Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Safeguard Authentication Services 5.0.8 - Administration Guide

Privileged Access Suite for Unix Introducing One Identity Safeguard Authentication Services Unix administration and configuration Identity management Migrating from NIS Managing access control Managing local file permissions Certificate Autoenrollment Integrating with other applications Managing Unix hosts with Group Policy
Safeguard Authentication Services Group Policy
Group Policy Concepts Unix policies One Identity policies
Display specifiers Troubleshooting Glossary

Integrating with other applications

Safeguard Authentication Services integrates with the following products.

  • InSync
  • One Identity™ Active Roles
  • One IdentityDefender®
  • One Identity™ Privilege Manager for Unix
  • One Identity™ Starling Two-Factor Authentication
  • Quest® Change Auditor
  • Quest® Enterprise Reporter
  • Quest® InTrust®
  • Quest® Recovery Manager for Active Directory

This section includes instructions for integrating Starling Two-Factor Authentication, Defender, and Change Auditor with Safeguard Authentication Services.

Note: See the One Identity website for information related to the integration of Safeguard Authentication Services with other products.

One Identity Starling integration

One Identity Starling Two-Factor Authentication is a SaaS solution that provides two-factor authentication on a product enabling organizations to quickly and easily verify a user's identity. This service is provided as part of the One Identity Starling cloud platform. Joining Safeguard Authentication Services to One Identity Starling allows you to take advantage of these companion features from Starling services. For more information on Starling, see the One Identity Starling User Guide.

In order to use Starling 2FA with Safeguard Authentication Services, you must join Safeguard Authentication Services to Starling. This is done from the Preferences | Starling Two-Factor Authentication pane in the Control Center. From this pane, you can also configure Starling to use a proxy server and customize the attributes to be used in push notifications.

Help links that provide assistance with Starling are available on the dialogs displayed when setting up the Starling Join Settings or Starling Proxy Settings:

  • Visit us Online displays the Starling login page where you can create a new Starling account. This help link is available on both dialogs.
  • Trouble Joining displays the Starling support page with information on the requirements and process for joining with Starling. This help link is available on the Starling Two-Factor Authentication dialog.
  • Trouble With Proxy displays the Starling support page with additional information on troubleshooting the proxy configuration. This help link is available on the Starling Proxy Configuration dialog.

Starling Two-Factor Authentication requirements

In order to use Starling Two-Factor Authentication with Safeguard Authentication Services, you will need the following:

  • A valid license for Safeguard Authentication Services.

  • A Starling Organization Admin account or a Collaborator account. For more information on Starling, see the One Identity Starling Hosted User Guide.

  • An Active Directory group for Starling users.

    NOTE: All Starling users must have the following defined in order to work with Starling 2FA:

    • Valid email address

    • Valid mobile phone number in E.164 format. (that is, +<country code><area code><phone number>)

    • Be a member of this Starling group dictated by GPO.

    For more information, see Setting up Starling users..

  • Safeguard Authentication Services 4.2 (or later)

The following table provides a list of supported platforms for integrating Safeguard Authentication Services with Starling Two-Factor Authentication.

NOTE: PPC64 and PPC64LE architectures require a kernel greater than 2.6.37.

Table 20: Starling 2FA: Supported platforms

Platform

Version

Architecture

CentOS Linux

5, 6, 7, 8

Current Linux architectures: s390, s390x, PPC64, PPC64le, IA-64, x86, x86_64, AARCH64

Debian

Current supported releases

x86_64, x86, AARCH64

Fedora Linux

Current supported releases

x86_64, x86, AARCH64

FreeBSD

10.x, 11.x

x32, x64

IBM AIX

7.1, 7.2

Power 4+

OpenSuSE

Current supported releases

x86_64, x86, AARCH64

Oracle Enterprise Linux (OEL)

5, 6, 7, 8

Current Linux architectures: s390, s390x, PPC64, PPC64le, IA-64, x86, x86_64, AARCH64

Oracle Solaris

10 8/11,

11.x

SPARC, x64

Red Hat Enterprise Linux (RHEL)

5, 6, 7, 8

Current Linux architectures: s390, s390x, PPC64, PPC64le, IA-64, x86, x86_64, AARCH64

SuSE Linux Enterprise Server (SLES)/Workstation

11, 12, 15

Current Linux architectures: s390, s390x, PPC64, PPC64le, IA-64, x86, x86_64, AARCH64

Ubuntu

Current supported releases

x86_64, x86, AARCH64

Setting up Starling users

A new Group Policy Object has been added to Safeguard Authentication Services to manage the group file for Starling, which is located in /etc/opt/quest/vas/users.starling.

Sample users.starling file

# This assumes that the host has been joined to the example.com domain.

# To validate the users.starling file, run:

# vastool info acl

#

# This file controls which user's have Starling appled to them during login based

# on group membership.

# For entries:

# If DOMAIN is omitted ( simple name given )it is assumed to be the joined domain.

# Entries are case insensitive.

# DOMAIN can be either long(fqdn) or short(netbios).

# Apply Starling to members of the sales and engineering groups.

# The entry DOMAIN\SamAccountName format is preferred.

EXAMPLE\sales

engineering

This file can be manually created or set using the GPO.

To enable Starling for users using the GPO

  1. Open your Group Policy management system.
  2. Select the applicable group policy.
  3. Navigate to Computer configuration | Unix Settings | Starling.
  4. Double-click users.starling.
  5. Add the groups that contain the users to be enabled to use Starling 2FA.

It may take up to 90 minutes to apply this configuration change. Use vgptool apply to apply the changes quicker.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation