Hitachi ID Bravura Pass includes a Security Assertions Markup Language (SAML) identity provider (IdP) . This allows users to sign into a variety of federation-capable apps using a Bravura Pass login process, rather than using app-specific credentials.

The sequence for this externalized authentication will be as follows:

  1. A user accesses application at URL A.
  2. URL A (the service provider (SP) ) redirects the user to Bravura Pass at URL B.
  3. The user enters their login ID into Bravura Pass.
  4. Bravura Pass prompts for appropriate credentials. Different users may be asked for different sequences of credentials, based on their group memberships and/or identity attributes.
  5. Bravura Pass generates a SAML 2.0 assertion, indicating who the user is and what they are allowed to access.
  6. The user is redirected back to URL A, with the signed assertion.

This mechanism takes full advantage of the Bravura Pass policy framework:

  1. How users are authenticated is controlled using authentication chains, which support contextual selection of a suitable login process and multi-step logins, for example combining CAPTCHA, sending the user a PIN and asking for a password.
  2. Bravura Pass can evaluate user membership in user classes and inject assertions about what the user should have access to in SAML assertion it sends to service providers. This adds role-based access control to applications that support receiving authorization information in SAML assertions.

The following figure illustrates this sequence:

SAML 2.0 browser redirect sequence


Federated Launchpad


Content:

  • A user signs into Bravura Pass and launches login sessions to other applications.

Key concepts:

  • Single sign-on to SaaS applications and other apps that support SAML.
  • Applications need not maintain their own login pages or passwords.
  • Bravura Pass includes a 2FA mobile app so can add strong authentication to integrated applications.
  • Users can sign in once (into Bravura Pass) and launch multiple login sessions (into integrated applications).
  • A SAML 2.0 IdP and an application launchpad (for SSO) are included in the base Bravura Pass product -- no extra fees.