Hitachi ID Bravura Pass includes a rich set of built-in connectors for managing authentication factors on a broad range of systems and applications.
Password Synchronization Triggers
Transparent password synchronization can be triggered from native password changes on any of the following systems:
- Windows 2008/2008R2/2012/2016 servers and Active Directory domains (password filter DLL on servers and/or DCs).
- z/OS mainframes with RAC/F, ACF2 or TopSecret security products (security exit in the LPAR with the security products).
- OS/400, iSeries servers.
- Unix servers (passwd program wrapper binary or Privileged access management (PAM)).
- Sun/Oracle and IBM LDAP servers (attribute change filter on the directory server).
Each of these triggers contacts the Bravura Pass server twice per password change, over an encrypted TCP/IP socket (shared key handshake, 256-bit AES encryption):
- First connection: validate password quality, possibly reject the user's choice of a new password and block the triggering password change due to policy violation
- Second connection: initiate transparent password synchronization