Introduction
This document outlines the new and improved features of the 11.1 release of Hitachi ID Bravura Security Fabric. Version 11.1 was released to Hitachi ID Systems customers on 2018-01-24.
Scope of the 11.1 release
The Hitachi ID Bravura 11.1 release includes all Hitachi ID products:
- Hitachi ID Bravura Identity -- User provisioning, RBAC, SoD and access certification.
- Hitachi ID Bravura Pass -- Self service management of passwords, PINs and encryption keys.
- Hitachi ID Bravura Privilege -- Secure administrator and service accounts.
These products can be deployed separately or together, in the following combinations:
- Bravura Identity alone.
Note: this includes Hitachi ID Bravura Group and Hitachi ID Access Certifier. - Bravura Pass alone.
Note: this includes Hitachi ID Telephone Password Manager. - Bravura Identity and Bravura Pass in a shared instance.
- Bravura Privilege alone.
- Bravura Group -- a subset of Bravura Identity strictly for group management.
Other combinations are technically possible but not actively tested.
What's new in 11.1
Hitachi ID Bravura 11.1 is a minor new release. It includes many improvements and bug fixes including the following:
- Enhancements across the entire Hitachi ID Bravura:
- Updated migration tools to extract configuration changes
from one product instance based on a date range (e.g., "export
everything configured today") and import those changes into
another instance. This will significantly aid migrations
across development, test and production environments.
- Extensible method functions in the REST API, implemented on the
Hitachi ID Bravura server using a local/shared memory API and exposed as
web services to remote callers.
- Expanded support for localization of text in configuration
components.
- A new log censorship program suitable for sanitizing
diagnostic logs by removing any PII before sending them to Hitachi ID
to request technical support. This is especially helpful for
organizations subject to GDPR.
- Simplified activation of Hitachi ID Mobile Access on smart phones.
- Please see (2) for details
about suite-wide improvements in 11.1.
- Updated migration tools to extract configuration changes
from one product instance based on a date range (e.g., "export
everything configured today") and import those changes into
another instance. This will significantly aid migrations
across development, test and production environments.
- Bravura Identity:
- A recommendation system for group membership:
- Requesters can ask for recommendations when requesting
groups for themselves or others.
- Reviewers are presented with a score indicating how consistent a given group assignment is, when comparing the user who has the group to their peers.
Recommendations are based on peer groups -- sets of users who share the same values for key identity attributes, such as department or location codes.
- Requesters can ask for recommendations when requesting
groups for themselves or others.
- When a single reviewer is assigned multiple segments within
a single campaign, the segments can be consolidated into a
single invitation e-mail and single navigational link.
- Ability to display resource and entitlement attributes to reviewers
in a certification campaign.
- Ability to incorporate instructions to reviewers in each campaign.
- Please see (3) for details about
improvements in IM in 11.1.
- A recommendation system for group membership:
- Bravura Privilege:
- A new PAM reference implementation, which incorporates a
team structure for access control and delegates onboarding of
systems and accounts to stake-holders such as application
owners and system administrators.
- Authorized users can now download multiple session recordings
at once, rather than one at a time.
- Please see (4) for details about
improvements in PAM in 11.1.
- A new PAM reference implementation, which incorporates a
team structure for access control and delegates onboarding of
systems and accounts to stake-holders such as application
owners and system administrators.
- Bravura Pass:
- Improved integration with the Cisco AnyConnect VPN for
users who need to reset a locally cached password while
off-site.
- Please see (5) for details about
improvements in PM in 11.1.
- Improved integration with the Cisco AnyConnect VPN for
users who need to reset a locally cached password while
off-site.
Hitachi ID Bravura 11.1 screen shots
Configuration export by time/date range
Migration tools are provided with Hitachi ID Bravura to extract the configuration of a running system into files and to import those files back into another running system. With 11.1, these tools have been updated:
- The file format is now JSON rather than XML.
- Export tools can select configuration changes by time and date range. Note that this entailed changes to the entire product as all commits to the database must be time-stamped.
Exporting configuration from a time/date range
Improved usability in access certification
A variety of user interface enhancements have been made to access certification screens. This includes an option to insert instructions to certifiers who begin their review, better highlighting of what changed when a review is of profile attributes, capturing and displaying entitlement change history and indicating to reviewers which entitlements are consistent with a given user's peers and which ones are unusual.
Peer groups are defined using identity attributes. For example, users who share location and department codes might be designated as sharing a peer group. Both the request and review UIs leverage peer groups to help requesters and reviewers, respectively, make informed decisions.
Offer reviewers instructions when they start working on a certification segment
Pop-up display of the change history of an entitlement
Highlight which attributes have been modified in the review
Score entitlements based on consistency with peers, drawing attention to those that are unusual
Recommending entitlements to requesters
The same peer groups that identify out-of-pattern entitlements to reviewers can also be used to recommend likely-desired entitlements to requesters. Entitlements that are popular among a given user's peers but not yet assigned to that user are displayed first in the list of available, requestable items.
Score entitlements based on popularity among the peer group and display high-probability items first
Updated mobile activation UI/UX
The user interface of Mobile Access, used both to initially activate the app and later to navigate through either using the app as an authentication factor to sign into the Hitachi ID Bravura UI on a PC or as a remote UI rendered on the smart phone, has been updated.
Initial launch -- prior to enrolling a user profile with Mobile Access
Activating Mobile Access by scanning a QR code on the PC