Managing groups automatically
Rather than configuring each group individually, you can:
Allow Bravura Security Fabric to automatically manage groups that are attached to network resources.
Configure Bravura Security Fabric to automatically manage groups during auto discovery .
Use the
managegrpprogram to configure managed groups in batches. The program reads entries from a file and configures all the specified groups as moderated managed groups.
Automatically managing groups attached to network resources
Bravura Identity allows users to browse and request access to network resources even before the groups attached to the resource have been enabled for management. When a user chooses an action for resource; for example, a requester selects a group to join, or an owner clicks the owners icon – managed group checks the status of the group. If the group is not already managed, managed group automatically configures and enables it for group management.
In addition to adding the group owners as authorizers for the group, managed group changes the default values for the managed group as follows:
Option/variable | Value |
|---|---|
Automatically add group owners as authorizers | Checked |
Minimum number of authorizers | 1 |
Automatically managing groups via auto discovery
If supported by the target system, Bravura Security Fabric connectors can list groups during auto discovery. Group owner information is included if it is available. You can configure Bravura Security Fabric so that it automatically manages groups and assigns the owner as the group authorizer.
To do this, configure the Automatically manage groups to be moderated by owners option on the applicable Target system information page. This option applies to Active Directory, Oracle Database, or Domino Server Script target system types. Select one of the following:
(Disabled): When this value is selected, groups on this target system will not be automatically managed. This is the default setting for this option.
Only groups with owners, moderated by owners: Only manage groups that have an owner. Assign the owner as the group authorizer.
All groups, approval required: Manage all groups on the target system. If a group has an owner, then the owner is assigned as the group authorizer. If a group has no owner, then no authorizer is assigned. Groups without authorizers require manual configuration.
Click below to view a demonstration of managing all groups on an Active Directory target by setting options on the Target System Information page, running auto discovery once to manage the groups, running auto discovery a second time to calculate membership and then viewing the managed groups.
In addition to adding the group owners as authorizers for the managed group, Bravura Security Fabric uses the following default values for managed groups:
Option/variable | Value |
|---|---|
Automatically add group owners as authorizers | Checked |
Minimum number of authorizers | 1 |
Number of denials before a change request is terminated | 1 |
Bravura Security Fabric does not change the configuration for groups that are already managed.