When your subscription is confirmed, you will receive an email containing your subscription details. This will include the:
To access the Starling 2FA dashboard
You will then be prompted for a token response.
|
NOTE: To obtain this response you must install the Starling 2FA App. Links to download the app are included in your confirmation email. |
To configure Cloud Access Manager to use Starling 2FA
Starling 2FA can be used as a two-factor authentication provider from within Cloud Access Manager. For instructions on how to configure two-factor authentication, please refer to Configuring front-end authenticators.
The Security Analytics Engine calculates a risk score based on various factors relating to the user at the time of authentication. These factors can include the user’s browser, their IP address, the time of day and any historical data from previous authentications. This risk score is reported to Cloud Access Manager as a value from 0 to 100 percent. You can configure Cloud Access Manager to change the authentication requirements for the user based on their risk score.
This section describes how to configure Cloud Access Manager to use the Security Analytics Engine. The example takes you through the steps required to configure Cloud Access Manager to adapt its access control based on the risk score reported by the Security Analytics Engine. For more information on how to configure the Security Analytics Engine, please refer to the following chapters in the Security Analytics Engine User Guide:
|
IMPORTANT: Any additional chapters within the Security Analytics Engine User Guide will not apply to Cloud Access Manager and using them may cause complications for both Cloud Access Manager and the Security Analytics Engine. |
|
NOTE: If multiple front-end authenticators are configured, step-up authentication will only be available for users authenticating with front-end authenticators which have two-factor authentication configured. In addition, when Cloud Access Manager is configured to use the Security Analytics Engine it is not important which two factor authentication mode is selected in the front-end authenticator configuration as all modes will be treated equally. The decision on when two factor authentication is required will be determined by the risk score returned. |
The Security Analytics Engine is installed automatically when you install Cloud Access Manager, but the application is dormant until you enable it from within Cloud Access Manager.
To enable the Security Analytics Engine
If you have upgraded from a version of Cloud Access Manager that did not include the Security Analytics Engine, and you are not using the LocalDB database, then you will be prompted to enter credentials allowing Cloud Access Manager to create a new database catalog. The credentials should be those of a member of the sysadmin role on the database server. In addition, the existing data source used by Cloud Access Manager will be set as the default data source. You may change this data source to store data for the Security Analytics Engine in a separate database to that used for storage of the main Cloud Access Manager data.
Cloud Access Manager then configures the Security Analytics Engine for use with Cloud Access Manager. This configuration will:
Configure the Security Analytics Engine to use Cloud Access Manager as a federated authenticator for allowing access to the Security Analytics Engine administration interface.
|
NOTE: Users should always access the Security Analytics Engine Administration web site through the links provided in Cloud Access Manager, please refer to the section To access the Security Analytics Engine user interface. |
Create a new Cloud Access Manager role named Security Analytics Engine Helpdesk.
|
NOTE: Users assigned the Security Analytics Engine Helpdesk role should refer to the following chapters of the Security Analytics Engine Help Desk User Guide for information on using the Security Analytics Engine:
|
On completion you will see the page shown below:
When a user attempts to access an application that is controlled by Cloud Access Manager a query is made to the Security Analytics Engine to evaluate the risk for the user. This risk score is a value from 0 to 100 percent, Cloud Access Manager maps this to one of three threat levels for low risk, medium risk and high risk users and then uses the threat level to decide what action to take on a per application basis. The action is either:
|
NOTE: For guidance on deploying Security Analytics Engine, SonicWALL and Cloud Access Manager together, please refer to the document entitled One Identity Cloud Access Manager SonicWALL Integration Overview. |
To configure which Security Analytics Engine policy to use
Each application within the Security Analytics Engine can have multiple policies associated with it. To select which of these policies Cloud Access Manager will use as the default policy, perform the following steps:
|
NOTE: Additional Security Analytics Engine policies can be configured from within the Security Analytics Engine Administration page. |
To configure threat levels
|
NOTE: The lower bounds for medium and high risk users will automatically change based on the values you enter for low and medium risk users. |
To configure the action to take when logging on to the Cloud Access Manager Application portal
To configure the action to take when a user accesses an application
You can either:
If you are overriding the standard threat levels:
If you are using roles to determine which users are assessed by the Security Analytics Engine:
The scores at which users will be denied access to the application will be set automatically based on the other scores.
|
NOTE: The default action for all threat levels is to allow access. You may edit the threat levels for multiple apps at once by using the commands on the Options menu on the Applications page. |
To configure Security Analytics Engine administrators and helpdesk users
To access the Security Analytics Engine user interface
From the Cloud Access Manager Application portal:
© ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center