Administrative menus

Based on your administrative privileges, you are granted either full or restricted access to administrative options. If you do not have permissions to access a menu item, it will not be displayed.

As a product administrator, you may have access to the following options from the Front-end :

Options marked with:

apply only when Bravura Identity is licensed.
apply only when Bravura Pass is licensed.
apply only when Bravura Privilege is licensed.

Table 1. Administrative options

	Option	Description
	Manage the system	Configure Bravura Security Fabric objects and environment, and administer security.
	Manage certification process	Create, save, and start access certification campaigns.
	Manage the OrgChart	Manually change the organization chart structure or start Org building rounds.
	View dashboards	View graphical summary reports of Bravura Security Fabric operations and usage.
	Manage reports	Enables product administrators to view, run, save, and schedule reports.
	Analytics	When configured, enables product administrators to view reports that exist on a Microsoft SQL Server Reporting Services (SSRS) server.
	Manage external data store	Enables product administrators to view and update data in the External data store.
	Change product administration password	Change your administrator password. This option is available only if your password is stored in Bravura Security Fabric , and not verified against a target system.
	Manage components	Manage Bravura Security Fabric components.

Manage the system

Product administrators can use the Manage the system (PSA) module to configure Bravura Security Fabric objects and environment, and administer security. The top navigation options depend on their administrative privileges.Administrative privileges

The Manage the system main menu includes license and usage statistics. The server that you are logged into is displayed at the bottom center of the page.License information

Manage the system main menu for Bravura Identity+Pass

Manage the system main menu for Bravura Privilege

The following subsections describe the Manage the system (PSA) module menu and corresponding sub-menu options.

Resources

Options on the Resources menu enable you to add and update resources that can be managed by Bravura Security Fabric . You must have the "Manage resources" right to access this menu.

Click this link...	To access this functionality...
Target systems	Add, update, or delete target systems.
Target system groups	Apply web password change restrictions, synchronization rules, and password policies to groups of target systems.
Discovered objects	View discovered systems and accounts, and add them to managed system policies .
Import rules	Add, delete and modify target system import rules.
Template accounts	Set up templates that can be used to create accounts.
Account attributes	Configure attributes specific to target systems.
Roles	Set up roles that can be used assign requirements for a set of users.
Groups	Enable Bravura Security Fabric to manage group membership for certain target systems.
Network resources	Enable users to request access to network resources such as Active Directory network shares and printers.
Operation dependencies	Set up dependencies that control how data is exchanged between connectors; for example, the creation of an Exchange mailbox can be made dependent on an Active Directory account.
Resource attributes	Define common and reusable attributes for resources.
Resource attribute groups	Define collections of resource attributes.
Options	Options for role-based access control enforcement.

Policies

You must have the "Manage policies" right to access the full Policies menu.

Click this link...	To access this functionality...
User classes	Set up user classes that can be used to segment the user population.
Segregation of duties rules	Set up rules that provide a way of identifying exceptions to roles or possible access conflicts. Details Segregation of duties rulesSegregation of duties rules
Authentication priority	Prioritize target systems used to authenticate users when accessing Bravura Security Fabric . Details Setting the target system authentication order
Identification priority	Prioritize target systems that users can select to identify themselves when accessing Bravura Security Fabric .
Password policies	Modify and apply strength rules to Bravura Security Fabric ’s global, centrally-managed password policy.
Question sets	Configure question sets that are used to authenticate users.
Login options	Configure options for login.
User notifications	Configure notification of users of compliance requirements, password expiry, and other events. You must have the "Manage notifications" administrative privilege to access the User notifications sub-menu item.
Authentication chains	Customize authentication to Bravura Security Fabric using multiple methods.
System interfaces	Configure interfaces with external systems.
REST API authorization policies	Search, download, or reset REST API authorization policies to default.
Options	Configure general login and authentication policy options.

Privileged access

Note

Some of the options in this menu are only available with a full Bravura Privilege license bpa-icon .

