To try and evaluate One Identity Safeguard Remote Access, you can start a trial from the One Identity Starling home page.
To start the One Identity Safeguard Remote Access trial
-
From the One Identity Starling home page (https://www.cloud.oneidentity.com/), click Sign in to Starling.
-
Navigate to Services.
-
Under Starling Remote Access, click Trial
Figure 3: Services > Trial - Starting the One Identity Safeguard Remote Access trial
-
Select Your Location and click Confirm.
The One Identity Safeguard Remote Access trial appears under your My Services list. You can monitor your trial expiration date here.
-
Click the One Identity Safeguard Remote Access trial.
This section describes the various settings and policies that you must configure in One Identity Safeguard for Privileged Sessions (SPS) to join the appliance to One Identity Starling and integrate with One Identity Safeguard Remote Access (SRA).
The configuration pages referenced in this section are applicable to the web interface of SPS and are written in bold. For example, Basic Settings > Network.
In a typical One Identity Safeguard Remote Access (SRA) use case, the end-user and the user on the (target) server are different. The end-user is identified by their email address and the server user is typically identified by an administrative account name like root or Administrator. One Identity Safeguard for Privileged Sessions (SPS) does not allow different end-user (called gateway user in SPS) and server user by default in a connection. Therefore, you must apply a Usermapping policy on the Connection policy.
To create a new Usermapping policy
-
Navigate to Policies > Usermapping policies.
-
Add a new policy (Username on the server and Groups).
Example: Creating a new Usermapping policy
As an example, the following policy allows any kind of user mapping.
Figure 4: Policies > Usermapping policies - Creating usermapping policies
For more information on HTTPS proxy setting, refer to the One Identity Safeguard for Privileged Sessions Administration Guide or part of it in Configuring usermapping policies in the Appendix.
Configuring a credential store is an optional step for both RDP and SSH connection policies.
To enable password-less login to target servers
-
Create a local credential store.
-
Setup login credentials to the target server.
Figure 5: Policies > Credential stores — Creating local credential stores
For more information on HTTPS proxy setting, refer to the One Identity Safeguard for Privileged Sessions Administration Guide or part of it in Configuring local Credential Stores and Using credential stores for server-side authentication in the Appendix.
