Chat now with support
Chat mit Support

Starling Two-Factor Authentication Hosted - HTTP Module Administration Guide

Connecting HTTP Module to Starling

After the pre-requisites to connect to Starling are met, connect HTTP Module to Starling using the Starling Join option available for One Identity on-premises products.

To connect and configure One Identity Starling for authentication

  1. On the Starling Two-Factor HTTP Module configuration window, click Connect Starling.

The Connect Starling window is displayed.

  1. Click Connect my account.

You are redirected to the One Identity Starling authentication window.

  1. Provide your Starling credentials and click SIGN IN.
  2. In the Join to Starling window, click Allow.

NOTE: If you are a member of more than one Starling organization, use the drop-down to select the organization to which you want to connect.

  1. Click Join.

After successful authentication, you are redirected to the One Identity Starling Two-Factor HTTP Module Configuration Connect Starling window.

NOTE:To connect to a different organization in your One Identity Starling account, click Change Account.

If the connection is unsuccessful, a message is displayed providing the details of the error and the previously connected account is continued to be used. In such a case, it is recommended to contact support for any help.

NOTE: If there are any network issues or if the Starling is down, your account may get disconnected. In such cases, click Reconnect. To test the validity of your account connection, click Test connection.

Configuring Push notification settings

Push notification enables you to Approve or Deny login requests. These requests facilitate an end-to-end encrypted communication between the application and a secured authentication service. Accurate configuration of the push notification allows you to Approve or Deny a login attempt.

To configure the push notification settings

  1. On the Starling Two-Factor HTTP Module Configuration page, click Push Notifications.

Push Notifications page is displayed.

  1. On the Message field, enter a message to be displayed in the Starling Two-Factor application.

The message entered must be in the range of 10 to 50 characters.

  1. On the Timeout (seconds) field, select the timeout duration or the validity of the notification from the drop-down menu. If you select Other, you can specify the customized timeout duration in seconds. By default, 60 seconds is set as a timeout duration for notifications.
  2. Click Save Settings after completing the configuration.

 

Configuring user repository for Active Directory

Use the Active Directory tab to configure the user repository details.

Prerequisites to configure user repository

The following are the pre requisites to configure user repository

  • A domain controller must exist.
  • User must have the minimum read permission to query the Active Directory and read user data.

 

To configure the repository for data stored in Active Directory

  1. In the Starling Two-Factor HTTP Module Configuration window, click the Active Directory tab and configure the following parameters:
    • Domain name: Enter the name of the Active Directory domain.
    • User name: Allows you to enter the name of the user used for querying the Active Directory.
    • Password: Allows you to enter the account password used to access the Active Directory.
    • Base DN: This is the path from where user search is performed. You must specify the root container to search the users in the format cn=users,dc=domain,dc=com, where cn is Common Name and dc is Domain Component. If Base DN is not specified, the entire directory is searched to locate the users.
    • Use SSL: Select this check box to enable LDAP over SSL for communicating with the Active Directory server.
    • Test Connection : Clicking this button will validate whether the entered domain credentials are valid or not.
    • Advanced Settings: Allows to modify the Active Directory attribute mapping. These attribute values are used during authentication. You can update the Active Directory attribute fields in the Active Directory Advanced Settings window as per the requirement. In the window, you can map Name, Email, and Phone Number to the attributes in Active Directory. The username entered in the client application will be validated against the Name attribute during two-factor authentication. By default, Name attribute is mapped to the samAccountName attribute in Active Directory.

Configuring protected websites

The Starling Two-Factor HTTP Module allows you to protect your websites. You can add the websites that you want to protect in the Protected Server Sites tab. The tab lists the websites in the Microsoft Web Server (IIS). You can select the required websites that have to be protected. You can enable protection for one or more websites both at server level and at the application level by selecting the appropriate check boxes.

To configure the protected server sites

  1. In the Starling Two-Factor HTTP Module Configuration window, click the Protected Server Sites tab and select one or more websites that you want to secure with the Starling Two-Factor Authentication.
  2. Click Save Settings.

To reflect the changes made during configuration after clicking Save Settings, Starling Two-Factor HTTP Module prompts you to restart IIS. You can click Yes to reflect the changes.

NOTE: Web applications having dependent sites will also show Starling Two-Factor authentication page, since they internally access the same URL.

For example, if the user protects OWA web application using Starling Two-Factor authentication, ECP or all dependent websites that also access OWA internally will also see the Starling Two-Factor authentication page. Access control is determined by the most specific path match found.

NOTE: Certain web applications does not allow you to edit the web.config file. It is recommended to avoid protecting these applications from the Two-Factor authentication.
Verwandte Dokumente