Change passwords (PSS)

The Change passwords (PSS) module allows end-users to change their passwords on one or more target systems using a web-based interface. If they have forgotten their password, they can access Bravura Security Fabric using another form of authentication.

The Change passwords (PSS) module is enabled by default. Switch PSS ENABLED off to disable it.

To configure self-service changes, follow these steps:

Click Manage the system > Modules > Change passwords (PSS) .
Configure the options listed in Table 1, “Self-service password change options” as required.
If required, configure event options, listed in Table 2, “Change passwords (PSS) module events that launch interface programs”.
Click Update to submit the changes.

Table 1. Self-service password change options

Option	Description
ALL HOST	Automatically selects all accounts/target systems for a user without showing a list of accounts on Change passwords pages. See Automatically selecting / deselecting accounts for more information.
HOST SELECT NONE	Shows accounts-per-target lists with no accounts/target systems selected on Change passwords pages. See Automatically selecting / deselecting accounts for more information.
S CHANGE EXT	The name of an external plugin program or script that supplies HTML to the Change passwords page. See Self Service Anywhere: Smart Card PIN Reset to use a shipped plugin to extend the reset capability, or Adding new functionality and HTML to write a custom plug-in.
S RESET TO PUSHPASS	Use the Password Manager service (`idpm` ) to retry failed self-service password changes.
S STATUS EXT	The name of an external plugin program or script that supplies HTML to the Password reset results page. See Local Reset Extension: Resetting cached credentials to use a shipped plugin to extend the reset capability, or Adding new functionality and HTML to write a custom plug-in.

Table 2. Change passwords (PSS) module events that launch interface programs

Option	Description
PSS CGI PLUGIN RUN	The S CHANGE EXT or S STATUS EXT external HTML plugin is run.
PSS RESET FAILURE	Bravura Security Fabric fails to change at least one password for a user in the Change passwords .
PSS RESET START	An authorized user requests one or more password changes on their own account.
PSS RESET SUCCESS	Bravura Security Fabric successfully changes a set of passwords for a user in the Change passwords .

See also

Event Actions describes how to configure event actions to trigger external programs.
Changing your passwords in the end user documentation describes how to change your own passwords.
Changing passwords for users in the end user documentation describes how to change other users' passwords.

Queuing password changes

Bravura Pass can extend web-based password management by using the Password Manager service (idpm ) to queue password changes if the number of requests reaches a specific limit or to retry the change later if it failed.

Queuing failed password changes

You can use the S RESET TO PUSHPASS and A RESET TO PUSHPASS options to enable the automatic retrying (queuing) of failed web-based password changes.

S RESET TO PUSHPASS controls the behavior of the Change passwords (PSS) module and is set on the Change passwords (PSS) options page. A RESET TO PUSHPASS controls the behavior of the Manage the system (PSA) module and is set on the Help users (IDA) options page.

If your password policy enforces password history, failed password changes cannot be queued for automatic retry on target systems that are designated as synchronization triggers.

These settings have three possible values:

none

Bravura Pass behaves normally. Failed password changes must then be manually retried by logging into Bravura Pass and attempting the change at a later time, or through the use of a plugin.

Manual

Users can select the accounts to be queued. If a password change failure occurs, users are notified on the password reset results page. The user may select accounts to queue by selecting the appropriate checkboxes under the Queue for automatic retry? column, and clicking the Queue failed changes button.

Bravura Pass lists the target system and account IDs queued for automatic retry.

Automatic

All failed password changes are queued for automatic retry.

A message displays notifying the user that ”the failed password changes are queued and will automatically be retried”.

Automatically selecting / deselecting accounts

Bravura Pass displays a list of accounts per target when users change their password on Change passwords (PSS) module. Normally, users can select accounts on any number of accounts, and every target is selected.

Note

In Bravura Security Fabric 12.9, this functionality is not supported with the REACT user interface. It is available if the user switches to the legacy user interface using the switch icon.

To change this behavior, enable the HOST SELECT NONE variable.

It is sometimes desirable to remove this flexibility; for example, if users need not recognize individual systems in the Change passwords (PSS) module when they need to change their passwords. Instead, users have the illusion of a single change operation that lets them regain access to multiple systems.

To remove the accounts-per-target list and automatically select every target, enable the ALL HOST variable.

The ALL HOST variable has no effect when target systems belong to a target system group that uses the Only one account can be selected for password change rule.

Auto-populating suggested passwords

You can enable a JavaScript option to automatically populate password fields when a suggested password is selected. To do this, enable the UseSuggestedPassword option in the config.js script. See Modifying JavaScript behavior for more information.

In this section: