Hitachi ID Bravura Security Fabric is well integrated with LDAP directories, as follows:
- User profiles derived from LDAP:
Hitachi ID Bravura Security Fabric is configured to automatically define its own users based on the accounts that exist in an authoritative directory, which is often an LDAP directory. There is no need for duplicate administration or reconciliation.
Users can be included in or excluded from Hitachi ID Bravura Security Fabric using AD groups and OUs.
- Discovery systems from LDAP objects:
Hitachi ID Bravura Privilege is normally configured to automatically discover endpoints that it might manage. LDAP and AD are typical sources of inventory data, which is then fed into import rules to decide what credentials to try and whether to attempt to manage each system.
- Managing LDAP accounts and groups:
Hitachi ID Bravura Identity can create, modify, move, rename and delete accounts in LDAP directories.
Hitachi ID Bravura Security Fabric can manage user membership in LDAP groups, including requests for changes to group memberships, group memberships based on roles, SoD policy enforcement, access certification and more.
- Password synchronization:
Hitachi ID Bravura Pass can be configured to intercept native password changes on certain LDAP directories (SunONE, IBM LDAP, OID) and:
- Apply a supplementary password policy beyond the one built into AD and potentially reject the initial password change.
- Automatically synchronize the user's other passwords, on other systems or other AD domains.
- Password reset:
Even on directories where a password synchronization trigger is not currently offered, Hitachi ID Bravura Security Fabric can reset LDAP passwords and clear intruder lockouts (lockouts are not implemented on all LDAP servers but can be cleared by Hitachi ID Bravura Security Fabric where they exist).
Users can sign into Hitachi ID Bravura Security Fabric using LDAP credentials -- entered into the Hitachi ID Bravura Security Fabric web portal.