Hitachi ID Bravura Pass includes a rich set of built-in connectors for managing authentication factors on a broad range of systems and applications.

Password Synchronization Triggers

Transparent password synchronization can be triggered from native password changes on any of the following systems:

  • Windows 2008/2008R2/2012/2016 servers and Active Directory domains (password filter DLL on servers and/or DCs).
  • z/OS mainframes with RAC/F, ACF2 or TopSecret security products (security exit in the LPAR with the security products).
  • OS/400, iSeries servers.
  • Unix servers (passwd program wrapper binary or Privileged access management (PAM)).
  • Sun/Oracle and IBM LDAP servers (attribute change filter on the directory server).

Each of these triggers contacts the Bravura Pass server twice per password change, over an encrypted TCP/IP socket (shared key handshake, 256-bit AES encryption):

  • First connection: validate password quality, possibly reject the user's choice of a new password and block the triggering password change due to policy violation
  • Second connection: initiate transparent password synchronization