Applications using the Join functionality like Active Roles, Password Manager, and Safeguard 2.2 will call two endpoints. These need to be accessible from the products.
https://sts.cloud.oneidentity.com – to get an authentication token
https://2faclient.cloud.oneidentity.com – to call the S2FA API
Prior to the Join functionality products integrated using the 2FA subscription key. Examples are Safeguard 2.1, Password Manager 5.7.1
They called a different endpoint.
NOTE: A Product configured using the subscription key and then upgraded to a version that supports the Join function, will continue using the subscription key endpoint until the JOIN process is completed. At that point, it will use the two endpoints noted above.
NOTE: When configuring Password Manager or other products in a DMZ environment the server needs to be able to resolve and reach the Starling URL. If it cannot the configuration will not work.