Security Fabric 12.9.0
This release introduces Mass Password Reset, a powerful new capability designed to help organizations respond quickly to security incidents and enforce password hygiene at scale. Alongside this major addition, the release delivers a modernized user experience, stronger authentication, richer dashboards, and significant API enhancements.
Mass Password Reset for rapid credential security
Mass Password Reset (MPR) is new functionality in Bravura Pass that allows administrators to rotate passwords across many accounts in a single, automated operation.
MPR is designed for situations where speed and consistency matter, such as responding to a suspected breach, meeting compliance requirements, or enforcing regular password rotation policies. Instead of manually resetting credentials account by account, administrators can trigger a bulk reset across selected systems and users.
When a mass reset is initiated:
Passwords are automatically regenerated according to defined password and rotation policies.
Updated credentials are securely stored in Bravura Safe, Bravura Security’s encrypted credential vault.
All changes are fully tracked through vault audit logging, supporting compliance and forensic review.
The process integrates with existing onboarding and offboarding workflows, including batch operations.
This capability strengthens Bravura’s centralized credential management strategy by ensuring that large-scale password changes are fast, controlled, auditable, and securely handled from end to end.
A modernized login and user experience
The user interface continues its transition to a modern React-based experience. The login page has been redesigned with updated Bravura Security branding, clearer validation messages, and improved accessibility.
Users now benefit from:
A new Remember Me option that safely remembers usernames across sessions and tabs.
Clear, actionable error messages when sign-in fails, including guidance for locked or disabled accounts.
Improved input validation, including disabled sign-in when required fields are empty.
Password strength indicators and password policy guidance during password changes.
Session timeout monitoring with friendly warnings before sessions expire.
Full WCAG 2.2 Level A/AA accessibility support and improved visual clarity using the Inter font.
Users can switch between legacy pages and the new React experience using a version toggle, enabling a smooth transition as new functionality becomes available.
Faster access to common tasks and insights
The dashboard experience has been significantly enhanced:
New action cards provide quick access to common tasks.
Account summaries and status indicators offer at-a-glance visibility.
Interactive metrics and profile summary cards give better insight into user activity.
Dashboards are fully responsive, automatically adapting to mobile, tablet, and desktop screens.
Widgets can be rearranged using drag-and-drop, with an edit mode that makes customization simple.
Improved loading behavior displays content immediately using smart loading states rather than blocking spinners.
Stronger security and authentication
Security has been enhanced across the platform:
Replaced IdentityServer4 with OpenIddict
A JWT-based authentication framework delivers more secure session handling and tighter UI–API integration.
CSRF protection is automatically applied to sensitive requests.
Active sessions are extended automatically to avoid unnecessary interruptions.
API expansion and administrative improvements
The REST API has been extended to support new features and automation scenarios:
New endpoints for password policies, target groups, session logs, and identity information.
Expanded target system and account configuration options.
Batch support for password onboarding, resets, and offboarding.
Improved internationalization so API responses match the user’s selected language.
Modernized identity services, replacing legacy components with a supported authentication framework.
Reporting, logging, and operational enhancements
Dashboard usage metrics support data-driven improvements.
Logging behavior has been refined to reduce noise while preserving diagnostic depth.
Upgrade checks have been improved to ensure smoother post-upgrade validation.
Connector Pack 4.8.0
Connector Pack 4.8.0 expands platform coverage, improves application and authentication handling, and resolves several reliability issues across key enterprise systems. This release places particular emphasis on support for Bravura Safe 2025+ environments, improved password and authentication workflows, and more resilient connector behavior.
New connectors for Bravura Safe 2025 and later
This release introduces new connectors to support the latest Bravura Safe platform versions:
Bravura Safe (2025+) connector enables vault integration with Bravura Safe 2025 and later.
Bravura Safe User Management (2025+) connector provides user lifecycle support for newer Bravura Safe deployments.
A new Vaulting Platforms category has been added to improve connector organization and discoverability during installation.
Enhanced application connector capabilities
Several application connectors have been enhanced to support stronger security and more complete credential hygiene:
The Google Apps connector now supports clearing:
App-specific passwords
Backup verification codes
Third-party tokens
It can also disable two-step verification as part of reset, disable, delete, and update operations. This allows full credential cleanup when responding to account changes or security events.
Improved authentication and challenge workflows
Authentication-related connectors have been refined to improve reliability and clarity for end users:
The DUO Authentication connector now handles challenge response scenarios correctly when users do not have any DUO methods configured.
The Okta connector has been improved to simplify challenge response behavior:
Only a single Okta Verify challenge option is displayed for OTP authentication.
OTP codes from different registered Okta Verify factors now work interchangeably.
Users no longer see confusing or duplicate challenge options when methods are not configured.
These improvements reduce authentication failures and improve the user experience during multi-factor authentication workflows.
Greater reliability across enterprise platforms
Connector Pack 4.8.0 resolves a number of issues across widely used enterprise systems:
Active Directory
Discovery has been optimized to exclude overly large computer attributes that could exceed queue limits, improving discovery reliability.
SAP
SAP NetWeaver user listing now works correctly when multiple selection ranges are used.
SAP HANA connector issues related to encrypted target address configurations have been resolved.
Databases
Oracle platform logging has been sanitized to prevent failures when passwords contain comments.
Human resources applications
The Dayforce connector now includes enhanced error handling and retry logic, improving stability during connection and listing operations.
Improved scripted and Unix connector support
Python-based Unix and SSH connectors now support dots (periods) in user and account IDs, improving compatibility with modern naming conventions.
Installation, upgrade, and usability improvements
The end-user license agreement has been updated to remove outdated training references.
An issue that prevented customer-verified connectors from upgrading correctly has been fixed.
The underlying UI project structure has been updated to support future modernization efforts.
Release notes
See Release notes for more detailed notes.