Description
The Bravura Privilege connector uses the Hitachi ID Bravura Privilege REST API (formerly Hitachi ID Privileged Access Manager / Bravura Security Fabric) to discover managed systems and the privileged accounts managed within them.
System Type Classification
| Field | Value |
|---|
| System Type | PAM Tool |
| Default Scan Priority | 500 |
Version Support
| OrbisID Edition | Supported |
|---|
| Community | No |
| Pro | Yes |
| Enterprise | Yes |
Bravura Privilege scanning requires a Pro or Enterprise licence.
Supported Protocol
| Protocol | Port | Notes |
|---|
| Bravura REST API (HTTPS) | 443 TCP | Default; configurable via pamPlatformUrl |
What OrbisID Discovers
| Data | Source |
|---|
| Managed systems | GET /idapi/managedsystems |
| Managed accounts | GET /idapi/managedaccounts |
| Account usernames | accountName / username property |
| Target system names | systemName / name property |
| Account status | isActive / enabled property |
Connection Requirements
Credential Requirements
OrbisID authenticates using a Bravura Privilege local administrator account with read access to managed system and account data.
The account must have at minimum:
- Read access to the managed systems list
- Read access to the managed accounts list
Recommended: Create a dedicated read-only service account for OrbisID scanning.
Credential Mapping
| OrbisID Field | Bravura Privilege Value |
|---|
credential.username | Bravura Privilege username |
credential.password | Bravura Privilege password |
system.pamPlatformUrl | Base URL of Bravura Privilege (e.g., https://bravura.example.com) |
Network Requirements
| Requirement | Detail |
|---|
| HTTPS to Bravura Privilege | OrbisID server (or On-Premise Agent) must reach the Bravura Privilege server on port 443 |
| REST API enabled | Ensure the Bravura Privilege REST API (/idapi) is enabled and accessible |
Configuration Steps
- Create or identify a Bravura Privilege service account with read access
- Create a Credential in OrbisID:
- Username: Bravura Privilege username
- Password: Bravura Privilege password
- Navigate to Systems → Add System
- Fill in the fields:
| Field | Value |
|---|
| Name | Descriptive name (e.g., Bravura Privilege – Production) |
| PAM Platform URL | Base URL of Bravura Privilege (e.g., https://bravura.example.com) |
| OS Type | Bravura Privilege |
| System Type | PAM Tool |
| Credential | The Bravura Privilege service account credential |
- Click Test Connection to verify authentication
- Click Save
Troubleshooting
| Symptom | Likely Cause | Resolution |
|---|
401 Unauthorized on test connection | Invalid credentials | Verify the username and password; ensure the account is active |
403 Forbidden | Insufficient permissions | Ensure the account has read access to managed systems and accounts |
| Connection refused | PAM Platform URL incorrect or port blocked | Verify pamPlatformUrl; check firewall rules on port 443 |
| No accounts returned | Accounts not accessible to the service account | Review Bravura Privilege access controls for the scanning account |
| SSL certificate error | Self-signed certificate | Install the Bravura Privilege certificate on the OrbisID host or agent |