-
Title
What port or URL does Starling 2FA integration require? -
Description
When configuring Starling 2FA with on premise applications what ports or URL's need to be available to ensure operation? -
Resolution
RESOLUTION:
Applications using the Join functionality like Active Roles, Password Manager, and Safeguard 2.2 will call two endpoints. These need to be accessible from the products.
https://sts.cloud.oneidentity.com – to get an authentication token
https://2faclient.cloud.oneidentity.com – to call the S2FA API
Prior to the Join functionality products integrated using the 2FA subscription key. Examples are Safeguard 2.1, Password Manager 5.7.1
They called a different endpoint.
https://api.2fa.cloud.oneidentity.com:443
NOTE: A Product configured using the subscription key and then upgraded to a version that supports the Join function, will continue using the subscription key endpoint until the JOIN process is completed. At that point, it will use the two endpoints noted above.
NOTE: When configuring Password Manager or other products in a DMZ environment the server needs to be able to resolve and reach the Starling URL. If it cannot the configuration will not work.