Skip to main content

Enterprise (global) Team policies

Team Policies allow you to enforce security rules for all users in a particular Team; for example, requiring use of two-step login.

Team Policies can be set by a Team Admin or Owner.

Tip

Set Team Policies prior to inviting users to your Team.

Caution

Some policies will remove non-compliant users when enabled, and some are not retroactively enforceable.

To access Enterprise Team policies:

  1. Log in to Bravura Safe via the web interface.

  2. Click Teams.

  3. From the Team drop-down, select the Enterprise Team.

  4. Click the Settings tab.

  5. Select Policies from the SETTINGS menu.

    Note

    Only the Password generator policy can be set for regular Teams. Though other policies appear under Settings for regular Teams, they can only be set at the enterprise level.

    safe_web_ent_policies

  6. Click on an Enterprise Team policy to configure. See below for details:

Require two-step login

This policy refers to two-step login (2FA) that can be set up for individual Bravura Safe accounts and will require users who are not an owner/admin to enable and use a second authentication factor to log in.

If you are using SSO and your IdP includes 2FA, this policy is not required.

Warning

Note the warning in the image below. When this policy is turned on, existing users without a two-step login method enabled will be removed from the Team and will have to be re-invited.

safe_web_policy_require_2step

See also

Enforce enterprise two-step login

Master password requirements

safe_web_policy_mpwd_req
safe_web_policy_mpwd_req_mcs

If this policy is updated, existing non-compliant users must adhere to the new policy requirements at their next master password change.

Master password reset

Warning

Turning OFF the Master password reset policy on the Enterprise Team, means users that forget their master password can only recover the password using emergency access if they have that method configured . Otherwise, they will need to delete their Bravura Safe account and be onboarded by the Enterprise Team administrator again. See I forgot my master password for details.

safe_web_policy_mpwd_reset

For self-enrollment, see Enroll in password reset.

Password generator

Note

This policy is set per Team. The enterprise Team policy does not supercede that of a regular Team policy.

Warning

When this policy is turned on, any existing Team item passwords that do not comply will not be changed or removed.

safe_web_policy_pass_gen
safe_web_policy_pass_gen_default

Require single sign-on authentication

safe_web_policy_req_sso

Remove individual vault

safe_web_policy_remove_ind

If turned on, any existing items in users' individual safes will remain there.

Remove Share

safe_web_policy_remove_share

Share options

safe_web_policy_share_options

Bypass personal two-step login when using SSO

This policy, when turned on, allows you to streamline user login by skipping the personal two-step login authentication (e.g. Authenticator app) if they are logging in via SSO.

Warning

Bravura Security recommends that you only use this policy if multi-factor authentication (MFA) is already enforced through your Identity Provider (IdP).

safe_web_ent_policies_bypass1

Activate auto-fill

This policy, when enabled, turns on auto-fill on page load for browser extensions for all existing and new members of the Team.

Note

Members can turn off or modify auto-fill on page load behavior for their browser extension.

safe_web_policy_activate_autofill

  1. Select Turn on.

  2. Click Save.

In this section: