Skip to main content

Attach other accounts (PSL)

The Attach other accounts (PSL) module builds on auto discovery , which automatically connects standard IDs to users’ profiles. Regular users can use the Attach other accounts (PSL) module to attach their own non-standard login IDs to their profile.

The Attach other accounts (PSL) module is enabled by default. To block access to this feature, turn off the PSL ENABLED setting. Depending on the user access rules, help desk users can attach accounts to users’ profiles, via the Help users (IDA) module.

Users cannot attach accounts on target systems that do not allow password verification. By default, users cannot attach accounts that already belong to another user.

You can modify some defaults for individual targets on the Target system information for the target system.

See also

Manually attaching accounts

PSL modes

The Attach other accounts (PSL) module can be used in one of two modes:

Simplified mode (default)

  1. Users are presented with a list of their accounts. For each account, Bravura Security Fabric lists the target system, login ID, whether it is standard, and whether the account is still valid in the column.

  2. Depending on the configuration, users:

    • Enter a login ID, then the corresponding password on the next web page.

    • Enter one or more login IDs and password pairs on a single page. The maximum number of pairs allowed is configurable.

  3. Bravura Security Fabric searches for all available accounts with the supplied non-standard login ID. If Bravura Security Fabric finds more than one account, users are presented with a list so that they can choose which account they would like to attach to their profile.

    This step is skipped if Bravura Security Fabric is configured to automatically select all returned accounts.

  4. Bravura Security Fabric verifies the user-supplied password on the accounts then attaches the correct accounts to users’ profiles.

Advanced mode

  1. Users are presented with a list of systems where Bravura Security Fabric can manage login IDs and accounts.

  2. Users attach an account on a system by typing their ID and password beside that system’s description.

  3. Bravura Security Fabric verifies that the ID exists and the password is correct. If so, they are attached to the users’ profiles.

Note

In the Attach other accounts (PSL) module’s simplified mode, users cannot attach accounts that exist on a target system that is a source of profile IDs.

See also

Manual account attachment examples

PSL options

To configure options that apply to the Attach other accounts (PSL) module:

  1. Click Manage the system > Modules > Attach other accounts (PSL).

  2. Configure the options in Table 1, “Modules > Attach other accounts (PSL) options as required.

  3. If required, configure event options, listed in Table 2, “Attach other accounts (PSL) module events that launch interface programs.

  4. Click Update.

Options marked with a Star in this table only apply to simplified mode.

Options marked with a Dagger in this table only apply to advanced mode.

Table 1. Modules > Attach other accounts (PSL) options

Option

Description

PSL ALLOW DELETE

Allow users to remove manually-attached accounts from their profiles. You can override this behavior for individual target systems.

Dagger PSL DUPLICATE SHOW

When a user attempts to attach an account that is already owned by another user and the operation is not allowed, show the owner of the account in the resulting error message.

PSL MIN ACCOUNTS

Require users to attach <N> accounts in their profiles. If a value is not specified, the default is 1.

When you change this setting, Bravura Security Fabric automatically schedules the psdonechk program to run once to check compliance. To modify the scheduled job, click Manage the System > Maintenance > Scheduled jobs, then select PSDONECHK.

If users have not attached enough accounts, Bravura Security Fabric can enforce this requirement by directing users to the Attach other accounts after they log in, and displaying an error message. See Enforced enrollment.

Star PSL POWER USER

Allow advanced users to be able to switch to advanced mode from simplified mode.

Star PSL SHOW HOST TYPE

Show users the type of target system alongside its name

Star PSL SIMPLIFIED

Enable simplified mode (default). If this option is not enabled, then users must operate in advanced mode.

Star PSL SIMPLIFIED MOVE PASSWORD

Allow users to enter <N> login ID and password pairs on the attach other accounts page.

If this setting does not have a value, users type a single login ID on the attach other accounts page, then they type a single password on the select accounts page.

Star PSL SIMPLIFIED SELECT ALL

Automatically attach all accounts that match the supplied login ID and password pairs to users’ profiles. When this setting is enabled, the account selection page is not displayed.

PSL SIMPLIFIED MOVE PASSWORD must also be enabled.

Star PSL SIMPLIFIED SELECT NONE

Do not pre-select any account checkboxes on the account selection page.

PSL USER VERIFY

Verify passwords for existing IDs with a user verify operation rather than administrator verify operation.

PSL VERIFY COUNTS

To prevent users from attempting to attach accounts that do not belong to them, the logged-in user is locked out of Bravura Security Fabric after a pre-defined number of password authentication failures . An authentication failure is counted if an ID/password pair fails to match any account.

If you disable this option, no failure will be counted when an ID/password pair fails for all attached accounts, and users will not be locked out of Bravura Security Fabric .



In this section: