Chat now with support
Chat mit Support

Safeguard Remote Access Hosted - Administration Guide

Introduction Prerequisites Limitations Getting started Administrator-side use cases User-side use cases Appendix Glossary

Inviting a One Identity Starling Collaborator

Inviting a One Identity Starling collaborator makes is possible for multiple people to work simultaneously on a project.

NOTE: There are two ways of giving access to connections:

  • Inviting collaborators who have One Identity Starling accounts.

  • Adding Azure Active Directory (AAD) groups directly.

When you invite One Identity Starling collaborators, you cannot limit the accessibility to connections in One Identity Safeguard Remote Access (SRA). The role-based access control functionality of SRA is available only when AAD groups are added directly.

To invite a One Identity Starling Collaborator with the User role

  1. Navigate to Collaborators.

  2. Click Invite Collaborator.

    Figure 27: Collaborators > Invite Collaborator - Inviting a One Identity Starling Collaborator

  3. Here you have two options

    • Use Search to find a collaborator within your organization.

    • If you want to invite a collaborator outside of your organization, click Unable to find collaborator?, and enter the First Name, Last Name, and Email address of the collaborator.

  4. Click Invite.

Below the Invite Collaborator button, you can view the list of all collaborators invited to the project, along with their Status and Roles.

When it comes to Roles, collaborators with One Identity Starling accounts can have two distinct roles: Admin and User. When you invite a collaborator from SRA, the User role will be assigned to this user automatically. This means, that the user will have read-only access to all connections on the Connections page, but will not have configuration rights. Only users with the Admin role are able to configure role-based access control (RBAC), invite other collaborators, and assign roles to other users.

To promote a user from User to Admin role

  1. Select the user you want to promote from the collaborators list.

  2. Click (Options) at the end of the row and select Remove Collaborator.

    NOTE: This action will remove the collaborator only from SRA, but not from One Identity Starling.

  3. Click and select One Identity Starling Settings.

  4. Go to Leave Organization and click Leave. With this, the user's access rights to the SRA subscription will be removed.

  5. Go to One Identity Starling Services.

  6. Select Safeguard Remote Access and click on the upper right corner of the tile.

  7. Re-invite the user with Admin role.

The same process must be applied when you want to demote a user from Admin role to User role.

NOTE: You can promote or demote a user in One Identity Starling Services > Organization > Manage Organization Admins > > Demote to Collaborator directly, however, this will not affect the user role in SRA. The only way to switch roles for a user in SRA is to delete the user and re-invite the user with a different role.

Restoring a deleted Administrator (or root) connection tile

By default, when a connection policy is created in SPS for RDP and/or SSH connections, an Administrator (or root) connection tile appears for that connection policy on the SRA Connections page. If this connection tile was deleted by mistake, there are two ways of restoring it:

(Option 1) Clone a connection from one of your active connections

To restore the Administrator (or root) connection tile by cloning a connection

  1. Find the group from which you have deleted the Administrator (or root) connection tile.

  2. Select a connection tile from that group and from (Options), choose Clone & Customize.

  3. Find the Account section on Add new user to target server and type Administrator or root into the Account field.

    Figure 28: Connections > > Clone & Customize > Add new user to target server — Restoring a deleted Administrator (or root) connection tile

    Note, that specifying a domain name is optional.

  4. Click Create.

(Option 2) Create a new connection policy in SPS

To restore the Administrator (or root) connection tile by creating a new connection policy in SPS

  1. Open the SPS web interface.

  2. Go to RDP Control > Connections (or SSH Control > Connections - depending on the type of protocol) and find the connection policy your Administrator (or root) user previously belonged to.

  3. Create a new connection policy by copying the details of that previous connection.

    Figure 29: RDP control > Connections — Creating a new connection policy for Administrator or root in SPS

  4. Commit your changes.

  5. Return to SRA and refresh the page. The newly created Administrator (or root) connection tile should be visible.

User-side use cases

This section covers the user-side use cases for One Identity Safeguard Remote Access (SRA).

User web interface location

The web interface for One Identity Safeguard Remote Access is accessible on the link:

The contents of the interface are loaded from the One Identity Safeguard Remote Access (SRA) subscription where the user is an Administrator or User. If the user is member of multiple subscriptions, then the appropriate subscription can be selected in the upper right corner.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen