Configuring Connectors in Starling
Before you configure Starling using the Active Roles Configuration Center, ensure the following:
-
Users must have acquired valid Starling Credentials, such as a Starling Organization Admin account or a Collaborator account associated with the One Identity Hybrid subscription. For more information on Starling, see the One Identity Starling User Guide.
- The Active Roles Administration Service must be running on the computer where you want to configure Starling.
- The Active Roles Administration Service must have a managed domain.
Configuring Starling in Active Roles
Active Roles version 7.4 supports integration with One Identity Starling services. The Starling Join feature in Active Roles now enables you to connect to One Identity Starling, the Software as a Service (SaaS) solution of One Identity. The Starling Join feature enables access to the Starling services through Active Roles thus allowing to benefit from the Starling services such as Two-factor Authentication and Identity Analytics and Risk Intelligence.
You can use the Active Roles Configuration Center to join One Identity Starling to Active Roles on the Starling wizard.
To start the wizard, click Configure in the Starling area on the Active Roles Dashboard page in the Configuration Center main window. The Starling wizard enables you to perform the Starling join operation.
Configuring Active Roles to join One Identity Starling
To configure Active Roles to join Starling
- On the Active Roles Configuration Center, under Starling, click Configure.
- Click Join One Identity Starling. The Get Started page on the Starling product is displayed.
- On the Starling Get Started page, enter your work email address enabled with Starling, and click Next.
- Enter the Starling credentials provided to you at the time of subscribing to Starling and follow the instructions displayed on the wizard to continue.
NOTE:
- If you have a Starling account, when a subscription is created for you, you will receive a Starling invitation email. Click the link in the email and log in to the Starling account.
-
If you do not have a Starling account, when a subscription is created for you, you will get a Starling Sign-up email to complete a registration process to create a Starling account. Complete the registration and log in using the credentials that you have provided during registration. For account creation details, see the One Identity Starling User Guide.
The One Identity Starling dialog box in Active Roles with a progress message indicating the progress of joining Starling is displayed. A join confirmation page is displayed with the name of the Active Roles instance that is going to be joined to Starling .
After the operation is completed successfully, the Starling tab is displayed with Account Joined success message.
To view the Starling 2FA settings
- On the Active Roles Configuration Center, in the left pane, click Starling.
- Click Starling tab.
The status of the Starling connection is displayed.
- Click Starling 2FA tab.
The status Starling 2FA is displayed.
-
To disable the Starling 2FA feature click Disable Starling 2FA. To enable it again, click Enable Starling 2FA.
SCIM attribute mapping with Active Directory for users and groups
Active Roles provides support to connect to Starling Connect to manage the user provisioning and deprovisioning activities for the registered connectors. This is achieved through the internal attribute mapping mechanism. The AD attributes are mapped to SCIM attributes to perform each operation.
SCIM attribute mapping with Active Directory for Users
| SCIM | Active Directory |
| displayName | displayName |
| givenName | givenName |
| familyName | sn |
| middleName | middleName |
| title | title |
| password | edsaPassword |
| streetAddress | streetAddress |
| locality | city |
| postalCode | postalCode |
| region | state |
| country | c |
| active | edsaAccountIsDisabled |
| userName | edsvauserName |
| honorificPrefix | initials |
|
formattedName |
cn |
| emails | proxyAddresses,mail |
| preferredLanguage | preferredLanguage |
| description | description |
| emailEncoding | edsvaemailEncoding |
| alias | edsvaalias |
| division | division |
| company | company |
| department | department |
| homePage | wWWHomePage |
| lastLogon | lastLogon |
| accountExpires | accountExpires |
|
timezone |
edsvatimezone |
|
entitlements |
edsvaentitlements |
| employeeNumber | employeeNumber |
| cn | cn |
| userPermissionsMarketingUser | edsvauserPermissionsMarketingUser |
| userPermissionsOfflineUser | edsvauserPermissionsOfflineUser |
| userPermissionsAvantgoUser | edsvauserPermissionsAvantgoUser |
| userPermissionsCallCenterAutoLogin | edsvauserPermissionsCallCenterAutoLogin |
| userPermissionsMobileUser | edsvauserPermissionsMobileUser |
| userPermissionsSFContentUser | edsvauserPermissionsSFContentUser |
| userPermissionsKnowledgeUser | edsvauserPermissionsKnowledgeUser |
| userPermissionsInteractionUser | edsvauserPermissionsInteractionUser |
| userPermissionsSupportUser | edsvauserPermissionsSupportUser |
| userPermissionsLiveAgentUser | edsvauserPermissionsLiveAgentUser |
| locale | localeID |
| phoneNumbers | telephoneNumber,mobile,homePhone |
| manager | manager |
SCIM attribute mapping with Active Directory for Groups
| SCIM | Active Directory |
| displayName | cn |
|
members |
member |
|
|
|
|
manager |
managedBy |