Click this link...	To access this functionality...
Managed systems	Add, delete and configure managed systems.
Managed systems policies	Add, delete and modify managed systems policies.
Import rules	Add, delete and modify import rules.
Access disclosure plugins	Add, delete and modify access disclosure plugins.
Manual password randomization batches	View the manual password randomization results.
Local workstation service installation package	Generate installation key and download local workstation service installation package.
Node assignments	Change the service linked to a managed system policy.
Options	Configure general privileged access options.

Workflow

Some of the options in this menu are only available with a full Bravura Privilege or Bravura Identity license bpa-icon Identity icon .

The options on the Workflow menu enable you to configure common workflow objects and workflow logic. The table below details the available menu options. You must have the "Configure workflow setup" right to access this menu.

Click this link...	To access this functionality...
Pre-defined requests	Configure pre-defined requests to define requests in terms that users understand, and reduce the number and complexity of steps.
Profile and request attributes	Set up profile and request attributes that can be used to collect and display information about users.
Attribute groups	Group attributes to control user access and display, and apply attributes to certain operations.
Authorizers	Set up users as authorizers.
Email configuration	Set up e-mail notification.
Email customization	Customize language macros for email messages.
Options	Configure the various workflow options and features. This includes options for: Delegation Escalation Organization chart management General workflow behavior Plugins

Inventory

This menu is available with a Bravura Identity license Identity icon .

The options on the Inventory menu enable you to configure items and processes for inventory management. The table below details the available menu options. You must have the "Configure workflow" setup right to access this menu.

Click this link...	To access this functionality...
Target systems	Add, update or delete target systems used for inventory management.
Locations	Set up location properties to help you define, search for, and manage inventory items.
Item types	Set up item type properties to help you define, search for, and manage inventory items.
Inventory managers	Set up users as inventory managers. You must have at least one item type, and one location set up before you can do this.
Template accounts	Set up templates that can be used to request inventory items.
Inventory states	Update inventory states.
Inventory items	Add individual inventory items.
Options	Enable plugins to manage inventory.

Modules

The options on the Modules menu enable you to configure the Bravura Security Fabric graphical user interface. The table below details the available menu options. You must have the "Configure modules" right to access this menu.

Click this link...	To access this functionality...
Manage certification process (CERT)	Manage the access certification process and initiate certification campaigns.
View dashboards (DASH)	View graphical summary reports.
Manage external data store (DBE)	Configure events and options for the External data store.
Digital ID (DID)	Enable event actions for this module, which is used by Bravura Security Fabric to update a Lotus Notes ID file repository.
Help users (IDA)	Configure event actions and options for help desk users to assist users.
Manage the OrgChart (IDG)	Configure event actions and options for administrators to manage the organization chart.
Browse the OrgChart (IDO)	Configure event actions, plugins, and options for end users to browse or update the organization chart.
View and update profile (IDR)	Configure plugins and options for end users to request security changes.
Manage delegations (IDS)	Configure options for users to manage delegation requests.
Manage the system (PSA)	Set event actions and options for product administrators to configure and manage Bravura Security Fabric .
Front-end (PSF)	Configure plugins and options for front-end access and authentication.
Generate voice print enrollment PIN (PSI)	Set event actions and options for voice print registration.
Unlock accounts (PSK)	Set event actions and options for self-service account unlocks.
Attach other accounts (PSL)	Set event actions and options for alternate login ID management.
User notifications (PSN)	Enable the user notification system.
Manage tokens (PSP)	Set event actions and options for self-service token management.
Update security questions (PSQ)	Set event actions and options for security question profile management.
Password synchronization registration (PSR)	Set event actions and options for password synchronization registration.
Change passwords (PSS)	Set event actions and options for self-service password changes.
Manage reports (RPT)	Configure options for the Manage reports (RPT) module.
Requests	Configure event actions and options for users to view and act on requests.
Privileged access	Configure Bravura Privilege managed systems and policies, service IDs, event actions, plugins, and options.
Session monitor	Configure Bravura Privilege recorded sessions.
Options	Configure plugins and options that apply to web modules in general.

