Skip to main content
  • Bravura Safe Documentation
  • Admin
  • Getting Started (Admin)

Getting Started (Admin)

For Bravura Safe product administrators

The topics that follow are intended for all initial Bravura Safe administrators. They provide information on the following:

  • Onboarding process for initial administrators to follow for Bravura Safe

  • Additional, optional steps for implementing Bravura OneAuth for two-step authentication

  • Parts of the product that will be configured for you by Bravura Security

  • Recommendations on what should be configured, developed and communicated before Bravura Safe administrators proceed with general user onboarding

Initial Bravura Safe administrators

When your business registered for Bravura Safe, Bravura Security requested the email addresses of your company's staff members that would become the first product administrators. Your contact information was provided to fill the role as one of these initial Bravura Safe administrators. As a Bravura Safe administrator, you will be responsible for configuring and maintaining the system and policies that will guide your users.

Onboarding process with Bravura OneAuth powered by HYPR

What is Bravura OneAuth?

Bravura OneAuth is a passwordless authentication method that allows you to use a trusted mobile device and biometrics to verify your identity. Bravura OneAuth can be used as a secure primary or multi-factor authentication method when accessing Bravura Security applications.

When Bravura OneAuth is implemented along with Bravura Safe onboarding, some extra steps are required, as indicated by the icon biometrics icon in the topics that follow.

Enterprise and regular Teams

There are two types of Teams:

  • Enterprise (global)

  • Regular

Enterprise Teams

Allow Bravura Safe administrators to configure global settings and polices that apply to ALL Teams and members:

  • Two-step login

  • Single sign-on

  • Team policies:

    • Master password requirements

    • Master password reset

    • Remove individual vault (use Team safes only)

    • Remove Share

    • Share options

    For the Enterprise Team only:

    • Team information

    • Password generator requirements

    • Import and export Team data

Allow members to manage Enterprise options:

  • Enroll in password reset

  • Open the Bravura OneAuth device manager to manage paired devices

See Enterprise (global) Team settings for more information.

Regular Teams

Allow Team owners to configure Team-specific settings and policies:

  • Team information

  • Password generator requirements

  • Import and export Team data

See Regular Team settings for more information.

Creating enterprise and regular Teams

In a brand-new Bravura Safe environment, the Team created first is the enterprise Team; subsequent Teams default to the regular normal Team type.

Overview of the onboarding process

The onboarding process consists of the Bravura Security Team provisioning your Bravura Safe instance, your first Bravura Safe Team, and onboarding you as an initial Bravura Safe administrator. As an initial Bravura Safe administrator, you are responsible for completing the Bravura Safe setup by following the steps in this list and onboarding your company's general users.

Initial onboarding steps

Steps marked with biometrics icon are only required if Bravura OneAuth powered by HYPR is to be used for two-step authentication.

  1. biometrics icon Optional: Bravura Security coordinates with the HYPR organization to provision the HYPR server/application for Bravura OneAuth.

  2. Bravura Security provisions the Bravura Safe instance with open registration.

  3. Bravura Security creates a temporary bootstrap account using open registration.

    Note

    The bootstrap account is used by Bravura Security to create the Enterprise Bravura Safe Team and onboard you as an initial Bravura Safe administrator. The temporary bootstrap account will be removed from your Bravura Safe instance after 30 days by Bravura Security staff. If desired, you may remove the temporary bootstrap account from the Enterprise Team prior to 30 days.

  4. Bravura Security disables open registration on the Bravura Safe instance; members must now be invited.

  5. Bravura Security creates the Bravura Safe Enterprise Team with the Master password reset and Require two-step login policies enabled.

  6. biometrics icon Bravura Security configures and enforces Enterprise-level Two-step login via Bravura OneAuth .

  7. Bravura Security invites your registered initial Bravura Safe administrators to the Bravura Safe Enterprise Team as owners.

  8. You receive the invite to join your Bravura Safe Enterprise Team via your registered email address.

  9. You follow the email prompt to create your Bravura Safe account and log in to the product for the first time.

    Note

    First login includes two-factor authentication; an email verification code is sent to your registered email address. The code is entered into the login prompts when requested.

    Logging in triggers acceptance of the Enterprise Team invitation; however, you will not be able to see the Enterprise Team until your access is further confirmed by Bravura Security.

  10. Bravura Security confirms your membership in the Enterprise Team.

  11. You log out and back in to Bravura Safe.

  12. biometrics icon When prompted for Bravura OneAuth authentication, you click a button to request an email allowing you to create your HYPR account, register your mobile device and authenticate to Bravura Safe via Bravura OneAuth .

    Note

    Email PIN is available as an alternative two-factor authentication method if you do not have access to your personal device.

    You will now be able to see the Enterprise Team along with its configured policies.

  13. You may remove the Bravura Security temporary bootstrap account from the Team if desired. Otherwise, the temporary bootstrap account will be removed from the Bravura Safe instance after 30 days by Bravura Security.

  14. You complete account setup, following Team and system best practices detailed in the contents of this document.

    Note

    A checklist of these tasks has been provided to ensure all are reviewed and completed. See Best practices task list.

  15. You invite the rest of your general users to the Enterprise Team and to any other regular Teams that have been created for their use.

    Note

    General users may be onboarded via SSO or through email at the your discretion. For more details see Onboarding general users.

  16. Bravura Security, after 30 days, uses the admin console to delete their temporary bootstrap account.

Admin best practices task list

Tasks for initial Bravura Safe administrators to complete:

  1. Create your Bravura Safe account and log in.

  2. Set up your Emergency contacts and modify any other personal account settings.

  3. Review all of the Enterprise Team policies.

  4. Alter any necessary Enterprise Team policies according to your business best practices.

  5. Create Items and any necessary collections for less sensitive content that you want stored within the Enterprise Team.

  6. Develop and communicate to all users your Bravura Safe usage policies (for Emergency contacts, help desk, Teams...etc).

  7. Onboard regular users to the Enterprise Team.

In this section: