Skip to main content

Preparation

Before you can target Bravura Safe User Management (2025+), you must:

Set up Bravura Safe

See Bravura Safe Documentation to learn how to set up a Bravura Safe instance, team, and users.

Recommended Bravura Safe permission sets

The following are the recommended sets of permissions for the Bravura Safe User Management (2025+) administrator.

Bravura Safe User Management target administrator:

  • User type: Custom

  • Admin Permissions:

    • Manage users

  • Access Control:

    • The option for "This user can access only the selected collections" may be selected and set with no collections specified.

This will allow to list for all types of users (users, administrator, owners, etc).

Note

Bravura Safe users who have been invited to Bravura Safe but are not yet confirmed will not be listed using the Bravura Safe User Management (2025+) connector.

Set up target system administrators

The Bravura Safe User Management (2025+) target system requires two administrative credentials that are previously configured on the Bravura Safe instance.

To configure the first target administrator:

  1. Log in to Bravura Safe via the web interface and open your Team.

  2. Click Teams, then Manage.

  3. Invite a new user:

    1. Click Invite User.

    2. Enter the email address for a user that will be used as the administrator.

    3. Set the User type to Custom.

    4. Set the specific permissions as noted above for the recommended permissions.

    5. Click Save.

    6. Complete the process to onboard the user.

Alternatively, edit the permissions for a current user by clicking on their email address and modifying for the above set of recommended permissions.

The email address and master password set for this user will be used for the system credentials for the Bravura Safe target system.

To configure the second target administrator:

  1. Log in to Bravura Safe via the web interface.

  2. Click the drop-down for Teams.

  3. Choose the team name that is used for the Bravura Safe User Management (2025+) target system.

  4. Click the Settings.tab for the team.

  5. Click View API key.

  6. Enter the current user’s master password to confirm identity.

    This will then display values for client_id and client_secret.

    These values will be used for the administrator credentials for the Bravura Safe User Management (2025+) target system.

Install the Bravura Safe CLI

The Bravura Safe CLI is required for use with the Bravura Safe (2025+) and Bravura Safe User Management (2025+) connectors.

Troubleshooting

File Blocked by Windows Security

When downloading bsafe.exe from GitHub, Windows may mark the file as blocked because it came from another computer. This security feature can prevent the CLI from executing properly.

Symptoms:

  • The connector fails to execute bsafe.exe

  • Access denied or execution errors when running the CLI

  • Windows security warnings about the file

Solution:

  1. Right-click on bsafe.exe and select Properties.

  2. On the General tab, look for a Security section at the bottom that states:

    "This file came from another computer and might be blocked to help protect this computer."

  3. Check the Unblock checkbox next to this message.

  4. Click Apply, then OK.

  5. Verify the file is now unblocked by checking the properties again - the security warning should be gone.

CLI Not Found in PATH

Symptoms:

  • Error [WinError 2] The system cannot find the file specified appears in the logs

  • Objects fail to be listed from the Bravura Safe connector

Solution:

  1. Verify the system PATH environment variable includes the directory containing bsafe.exe (e.g., c:\bsafe).

  2. If the PATH is missing or incorrect, add the directory containing bsafe.exe to the system PATH environment variable (not the user PATH). The method to access environment variables varies by Windows version.

  3. Ensure the path can be accessed by the psadmin account by verifying the file exists and has appropriate permissions.

  4. Restart the Bravura Security Fabric services after updating the PATH. The updated PATH will not be reflected until the services are restarted.

  5. After restarting services, test that the connector can successfully list objects from Bravura Safe.

Alternative Solution (if service restart is not possible):

If restarting services is not an option, you can modify the connector files to use the full path to the Bravura Safe CLI. Note that this change will be overwritten when the connector pack is upgraded and will need to be reapplied.

  1. Locate the following connector files:

    • agtbsafe25-user.py

    • agtbsafe25.py

  2. In each file, find the line:

    CLI_EXE: str = "bsafe"

  3. Change it to use the full path:

    CLI_EXE: str = "c:\\bsafe\\bsafe.exe"

  4. Save the files and test that the connector can successfully list objects from Bravura Safe.

Session Authentication Issues

Symptoms:

  • Repeated authentication prompts

  • Connection failures after initial success

  • Session timeout errors

Solution:

  1. Clear the existing session data as described in the "Clearing Session Data" section above.

  2. Verify the Bravura Safe server address is correct in the connector configuration.

  3. Check that the Bravura Safe server is accessible from the Bravura Security Fabric server.

In this section: