Chat now with support
Chat with Support

Safeguard Authentication Services 5.0.5 - Upgrade Guide

Privileged Access Suite for Unix Introducing One Identity Safeguard Authentication Services Upgrade Windows components Configure Active Directory Configure Unix agent components Upgrade client components manually Getting started with Safeguard Authentication Services Troubleshooting

Unjoining from Starling

Unjoining Safeguard Authentication Services from Starling disables Starling Two-Factor Authentication in Safeguard Authentication Services.

To unjoin Safeguard Authentication Services from Starling

  1. From the Control Center, navigate to Preferences | Starling Two-Factor Authentication.
  2. In the Join to Starling and enable Two-Factor Authentication pane, click Starling Join Settings
  3. On the Starling Two-Factor Authentication dialog, click Unjoin Starling.

A Starling Organization Admin account or Collaborator account can rejoin Safeguard Authentication Services at any time.

Disabling Starling 2FA for a specific PAM service

To disable Starling 2FA for a specific PAM service, edit the PAM configuration file (/etc/pam.conf or /etc/pam.d/<service>). Modify the auth pam_vas line for the desired service.

To disable Starling 2FA for a specific PAM service

  1. As root, add the following line to the PAM configuration file, on the first auth pam_vas line for the service:

    disable_starling

Schema Attributes

From the Control Center, select Preferences then Schema Attributes to view and update schema configurations. These attribute mappings can be customized:

Unix Attributes

The Unix schema attributes are fully customizable in Safeguard Authentication Services. The Unix Attributes section allows you to see which LDAP attributes are mapped to Unix attributes. You can modify this mapping to enable Safeguard Authentication Services to work with any schema configuration. To customize the mapping, you select a schema template or specify your own custom attributes. A schema template is a pre-defined set of common mappings which adhere to common schema extensions for storing Unix data in Active Directory.

From the Control Center, select Preferences | Schema Attributes. Click the Unix Attributes link in the upper right to display the Customize Schema Attributes dialog.

Safeguard Authentication Services supports the following schema templates if the required schema is installed:

Table 20: Unix schema attributes
Schema Template Description

Schemaless

A template that encodes Unix attribute data in an existing multi-valued attribute.

Windows R2

A template that uses attributes from the Windows 2003 R2 schema extension.

Services for Unix 2.0

A template that uses attributes from the SFU 2.0 schema extension.

Services for Unix 3.0

A template that uses attributes from the SFU 3.0 schema extension.

BEST PRACTICE: Use a schema designed for storing Unix data in Active Directory whenever possible. Schemas designed for storing Unix data in Active Directory include: Windows 2003 R2, SFU 2, and SFU 3. Only use "schemaless" or custom mappings if it is impossible to make schema extensions in your environment.

NOTE: If you are running Safeguard Authentication Services without an application configuration in your forest and your domain supports Windows R2, you can enable Safeguard Authentication Services to use the Windows R2 schema. However, note that some functionality provided by the Safeguard Authentication Services application configuration will be unavailable.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating