Deciding which Bravura Privilege features to implement
Choose features based on risk, operational needs, and licensing. A typical phased approach starts with credential vaulting and password rotation, then adds controlled checkout workflows, session monitoring, and advanced analytics as the deployment matures.
Feature | When to deploy | License |
|---|---|---|
Vault-only credential management | Immediate: remove static shared admin passwords. | Limited or full. |
Password randomization and scheduled rotation | Immediate: essential for credential hygiene. | Limited or full. |
Auto-discovery and import rules | Early: automate system and account onboarding at scale. | Limited or full. |
Connector proxies for firewalled networks | When targets are segmented behind firewalls. | Limited or full. |
Local Workstation Service (LWS) | For laptops and intermittently connected machines. | Full. |
Access and approval workflows | When you need approver workflows and controlled checkout. | Full. |
Delegated team-based administration | When business stakeholders should manage their own teams and resources. | Full. |
Session recording and monitoring | For regulated environments requiring session capture. | Full. |
API credential retrieval (embedded passwords) | When applications or scripts contain static credentials. | Full. |
Risk-based access decisions | When you want adaptive approvals based on request context and user behavior. | Full. |
Access certification | When periodic review of privileged entitlements is required for compliance. | Full. |