Limited vs full Bravura Privilege license
All Bravura Security Fabric products ship with a limited Bravura Privilege license. This provides basic credential vaulting and password management capabilities. Organizations that require advanced PAM capabilities should upgrade to a full license.
Organizations can choose per-system or per-user licensing models, both of which include unlimited users or systems (respectively) without hidden per-server fees. Connectors verified by Bravura Security are included in the base license; customer-verified connectors are supported with a modest subscription uplift shared across customers.
Capability | Limited license | Full license |
|---|---|---|
Credential vaulting (vault-only systems) | Included. | Included. |
Password randomization and scheduled rotation (push mode) | Included. | Included. |
Connector framework and auto-discovery | Included. | Included. |
Connector proxies for firewalled networks | Included. | Included. |
Local Workstation Service (LWS) for laptops and offline endpoints | Not included. | Included. |
Request and approval workflows (controlled checkout) | Not included. | Included. |
Session brokering, recording, and monitoring | Not included. | Included. |
Push and local workstation managed system policies | Not included. | Included. |
Risk-based access decisions | Not included. | Included. |
Delegated team-based administration | Not included. | Included. |
Multi-master replication, high availability, disaster recovery, and encryption are included at both license tiers.
Bravura Privilege limited license
Bravura Security Fabric, with a Bravura Pass or Bravura Identity license, includes these Bravura Privilege features:
Manage target administrator credentials (vaulted)
Frequent password randomization to eliminate static/shared passwords
Run scripts on managed systems via connectors
Access controls limiting who can see or retrieve passwords
Vault-only managed systems and managed‑system policies
Logging and reporting of disclosure events
Encryption in transit and at rest; replication across servers for resilience
Bravura Privilege full license
Manage non-domain and intermittently connected systems (laptops, workstations)
Manage any user account (not just target administrators)
Session recording and monitoring
Approval workflows for privileged access requests
Run commands across multiple systems and temporary group membership
Expanded access disclosure plug-ins and push/pull managed system policies
Manage non-domain and intermittently connected systems (laptops, workstations)
Manage any user account (not just target administrators)
Session recording and monitoring
Approval workflows for privileged access requests
Run commands across multiple systems and temporary group membership
Expanded access disclosure plug-ins and push/pull managed system policies
Teams workflow solution
Businesses often struggle to design authentication workflows that control which passwords are granted to users after collecting approval from account owners. The teams model addresses:
Some accounts or users may require no authorization; others may require approval.
Users may need different permissions (e.g., ability to reset a password vs. request one).
Communication with privileged account owners must be traceable and auditable.
Bravura Privilege implements a team-based management and access model:
Each team manages resources including team groups, managed systems, and accounts.
Users inherit privileges based on group membership within a team.
Teams have at least one team trustee who onboards resources and grants access.
Team administrators create teams and add users but should not act as trustees.