User Enrollment Overview

Hitachi ID Bravura Pass includes built-in infrastructure to securely and automatically manage the user enrollment process:

  • By monitoring one or more systems of record, Bravura Pass automatically creates new and removes old profile IDs.
  • New users and existing users with incomplete profiles are automatically invited to complete their profiles:
    1. Answer security questions.
    2. Install and activate Hitachi ID Mobile Access on their smart phones.
    3. Provide contact information, such as mobile phone number or personal e-mail address, to which a PIN can be sent.
  • Invitations to enroll may be e-mailed to users.
  • Users may be more forcefully reminded to enroll by having a web browser automatically open to the enrollment page when they log into the network.
  • Users may be forced to enroll, by opening a kiosk-mode web browser to the enrollment page when they sign into the network, and blocking access to the Windows desktop until users complete their profile. This process is typically controlled by placing users into a "mandatory enrollment" AD group and attaching a suitable GPO to that group.
  • To enroll, users must first authenticate. This is normally done by leveraging an existing strong authenticator -- such as a network password or a token.
  • A single, integrated enrollment system supports collecting answers to security questions, mapping different login IDs, on different systems back to their owners, activating a smart-phone app, collecting mobile phone numbers or personal e-mail addresses and collecting biometric voice print samples.
The enrollment system in Bravura Pass includes schedule controls. For example, the maximum number of invitations to send daily can be limited, as can the frequency of invitations per user. Days-of-week during which to send invitations are identified as are holidays during which no invitations should be sent.

Figure [link] shows a dashboard that tracks enrollment progress.

Screen shot: Enrollment Statistics

Screen shot: Enrollment Statistics

Security Question Enrollment in Detail

Enrollment of security questions and answers using the Bravura Pass web form works as follows:

  1. Bravura Pass: periodically extracts a list of accounts from target systems and constructs user profiles for each account on a source of profiles.

  2. Bravura Pass: identifies users with incomplete profiles.

  3. Bravura Pass: e-mails users with incomplete profiles an invitation to enroll, with an embedded URL.

  4. User: receives notification in e-mail, clicks on the link.

  5. Bravura Pass: authenticates the user, typically using a password to the user's account on a directory.

  6. Bravura Pass: prompts the user to answer security questions.

  7. User: answers some standard questions and populates some custom question/answer pairs.

  8. Bravura Pass: verifies that user input meets requirements.

Watch a Movie

Enrollment of security questions


  • A user has been invited to fill in a form with security questions and answers.
  • This animation starts after:
    • The user has clicked a link in an e-mail, or
    • a browser window was automatically launched at PC login.
    • The user has already authenticated to Bravura Pass with a password, token or smart card.

Key concepts:

  • Policy is used to combine user-chosen and standardized questions.
  • Some questions may be accessible to the help desk.
  • Some questions may be suitable for telephone authentication.
  • Usually only a random subset of enrolled questions is used to authenticate a user.

Notes - Other Profile Data

Bravura Pass can be used to collect other information from users, such as demographic data that is not used in authentication processes (e.g., home phone number, application preferences, etc.), and biometric voice print samples. All registration is handled through the same, integrated enrollment system.