Use the Send Test Event link located under the SNMP table to send a test event to verify the SNMP configurations.
To validate your setup
- Go to SNMP:
web client: Navigate to
External Integration | SNMP.
desktop client: Navigate to Administrative Tools | Settings | External Integration | SNMP.
- When configuring your SNMP subscription, on the SNMP dialog, add the test event to your event subscription. For more information, see Configuring SNMP subscriptions.
- On the SNMP settings pane:
- Select the SNMP configuration from the table.
- Click Send Test Event. Safeguard for Privileged Passwords sends a test event notification to your SNMP console.
Safeguard for Privileged Passwords can join with the cloud platform One Identity Starling. By joining with One Identity Starling, Safeguard for Privileged Passwords customers can take advantage of companion features from multiple Starling services; such as Starling Two-Factor Authentication and Starling Connect. For more information, see Join Starling.
In order to use the Safeguard for Privileged Passwords features associated with Starling Connect and Starling Two-Factor Authentication, you must join Safeguard for Privileged Passwords to Starling. It is the responsibility of the Appliance Administrator to join One Identity Safeguard for Privileged Passwords to Starling.
NOTE: In version 2.1 and earlier, you had to specify a Starling API key in order to use Approval Anywhere and Starling Two-Factor Authentication (2FA) as a secondary authentication provider. This is no longer necessary when you join Safeguard for Privileged Passwords to Starling. If you previously configured these features, once you join to Starling, Safeguard for Privileged Passwords automatically migrates your previous configurations to use the credential string generated by the join process.
For additional information and documentation regarding the Starling Cloud platform and services, see Starling Two-Factor Authentication - Technical Documentation and Starling Connect - Technical Documentation.
Prerequisites
See the Starling Release Notes for currently supported platforms.
In order to use the companion features from Starling services, first configure the following:
-
Register a Starling organization. For more information on Starling, see the One Identity Starling User Guide.
IMPORTANT: The Starling Two-Factor Authentication service is only available to organizations associated with the United States data center. The Starling Connect service is available to organizations in both the United States and European Union data centers.
-
Download the Starling 2FA app on your mobile phone to use the Approval Anywhere feature.
- If your company requires the use of a proxy to access the internet, you must configure the web proxy to be used. For more information on configuring a web proxy to be used by Safeguard for Privileged Passwords for outbound web requests to integrated services, see Networking.
Join Safeguard for Privileged Passwords with Starling
NOTE: You must be an Organization Admin for the Starling organization in order to join Safeguard for Privileged Passwords with Starling.
- Go to Starling:
web client: Navigate to
External Integration | Starling.
desktop client: Navigate to Administrative Tools | Settings | External Integration | Starling.
- Notice that this pane also includes the following links, which provide assistance with Starling:
- Visit us online to learn more displays the Starling login page where you can create a new Starling account.
- Trouble Joining displays the Starling support page with information on the requirements and process for joining with Starling.
-
Click Join to Starling and follow the prompts to complete the process.
The following additional information may be required:
- If you do not have an existing session with Starling, you will be prompted to authenticate.
- If your Starling account belongs to multiple organizations, you will be prompted to select which organization Safeguard for Privileged Passwords will be joined with.
After the join has successfully completed, you will be returned to the Safeguard for Privileged Passwords client and the Starling settings pane will now show Joined to Starling. For information on the features that are now available, see After the join.
To unjoin Safeguard for Privileged Passwords from Starling
- Go to Starling:
web client: Navigate to
External Integration | Starling.
desktop client: Navigate to Administrative Tools | Settings | External Integration | Starling.
-
Click Unjoin Starling.
Safeguard for Privileged Passwords will no longer be joined to Starling, which means that Approval Anywhere, two-factor authentication as a secondary authentication provider, and integrated connectors are also disabled in Safeguard for Privileged Passwords. A Starling Organization Admin account can rejoin Safeguard for Privileged Passwords to Starling at any time.
After the join
Once Safeguard for Privileged Passwords is joined to Starling, the following Safeguard for Privileged Passwords features are enabled:
Features using Starling Two-Factor Authentication:
-
Secondary authentication
Safeguard for Privileged Passwords supports two-factor authentication by configuring authentication providers, such as Starling Two-Factor Authentication, which are used to configure Safeguard for Privileged Passwords's authentication process such that it prompts for two sources of authentication when users log in to Safeguard for Privileged Passwords.
A Starling 2FA authentication provider is automatically added to Safeguard for Privileged Passwords when you join Safeguard for Privileged Passwords to Starling. As an Authorizer or User Administrator, you must configure users to use Starling 2FA as their secondary authentication provider when logging into Safeguard for Privileged Passwords. For more information, see Configuring user for Starling Two-Factor Authentication when logging in to Safeguard.
-
Approval Anywhere
The Safeguard for Privileged Passwords Approval Anywhere feature integrates its access request workflow with Starling Two-Factor Authentication (2FA), allowing approvers to receive a notification through an app on their mobile device when an access request is submitted. The approver can then approve (or deny) access requests through their mobile device without needing access to the desktop or web application.
Approval Anywhere is enabled when you join Safeguard for Privileged Passwords to One Identity Starling. As a Security Policy Administrator, you must define the Safeguard for Privileged Passwords users authorized to use Approval Anywhere. For more information, see Adding authorized user for Approval Anywhere.
Feature using Starling Connect
-
Starling Connect Registered Connectors
This feature integrates your Starling connectors with Safeguard for Privileged Passwords. This allows for the accounts stored in the connectors to be discovered and controlled by Safeguard for Privileged Passwords through the use of partitions which allow for rotating passwords to provide additional security for them. For more information, see Registered Connectors
Safeguard for Privileged Passwords allows you to define one or more syslog servers to be used for logging Safeguard for Privileged Passwords event messages. Appliance Administrators can specify to send different types of messages to different syslog servers. The syslog client certificate will be used. For more information, see Syslog Client Certificate.
To define and manage the syslog servers, go to Syslog:
web client: Navigate to
External Integration | Syslog.
desktop client: Navigate to Administrative Tools | Settings | External Integration | Syslog.
The Syslog pane displays the following about each syslog server defined. The desktop client is in a different order and includes some fields that are in the Syslog Events setting in the web client.
Table 174: Syslog server: Properties
Name
web client
|
The name of the syslog server |
Network Address |
The IP address or FQDN of the syslog server |
Port |
The port number for syslog server |
Protocol |
The network protocols and syslog header type |
Use TLS Encryption
web client
|
If selected, provides encrypted communication with the syslog server instead of plain text over TCP |
Use Client Certificate
web client
|
If selected, the syslog server requires clients to authenticate |
Verify Server Certificate
web client
|
If selected, the syslog server certificate messages will only be sent if Safeguard for Privileged Passwords is able to verify the authenticity of the syslog server TLS certificate |
Facility
desktop client
|
The type of program being used to create syslog messages |
Description
desktop client
|
The description of the syslog server configuration |
# of Events
desktop client
|
The number of events selected to be logged to the syslog server |
Format
desktop client
|
The format which can be CEF or JSON |
Prefix
desktop client
|
If the format is JSON, the text that will be prepended to the JSON attributes |
Use these toolbar buttons to manage the syslog server configurations