Handling account attributes
Note
Applies to Bravura Identity 
The Java Admin API is required for this feature.
Bravura Identity explicitly handles the following attributes and pseudo-attributes when creating or modifying RSA Authentication Manager 7.1/8.2 accounts:
_deleteUserAccount Set to false by default, so that a user’s account on the RSA Authentication Manager server remains when all tokens have been removed from the user. If true, the user’s account is deleted when the user has no tokens.
According to the RSA Authentication Manager 7.1/8.2 API documentation, a user with no tokens will be deleted only if:
The user is not an administrator
The user is not enabled on any Agent Host
The user does not belong to any group
The user record has no extension fields
user_account_status / user_token_status These two attributes are both set to false by default. Override and configure these attributes to be set to a specified value on create. Add a boolean-type profile attribute and map it to these target system attributes. When creating a new user, set these two attributes to true.
_userPassword This attribute is used to set the user password for the actual RSA user; for example, when logging in to the RSA Self-Service Console using the password authentication method.
The password field that is normally set for a user’s account when creating a new user on the Bravura Security Fabric server, or when resetting his password, is different and is used to either set or reset the token PIN that is assigned to the RSA user.
The user password and the token PIN are specified separately because they will generally and very likely have different password policies. The passwords will each need to be set according to the policies defined on the RSA Authentication Manager 7.1/8.2 server.
The _userPassword target attribute should be overridden and configured to be set to the specified value on create. The profile attribute should also be set to the password type and mapped to the target attribute.