Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Starling CertAccess Hosted - Administration Guide for One Identity Active Roles Integration

About this guide Starling CertAccess basics The Starling CertAccess Agent architecture Setting up initial synchronization Starling CertAccess Agent system requirements Installing, updating, and uninstalling Starling CertAccess Agent components Working with the Starling CertAccess Agent

Managing Starling CertAccess administrators

By default, the user that you used to initially register for One Identity Starling has administrative permissions for Starling CertAccess and the Starling CertAccess Agent. This user can grant other administrative users access to Starling CertAccess.

Starling CertAccess administrators configure Starling CertAccess using the Launchpad, they are target system managers for Active Directory, manage users, configure attestation and the IT Shop for requests.

To add an administrative user

  1. In the Launchpad, select Administrative tasks > System configuration > Manage administrators.

  2. Click Run.

    This opens the Manage Starling CertAccess administrators dialog.

  3. Click New.

  4. Enter the email address of the additional user.

  5. Click OK.

To edit an administrative user

  1. In the Launchpad, select Administrative tasks > System configuration > Manage administrators.

  2. Click Run.

    This opens the Manage Starling CertAccess administrators dialog.

  3. Select a user.

  4. Click Edit.

  5. Edit the user's email address.

  6. Click OK.

To delete an administrative user

  1. In the Launchpad, select Administrative tasks > System configuration > Manage administrators.

  2. Click Run.

    This opens the Manage Starling CertAccess administrators dialog.

  3. Select a user.

  4. Click Delete.

  5. Click OK.
Related topics

Installing the Starling CertAccess Service

IMPORTANT: Before you begin the installation, ensure that the server fulfills all the system requirements. For more information, see Starling CertAccess Agent system requirements.

The Starling CertAccess Service carries out synchronization between Starling CertAccess and the connected Active Roles environment. To install the Starling CertAccess Service, run the Server Installer program from the Launchpad. The program installs, configures, and starts the Starling CertAccess Service on a server.

NOTE: The program performs a remote installation of the Starling CertAccess Service. Local installation of the service is not possible with this program.

NOTE: In addition to installing the Starling CertAccess Service from the Launchpad, One Identity provides a Docker image for simple and standardized installation and running of the Starling CertAccess Service in Docker containers. You can find the Docker image and its description under https://hub.docker.com/r/oneidentity/oneim-job.

To install and configure the Starling CertAccess Service

  1. In the Launchpad, select Administrative tasks > System configuration > Install service.

  2. Click Run.

  3. On the Server Installer start page, click Next.

  4. When prompted, enter the configuration data for your Starling CertAccess instance.

  1. On the Select installation source page, select the directory with the install files. Change the directory if necessary.

  2. On the Service access page, enter the service's installation data.

    • Computer: Name or IP address of the server that the service is installed and started on.

    • Service account: Details of the user account that the Starling CertAccess Service is running under.

      • To start the service under another account, disable the Local system account option and enter the user account, password and password confirmation. Use the user account that you provided in your Active Roles for this purpose.

    • Installation account: Details of the administrative user account used to install the service on the server.

      • To use the current user’s account, set the Use current user option.

      • To use another user account, disable the Use current user option and enter the user account, password and password confirmation.

    • To change the install directory, names, display names or description of the Starling CertAccess Service, use the additional settings.

  3. Click Next to start installing the service.

    Installation of the service occurs automatically and may take some time.

  4. Click Finish on the last page of the Server Installer.

    NOTE: In a default installation, the service is entered in the server’s service management with the name Starling CertAccess Service.

Related topics

Configuring email distribution

For example, email notifications are sent if an approval decision about a request has been made or due to recertification. To use email notifications, configure how to send emails using the Launchpad. The following options are available:

  • Configure distribution of email notifications through an internal SMTP server

  • Secure email distribution through encryption and email signatures

  • Enable approval by mail

NOTE: Enter at least the mandatory data, otherwise email notifications cannot be sent.

To configure distribution of email notifications

  1. In the Launchpad, select Administrative tasks > System configuration > Configure email connection.

  2. Click Run.

  3. On the start page of the Mail Configuration Wizard, click Next.

  4. On the Create connection to the SMTP server page, configure the SMTP server connection to use for sending emails.

    • To test the user account data, click Test connection.

  5. On the Email settings page, you can define the default email address of a sender and a recipient as well as the layout of the email.

  6. On the Data security page, you can configure the data security settings.

  7. On the Email notifications about requests page, make any changes to the general settings for email notifications about requests. In addition, define whether the Approval by mail feature can be used for requests. If you enable this feature, the settings you need are shown.

  8. On the Email notifications about attestation page, make any changes to the general settings for email notifications about attestations.

    Attestors are notified once a day by email if they have pending attestation cases to approve.

  9. On the Report subscriptions page, you can change the default settings for report subscriptions.

  10. On the Email notifications about actions in the target system page, you can enter an email address for notifying about actions in the target system. This might be error or success messages about changes in the target system.

  11. On the last page of the Mail Configuration Wizard, click Finish.

Related topics

Configuring automatic assignment of identities

When you add a user account, an existing identity can automatically be assigned to it. If necessary, a new identity can be created. The identity's main data is created on the basis of existing user account main data. This mechanism can follow on after a new user account has been created manually or through synchronization.

Identities should not automatically be assigned to administrative user accounts. Use the excluded list to specify the user accounts that do not automatically have identities assigned to them. Each entry in the list is handled as part of a regular expression.

To edit the excluded list

  1. In the Launchpad, select Administrative tasks > System configuration > Configure automatic identity assignment.

  2. Click Run.

    This opens the Exclude list for automatic employee assignment dialog.

  3. To add a new entry, click Add.

    To edit an entry, select it and click Edit.

  4. Enter the name of the user account that does not allow identities to be assigned automatically.

    You are allowed to use the usual special characters for regular expressions.

  5. To delete an entry, select it and click Delete.

  6. Click OK.
Related topics
Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation