Password Manager5.9.5 supports integration with One Identity Starling services. The Starling Join feature in Password Manager now enables you to connect to One Identity Starling, the Software as a Service (SaaS) solution of One Identity. To use One Identity Starling, you have to purchase One Identity Starling subscription. Each One Identity Starling subscription is registered with a phone number to which the token response for authentication or the push notification is sent. The token generation method is dependent on the method (SMS, Phone call, OTP on Starling 2FA app or push notification) that is enabled for your subscription.
Pre-requisites to configure One Identity Starling
Before you configure Starling using the Password Manager, ensure the following:
- Users must have acquired valid Starling Credentials, such as a Starling Organization Admin account or a Collaborator account associated with the One Identity Hybrid subscription. For more information on Starling, see the One Identity Starling User Guide.
- The Password Manager must be running on the computer where you want to configure Starling.
- The Password Manager must have a managed domain.
To configure One Identity Starling for authentication
- On the home page of the Administration site, click the One Identity Starling tab.
- Click Join to Starling. It will redirect to One Identity Starling website. Enter your One Identity Starling credentials to take advantage of connected services like Two-Factor Authentication, Identity Analytics & Risk Intelligence, and more.
NOTE: In case of Password Manager upgrade, you will not be able to see the old subscription key and the configuration details of Starling that were used for Starling Two factor Authentication. You will again have to Join Starling in the One Identity Starling page, with a valid Starling account.
- After successful verification, you will be redirected to One Identity Starling page on Administration site.
- After the information is saved, Starling Join status displays.
NOTE: If you have a Starling account, when a subscription is created for you, you will receive a Starling invitation email. Click the link in the email and log in to the Starling account. NOTE: If you do not have a Starling account, when a subscription is created for you, you will get a Starling Sign-up email to complete a registration process to create a Starling account. Complete the registration and log in using the credentials that you have provided during registration. For account creation details, see the One Identity Starling User Guide.
For Starling Two-Factor Authentication, you can configure user's phone number in the appropriate Active Directory's attribute and the same attribute must be configured in General Settings -> Reinitialization.
In the Select the attribute of user’s account in Active Directory in which user’s Questions and Answers profile and Corporate phone will be stored section, configure the attribute of Corporate phone field. By default, the attribute value for Corporate phone is mobile.
Disconnecting One Identity Starling from Password Manager
To unjoin One Identity Starling, click Unjoin Starling. This deletes the joined instances from One Identity Starling services and the Starling Join information from storage. After the unjoin, the initial page displays.
One Identity Starling Two-factor Authentication for Password Manager
Since Password Manager manages confidential Password Manager user details in both on-premises and cloud based environments, it is appropriate and safer to have an additional security measure such as the two-factor authentication. Password Manager now supports One Identity's Starling Two-Factor Authentication service.
The Starling Two-factor authentication provides enhanced security by necessitating users to provide two forms of authentication to Password Manger, namely a user name and password combination along with a token response. The token response is collected through an SMS, Phone call, or push notification received on a physical device such as a mobile or any other device other than the browser.
Registering to One Identity Starling 2FA
In order to use Starling 2FA, you must first register to the product. When you register to Starling 2FA using your mobile number, an SMS is delivered with the mobile app download link. Click on the link to access the App Store or Play Store from where you can download the Starling mobile application. Alternatively, you can go to the App Store or Play Store and search and download the Starling.
The following 2FA options are supported:
- Push Notification: After the Starling app is downloaded and registered with user’s email id and mobile number, the user will get a push notification to Approve or Deny Starling Authentication.
- Voice: The user will get a voice call on the registered mobile number and on call user will get an OTP.
- SMS OTP: The user will get an OTP through SMS on the registered mobile number.
- The user can open starling app and copy paste the code form the Starling app to Password Manager and click on Verify.
When a Starling 2FA enabled user tries to log in to the Password Manager Web interface, the user is prompted to enter the Starling Two-factor token response. Based on the option selected by the user, the token response is provided through SMS, Phone Call or Push Notifications.
On entering the token response and after successful verification the Web interface is displayed.
|NOTE: Push Notification works only if the Starling App is installed on the device with registered mobile number. The link to install the Starling App will be send to your registered mobile number at the time of registering to Starling.|