Safeguard for Privileged Passwords can join with the cloud platform One Identity Starling. By joining with One Identity Starling, Safeguard for Privileged Passwords customers can take advantage of companion features from multiple Starling services.
Safeguard for Privileged Passwords can join with the cloud platform One Identity Starling. By joining with One Identity Starling, Safeguard for Privileged Passwords customers can take advantage of companion features from multiple Starling services.
In order to use the Safeguard for Privileged Passwords features associated with Starling services, you must join Safeguard for Privileged Passwords to Starling. It is the responsibility of the Appliance Administrator to join Safeguard for Privileged Passwords to Starling.
For additional information and documentation regarding the Starling Cloud platform and services, see the One Identity Documentation.
See the Starling Release Notes for currently supported platforms.
In order to use the companion features from Starling services, first configure the following:
Register a Starling organization. For more information on Starling, see the One Identity Starling User Guide.
IMPORTANT: Not all Starling services are available to organizations in both the United States and European Union data centers. Check the documentation for the Starling services to see if there are any data center restrictions.
NOTE: You must be an Organization Admin for the Starling organization in order to join Safeguard for Privileged Passwords with Starling.
After the join has successfully completed, you will be returned to the Safeguard for Privileged Passwords client and the Starling pane will now show Joined to Starling. For information on the features that are now available, see After joining Starling. For information on unjoining from Starling, see Unjoin Starling.
IMPORTANT: In order to use the Cloud Assistant feature, once you have joined with Starling you must enable the Register as a sender with Cloud Assistant toggle on the External Integration > Starling pane.
Once Safeguard for Privileged Passwords is joined to Starling, the following Safeguard for Privileged Passwords features are enabled:
Starling Connect Registered Connectors
This feature integrates your Starling connectors with Safeguard for Privileged Passwords. This allows for the accounts stored in the connectors to be discovered and controlled by Safeguard for Privileged Passwords through the use of partitions which allow for rotating passwords to provide additional security for them. For more information, see Registered Connectors
Cloud Assistant
The Cloud Assistant feature integrates its access request workflow with Starling Cloud Assistant, allowing approvers to receive a notification through a configured channel when an access request is submitted. The approver can then approve (or deny) access requests through the channel without needing access to the Safeguard for Privileged Passwords web application.
The Cloud Assistant feature is enabled when you join Safeguard for Privileged Passwords to Starling. For more information, see Starling. Once enabled, it is the responsibility of the Security Policy Administrator to define the users who are authorized to use Cloud Assistant to approve access requests.
IMPORTANT: In order to use the Cloud Assistant feature, once you have joined with Starling you must enable the Register as a sender with Cloud Assistant toggle on the External Integration > Starling pane.
Connect for Safeguard Assets
Within Starling, a Connect for Safeguard Assets service is available. Once added, this service allows for assets not connected to your corporate network to use the check and change passwords functionality of Safeguard for Privileged Passwords. For more information, see the Connect for Safeguard Assets User Guide available as part of the Safeguard for Privileged Passwords documentation.
IMPORTANT: Regardless of the version of Safeguard for Privileged Passwords you are using, the Connect for Safeguard Assets User Guide associated with the latest version of Safeguard for Privileged Passwords should always be used when configuring a new agent. This is available from the Safeguard for Privileged Passwords documentation site.
Once Safeguard for Privileged Passwords has joined with Starling, a Starling Identity and Authentication provider will automatically be added to Safeguard. This is indicated by the Realm(s) section under Starling. However, there won't be any users or groups available until an administrator adds a Microsoft Azure Active Directory tenant to their Starling organization via the Directories settings page in Starling.
Using Starling as an identity provider
Join Safeguard for Privileged Passwords with Starling. For more information, see Join Starling.
Enable a Microsoft Azure Active Directory tenant in your Starling organization (multiple Microsoft Azure Active Directory tenants can be added to Starling, but they will be available and treated as a single tenant when used by Safeguard). This is done via the Directories settings page in Starling. For more information, see the Starling User Guide.
In order for Safeguard users to authenticate against Starling, a Relying Party Trust Application must be created in Starling via the Applications settings page. For more information, see the Starling User Guide.
To create the application in Starling, you will need to Download Safeguard Federation Metadata from Identity and Authentication
NOTE: You cannot use the Add OpenID Connect Application with Safeguard for Privileged Passwords.
You will need to enter one or more values in the Realm(s) section to associate with the new Starling authentication provider. This will then allow users logging in to Safeguard to select External Federation and use Starling for their authentication.
When the Require User to Always Authenticate check box is selected, the user will always be required to enter their credentials on the external provider, regardless of whether they are already logged in.
Adding new users and groups to Safeguard that come from Starling follows the same process as with other directory based identity providers (such as, Active Directory and LDAP) and the user information will be periodically synchronized from Starling.
IMPORTANT: You may need to restart the client in order for Starling to appear as an available identity provider.
It is the responsibility of the Appliance Administrator to unjoin Safeguard for Privileged Passwords from Starling.
For additional information and documentation regarding the Starling Cloud platform and services, see the One Identity Documentation.
To unjoin Safeguard for Privileged Passwords from Starling
Click Unjoin Starling.
IMPORTANT: If there is an issue with the connection to Starling, a warning message will appear on the page and you will instead see a Force Unjoin button.
Safeguard for Privileged Passwords will no longer be joined to Starling, which means that Cloud Assistant,
IMPORTANT: If you attempt to unjoin from Starling while there are still Safeguard users or groups that use the Starling provider for identity and authentication, you will get an error. You must manually delete any users or groups first before unjoining from Starling.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center