Security

The options on the Security menu enable you to set up and maintain the security of your Bravura Security Fabric environment. The table below details the available menu options. You must have at least one of the following rights to access this menu:

Manage security
Manage product administrators
Manage user groups

Manage certification

Click this link...	To access this functionality...
Access to profile and request attributes	Define user groups to control permissions for attribute groups. You must have the "Manage user groups" right to access this option.
Access to resource attributes	Define user groups to control permissions for resource attributes.
Access to product features	Add, update, delete, or enable / disable other users who log into the administrative consoles. You must have the "Manage product administrators" right to access this option.
Access to user profiles	Add, update, delete, or enable / disable groups of users who log into the self-service modules, or the Help users (IDA) module. You can also specify a requester and view a list of their privileges. You must have the "Manage security" right to access this option.
Privileged access to systems	Define user groups to control permissions for managed system policies . You must have the "Manage user groups " right to access this option.
Options	Configure general security options. You must have the "Manage security" right to access this option.

Maintenance

The options on the Maintenance menu enable you to set up and maintain your Bravura Security Fabric service programs, schedule jobs, update the system, configure mail, and configure general settings. The table below details the available menu options. You must have at least one of the following rights to access this menu:

Maintain servers
Configure replication

Click this link...	To access this functionality...
Auto discovery	Manage ID filters, set connector order, or run auto discovery. You must have the "Maintain servers" right to access this option.
System logs	View and search the current Bravura Security Fabric log. You must have the "Maintain servers" right to access this option.
Services	Install and monitor the Bravura Security Fabric services through the Web interface. You must have the "Maintain servers" right to access this option.
Scheduled jobs	Schedule jobs. You must have the "Maintain servers" right to access this option.
Connector concurrency rules	Configure extra locking for connector operations, preventing concurrent execution. You must have the "Maintain servers" right to access this option.
File synchronization	Synchronize files between the main server and proxy servers, or between servers in a replicated environment. You must have the "Maintain servers" right to access this option.
Connector behavior	Change default options for various connectors. You must have the "Maintain servers" right to access this option.
Database replication	Configure and control database replication. You must have the "Configure replication" right to access this option.
System variables	Configure all system variables within Bravura Security Fabric from one page. This is helpful if you know the name of the system variable you want to modify, but cannot remember where it is located.
Environment variables	Display the current system environment in which Bravura Security Fabric is running. This is not the same environment as the currently logged-in user. You must have the "Maintain servers" right to access this option.
Options	Configure general maintenance options. You must have the "Maintain servers" right to access this option.

Manage certification process

The following security privileges control access to the Manage certification process (cert) module:

Product administrators with the ”Manage certification process” administrative privilege can initiate certification campaigns with multiple reviewers.
Product administrators with the ”Initiate entitlement certification campaigns” administrative privilege can initiate entitlement certification campaigns with a single reviewer.

Users with the ”Initiate a review of all entitlements” privilege can initiate a quick certification of a single user via the View and update profile (IDR) module.

The Manage certification process (CERT) module includes tabs:

Active campaigns to view information about campaigns that are in progress
Start entitlement certification campaign to add a new entitlement certification campaign
Start configuration certification campaign to add a new configuration certification campaign
Saved certification setups to select a saved configuration
Scheduled campaigns to view information about campaigns that are scheduled

Manage the OrgChart

The following security privileges control access to the Manage the OrgChart (IDG) module:

Product administrators with the ”Manage the OrgChart” administrative privilege can update the OrgChart and view the OrgChart structure.
Product administrators with the ”Start Org building rounds” administrative privilege can initiate OrgChart-building rounds and invite managers to update their list of subordinates.

