Hitachi ID Bravura Pass can be embedded into the user interface of a number of portal products:

  • Bravura Pass can be set up to "trust" portal authentication of users, rather than prompting users to re-authenticate. A common way to do this is to integrate it as a Security Assertions Markup Language (SAML) service provider (SP) with an existing SAML identity provider (IdP) .

  • Alternately, Bravura Pass can act as the main login page to a portal, with a launch pad of application icons that users can navigate to, and acting as a SAML IdP to other portal components' SPs.

  • In all cases, Bravura Pass should be used to manage the credentials, identities and/or entitlements of portal users, typically in an LDAP directory.

  • The user interface is totally customizable and can be:

    • Stripped down, making it suitable for embedding in a portal that proxies and/or embeds (e.g., via IFRAMEs) other web applications.
    • Decorated to match the portal page, including logos and navigation, so that it appears just like a normal part of the portal, despite being one of several peer servers that share a user interface and navigation structure.

  • An application programming interface (API) is exposed by Bravura Pass, supporting features such as user authentication, random password generation, password policy enforcement, security question validation, password and PIN resets, etc. This can be used by third party UIs and telephony systems, for example.

    The API is available in SOAP, Windows and Unix shared object bindings. An extensible REST API is also available, where methods are mapped to script code that calls into a shared memory API.

  • A web services API is exposed by Bravura Pass, allowing other applications to access the workflow request queue and data about users and resources.

    The API is accessed using SOAP over HTTPS with a WSDL specification. It is accessible from a wide range of platforms, including Windows and Unix, .NET and J2EE, Perl, Python and PHP, etc.

    The Bravura Pass API supports a wide range of operations, including:

    • Submitting new workflow requests. This includes requests to:
      • Create new user profiles.
      • Add login accounts to new or existing profiles.
      • Add users to or remove users from managed groups.
      • Assign roles to users or remove roles from users.
      • Get or set user identity attributes.
    • Initiating certification campaigns.
    • Searching for users, groups or roles matching specified criteria.
    • Creating, updating or deleting roles and SoD policies.
    • Getting or changing the set of authorizers attached to a request.
    • Approving or denying requests.
    • Enumerating users per entitlement or entitlements per user.
    • Running any report and consuming its output in a streamed format (e.g., orphan/dormant accounts, stale workflow requests, SoD violations, etc.).
    • Performing a variety of Bravura Pass configuration tasks.

    A separate REST API is also supported. With this mechanism, it is possible to define REST method calls and bind them to Python logic that runs on the Bravura Pass server, which uses the (extensive) shared-memory based API to effect changes. There are no real restrictions on what the REST API is capable of.