One Identity Starling helps to combine products from the One Identity line to create a secure and customizable cloud service. For more information, see One Identity Starling, see Starling - Technical Documentation.
If you are using a Starling 2FA plugin, (that is, you have uploaded it to Basic Settings > Plugins and then configured it at Policies > AA Plugin Configurations) and the SPS node is joined to One Identity Starling, you do not have to specify api_key and api_url in the Starling 2FA plugin configuration. This configuration method is more secure.
CAUTION: Joining to One Identity Starling is currently only available if you join to a US data center. It is not available for joining to EU data centers.
The following describes how to join SPS to One Identity Starling and take advantage of companion features from Starling products such as 2FA and Identity Analytics.
To join SPS to One Identity Starling
If SPS is behind a web proxy, navigate to Basic Settings > Network > HTTPS Proxy and configure the proxy settings. For details, see Network settings.
Currently only built-in Certificate Authorities are supported. If web proxy replaces the certificates of the Starling website on-the-fly, the join process might fail.
By clicking Next, you have joined your SPS machine to Starling. Now you have to store this information in SPS to finish the join process.
Copy your Credential String from the page. For example,
Paste your Credential String into the Credential String field.
If for some reason you cannot paste the Credential String, you can re-retrieve it by refreshing this page and repeating the join process. You will receive the same Credential String if you did not change your host name.
If you intend to decommission an SPS machine, or replace it with another one, you have to unjoin that machine and join the new machine. The following describes how to unjoin SPS from One Identity Starling.
To unjoin SPS from One Identity Starling
The Users & Access Control menu (previously named AAA menu) allows you to control the authentication, authorization, and accounting settings of the users accessing One Identity Safeguard for Privileged Sessions (SPS). The following will be discussed in the next sections:
For details on how to authenticate locally on SPS — see Managing One Identity Safeguard for Privileged Sessions (SPS) users locally.
For details on how to authenticate users using an external LDAP (for example Microsoft Active Directory) database, see Managing One Identity Safeguard for Privileged Sessions (SPS) users from an LDAP database.
For details on how to authenticate users using an external RADIUS server, see Authenticating users to a RADIUS server.
For details on how to control the privileges of users and usergroups, see Managing user rights and usergroups.
For details on how to display the history of changes of SPS configuration, see Listing and searching configuration changes.