The Manage the OrgChart (IDG) module allows product administrators to:

Identify managers and their subordinates
An Org Manager administrator could simply identify the top-level manager, then initiate an OrgChart building round whereby managers identify their own subordinates. In other cases, product administrators could build parts or all of the OrgChart, then initiate the process to have managers verify the information.
Identify users who no longer report to a certain manager
Transfer users from one manager to another

View dashboards

The following security privileges control access to the View dashboards (dash) module:

View certification dashboard
View workflow dashboard
View privileged access dashboard
View OrgChart dashboard
View enrollment dashboard
Recompute dashboard cache

The View dashboards (DASH) console includes dashboards for graphical summaries of Bravura Security Fabric operations and usage.

Manage reports

The Manage reports menu enables you to use the Manage reports (RPT) module to run reports based on the information stored in the Bravura Security Fabric database You must have the " Manage reports reports" administrative privilege to access this menu.

Analytics

Analytics is an optional Bravura Security report feature that organizes and displays Microsoft’s SQL Server Reporting Services (SSRS) reports.

When analytics is configured, an Analytics link is available on the Bravura Security Fabric administrative menu.

Reports that exist on a SQL Server Reporting Service server are displayed on the Analytics user interface and can then be saved in different formats such as DOC, CSV, PDF and HTML.

The analytics feature requires SQL Server Reporting Service (SSRS). The version of SSRS must be the same version as the SQL Server for the instance; for example, SQL Server 2016 and SSRS 2016.

If you do not see Analytics on the main menu, it has not been installed.

In order to access the Analytics app users require the "Analytics" administrative right or have membership criteria which is defined by the _ANALYTICS_READERS_ user class.

To create new reports, Microsoft’s Report Builder must be installed on the user’s computer.

Requests

The Requests app is accessible via the Requests link to product administrators who have the ”Manage reports” user access rule. Users with this right can view requests they have submitted via reports.

Manage External Data Store

The Manage external data store (DBE) module allows product administrators to view and update data on external database tables on a SQLite connection. The data can be accessed through an API Service (idapi) function call. This provides the ability to use external information in plugin points and a means to maintain the external information.

Product administrators require the Manage external data store privilege to access the Manage external data store (DBE) module. Once the administrative privilege is granted and the requirements are met, the Manage external data store link is displayed on Front-end .

Change product administrator password

If you are a product administrator and your password is not verified against a target system, you may be required to change your password in Bravura Security Fabric at regular intervals. When your password expires, you are directed to the Change product administration password administration password page upon login.

There are two ways that you can change a product administrator’s password. You can change it using the Bravura Security Fabric web interface or by using the adm_set program in the <instance>\util\ directory.

If you forget the password for your Bravura Security Fabric superuser, then using adm_set is by default the only way to reset the product administrator’s password.

Change the password using the web UI

To change your Bravura Security Fabric console login password:

On the main menu, click Change product administration password.
Type your current password and new password in the appropriate fields.
Re-type your new password in the Confirm your new password field. The password can be up to 64 characters long.
Click Change my password.

If you are a product administrator and your password is verified against a target system, password expiry is determined by the target system, and the Change product administration password link is not included on the main menu.

Click below to view a demonstration of changing the product administrator’s password using the Bravura Security Fabric UI and then changing it back to the original password using the adm_set utility.

Change the password using the adm_set utility

Open a Windows command prompt (cmd.exe) as administrator.
Change directory to the location of the adm_set utility using the following command:
```
cd c:\Program Files\Bravura Security\Bravura Security Fabric\default\util
```
Change the password of the superuser using the adm_set utility using the following command:
```
adm_set.exe -user superuser -pass <new password>
```
If you are prompted to make changes to the computer, click Yes.
Log in to the Front-end (PSF) as superuser with the new password.
If the login is successful, then the superuser password was correctly reset using the adm_set utility.

The adm_set utility can also be used to unlock a product administrator account. See adm_set usage information .

Manage components

The Manage components menu enables you to install and manage components which provide extra functionality to Bravura Security Fabric .

The Manage Components link is only visible to superuser-type product administrators .

In this section: