In order to use Starling Two-Factor Authentication with Safeguard Authentication Services, you will need the following:
An Active Directory group for Starling users.
NOTE: All Starling users must have the following defined in order to work with Starling 2FA:
The following table provides a list of supported platforms for integrating Safeguard Authentication Services with Starling Two-Factor Authentication.
NOTE: PPC64 and PPC64LE architectures require a kernel greater than 2.6.37.
Platform |
Version |
Architecture |
---|---|---|
CentOS Linux |
5, 6, 7, 8 |
Current Linux architectures: s390, s390x, PPC64, PPC64le, ia64, x86, x86_64, AARCH64 |
Debian |
x86_64, x86, AARCH64 | |
Fedora Linux |
x86_64, x86, AARCH64 | |
FreeBSD |
10.x, 11.x |
x32, x64 |
IBM AIX |
7.1, 7.2 |
Power 4+ |
OpenSuSE |
x86_64, x86, AARCH64 | |
Oracle Enterprise Linux (OEL) |
5, 6, 7, 8 |
Current Linux architectures: s390, s390x, PPC64, PPC64le, ia64, x86, x86_64, AARCH64 |
Oracle Solaris |
10 8/11, 11.x |
SPARC, x64 |
Red Hat Enterprise Linux (RHEL) |
5, 6, 7, 8 |
Current Linux architectures: s390, s390x, PPC64, PPC64le, ia64, x86, x86_64, AARCH64 |
SuSE Linux Enterprise Server (SLES)/Workstation |
11, 12, 15 |
Current Linux architectures: s390, s390x, PPC64, PPC64le, ia64, x86, x86_64, AARCH64 |
Ubuntu |
x86_64, x86, AARCH64 |
A new Group Policy Object has been added to Safeguard Authentication Services to manage the group file for Starling, which is located in /etc/opt/quest/vas/users.starling.
# This assumes that the host has been joined to the example.com domain.
# To validate the users.starling file, run:
# vastool info acl
#
# This file controls which user's have Starling appled to them during login based
# on group membership.
# For entries:
# If DOMAIN is omitted ( simple name given )it is assumed to be the joined domain.
# Entries are case insensitive.
# DOMAIN can be either long(fqdn) or short(netbios).
# Apply Starling to members of the sales and engineering groups.
# The entry DOMAIN\SamAccountName format is preferred.
EXAMPLE\sales
engineering
This file can be manually created or set using the GPO.
To enable Starling for users using the GPO
It may take up to 90 minutes to apply this configuration change. Use vgptool apply to apply the changes quicker.
Joining Safeguard Authentication Services to Starling allows you to use features from Starling Two-Factor Authentication.
To join Safeguard Authentication Services with Starling
On the Starling Two-Factor Authentication dialog, use the Product TIMs drop-down to select a valid Safeguard Authentication Services license.
NOTE: The other fields on this dialog are read-only and contain the following information after you successfully join to Starling:
Click Join to Starling.
NOTE: The following additional information may be required:
After the join has successfully completed, you will be returned to the Safeguard Authentication Services Control Center and the Join to Starling and enable Two-Factor Authentication pane will display the following:
The Starling Proxy Settings must be configured if your company policies do not allow devices to connect directly to the web. Once configured, Safeguard Authentication Services uses the configured proxy server for outbound web requests to Starling.
NOTE: One Identity recommends you use an automatic configuration script (proxy PAC file). To specify a previously configured PAC file, select the Use automatic configuration script check box and enter the address of the proxy.pac file.
To configure Starling to use a proxy server
On the Starling Proxy Configuration dialog, enter the following information about the proxy server to be used:
To specify a previously configured PAC file (recommended):
To use username/password to specify the proxy server:
Password: Enter the password associated with the user name specified. The password will be displayed in clear text.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center