Skip to main content

Account attributes

The term account attributes refers to the attributes of user accounts on target systems. For example, most systems store the “first name” and “last name” of the end users that own the accounts. Other examples of attributes include access controls, home drives, last logon times, account and password expiry times.

To list attributes for accounts on a particular target system during auto discovery , the List attributes setting must be enabled for the target system. By default, this setting is enabled, only lists account attributes that are mapped to profile and request attributes, and loads all attributes as single-valued. You can override the behavior for individual account attributes .

Attribute lists can be very large. Bravura Security Fabric supports incremental, or differential, listing on some target system types, such as LDAP and Active Directory. For these targets, once the initial discovery has been run, Bravura Security Fabric generates an incremental list on subsequent runs of auto discovery. You can generate a full list during the next auto discovery by clicking Generate full list on the Target system information page. You must confirm your request before the change takes effect.

Bravura Security Fabric keeps a “catalog” of supported attributes for each target type. Some target systems support dozens of attributes, while other systems do not provide a default method for Bravura Security Fabric to list attributes. Among other things, this cataloger controls which of the listed attributes should be loaded into the Bravura Security Fabric database during auto discovery .

Example: Loading SSH public keys in profiles

Depending on the target system type, you can configure Bravura Security Fabric to automatically load users’ SSH public keys in their profiles.

See the Connector Pack documentation to determine which connectors have the option to enable SSH key discovery.

Only valid SSH public keys files on servers are loaded when running auto discovery. A SSH public key file must be less than the maximum file size to parse (default is 100,000 KB) and it must be in OpenSSH format in order to be valid.

By default, the public_keys attribute is mapped to the built-in ssh_public_keys profile and request attribute.

To enable users to view and update their SSH public keys in their profile:

  1. Click Manage the system > Workflow > Attribute groups.

  2. Select the SSH_PUBLIC_ATTRS attribute group.

  3. Click Display criteria tab.

  4. Select ’Main’ or ’Subsidiary’ for Display type.

  5. Click Update.

Note

For security reasons, Bravura Security Fabric does not support modifying SSH public keys on the target system if updated from the user’s profile.

In this section: