Password Manager 5.9.3 and 5.8.2
Starling Two-Factor Authentication will begin enforcing usage of the TLS 1.2 protocol beginning September 10th, 2020. This change is being made to increase overall security practices.
As a result of this change Password Manager 5.9.3 and 5.8.2 Starling Two-Factor Authentication unjoin function fails when the TLS 1.2 protocol is enforced. Additionally, in Password Manager 5.8.2, the activity Authenticate with Starling Two-Factor Authentication SMS and Phone Call options also fail if Password Manager is already joined to Starling Two-Factor Authentication.
How does this affect me?
Password Manager 5.9.3 and 5.8.2 customers using Starling Two-Factor Authentication will be unable to unjoin from Starling Two-Factor Authentication once the TLS 1.2 protocol is enforced.
Additionally, customers using Password Manager 5.8.2 with Self-service or Helpdesk workflows configured with the activity Authenticate with Starling Two-Factor Authentication will see the SMS and Phone Call functionality fail for the end users and Helpdesk Administrators.
Join to Starling Two-Factor Authentication Push Notifications and other functionalities of Starling Two-Factor Authentication will continue to work as expected on both versions.
There are 2 available solutions to resolve this issue:
There is a public hotfix available for Password Manager 5.9.3 and 5.8.2.
Additionally, there is a workaround available to manually update the .NET settings in the Password Manager configuration files. For additional information please see KB articles below for your specific version.
For customer’s using Password Manager 5.9.3 please follow the directions provided in KB 319839.
For customer’s using Password Manager 5.8.2 please follow the directions provided in KB 319838.
Note that this issue is resolved in the upcoming version of Password Manager 5.9.4, which will be released in the fall of 2020.
All other versions of Password Manager are considered discontinued and have not been tested against Starling Two-Factor Authentication. One Identity strongly suggests upgrading to 5.9.3 with the latest hotfixes to avoid any interruption in product functionality.
We apologize for the inconvenience this issue may have caused.