Using the Directory Connector with an Enterprise Team

Open Bravura Safe.

Optional: Configure Single Sign-on for the desired IdP and enable the Require single sign-on authentication policy in Bravura Safe.

Obtain the client keys for the Enterprise Team:

1. As the Team owner, navigate to the Enterprise Team Settings > Team info page.

2. Click View API Key.

3. Enter your Master password.

4. Copy the client_id and client_secret.

Configure Directory Connector with the API keys and sync users/groups into the Enterprise Team:

1. Open the directory connect CLI.

2. Configure the server by running the following command:

   bsafedc config server https://bravura_safe_instance_url.net

3. Log in with the Enterprise Team API keys copied earlier:

   bsafedc login organization.xxx xxx

4. Configure the directory; for example, for an AD target run:

   bsafedc config directory 0

   Source Directory	Value
   Active Directory/LDAP	0
   Azure Active Directory	1
   Google Workspace/GSuite	2
   Okta	3
   OneLogin	4

5. Configure the password for the directory; for example, for an AD target run:

   bsafedc config ldap.password xxxxx

6. Edit the data.json file to populate other required fields; for example:

   "hostname": "Hostname of your AD server",
   "rootPath": "Root path to start all queries",
   "username": "Administrative user name",
   "organizationId": "Enterprise team ID",
   "users": true,
   "groups": true,
   "userPath": "Root Path to search for users",
   "groupPath": "Root Path to search for groups",

7. Run the test command to query the users and groups from target directory before sync:

   bsafedc --pretty test

8. Run the sync command:

   bsafedc sync

Finish the onboarding process:

1. Users receive an email invitation to join the Enterprise Team.

2. Users click the link in the email to create an account (if they do not have an account) and accept the invitation to join the Enterprise Team.

3. The Team owner confirms the users' membership.