One Identity Starling Hosted - User Guide

Starling event forwarding

The Event Forwarding option on the Settings page allows you to send Starling event data to a service that supports Syslog. This feature is not enabled by default.

IMPORTANT: For information on the requirements to use this feature, see Additional hardware and software requirements.

To enable event forwarding

IMPORTANT: IMPORTANT: Only events occurring after the feature has been configured will be sent to your Syslog service and then able to be stored according to your preferences. Events that occur prior to configuration are not forwarded nor are they accessible within Starling.

  1. From the Starling home page, click the button in the upper right corner.
  2. In the Event Forwarding section of the Settings page, click Change.
  3. On the Configure Event Forwarding page, click the On/Off toggle to switch it to the On position.
  4. Fill in the following configuration fields:

    • Hostname/IP Address: Enter the hostname or IP address to which the event data will be sent.
    • Port: Enter the port number in this field. By default this is 6514.
    • Structured Data ID: (Optional) Use this field to specify an ID. For example, this could be passed to the Loggly logging service (https://www.loggly.com/) to identify a specific customer tenant within Loggly.

    Once you have filled in these fields the information will be saved automatically. Clicking the Send Test Event button will send a test event to your Syslog service to confirm the connection is working.

Connecting with ServiceNow

The Third Party Applications option on the Settings page allows you to connect Starling Identity Analytics & Risk Intelligence to the third party application ServiceNow in order to create incident tickets for rejected verification requests which can be managed and assigned within the ServiceNow application. This feature is not enabled by default and is only available for Starling Identity Analytics & Risk Intelligence.

To connect ServiceNow with the Starling Identity Analytics & Risk Intelligence service

  1. From the Starling home page, click the button in the upper right corner.
  2. In the Third Party Applications section of the Settings page, click Change.
  3. On the Third Party Applications page, click the On/Off toggle for ServiceNow Integration to switch it to the On position.
  4. Fill in the following configuration fields:

    • Instance URL: Enter the URL of the ServiceNow instance to which Starling Identity Analytics & Risk Intelligence will connect.
    • Username: Enter the username for a ServiceNow account with the itil role.
    • Password: Enter the password associated with the account.

    Once you have filled in these fields the information will be saved automatically.

  5. Click Test Connection to ensure Starling Identity Analytics & Risk Intelligence is able to connect with ServiceNow.
  6. In the Integration with Starling services section at the bottom of the page, click the On/Off toggle to switch it to the On position for Starling Identity Analytics & Risk Intelligence. Once this feature has been enabled, all rejected verification requests within Starling Identity Analytics & Risk Intelligence will create an incident ticket within ServiceNow.

Manage Organization Admins page

IMPORTANT: Only organization administrators can access this page.

The Manage Organization Admins page allows you to view and manage the users associated with your organization.

The following options and information appears on this page:

This field is used for filtering the displayed users.

Name

This is the name associated with the user.

Email

This is the email address associated with the user.

Role

This is the role currently assigned to the user.

Clicking the button associated with a user allows you to change a user's role. Depending on the type of user you are looking at, Promote to Organization Admin or Demote to Collaborator will be available for selection.

NOTE: This option does not appear when you are viewing your own account since you cannot demote your own role. It also does not appear for users that do not have a Starling account (for example, Two-Factor Authentication end users). To view a list of users associated with your services, see Access Summary page.

Editing organization roles

The Manage Organization Admins page allows organization administrators to manage the users associated with your Starling organization by promoting or demoting a user's access level within the organization.

To edit a role within an organization

NOTE: Only organization administrators can edit roles within an organization. Also, you cannot demote your own role.

  1. From the Starling home page, click the button in the upper right corner.
  2. In the Organization Admins section of the Settings page, click Manage.
  3. Locate the user you want to edit. You can use the filtering options at the top of the page to filter the listed users.
  4. Click the button associated with the user and, depending on their current role, you can select to either demote the user to a collaborator or promote them to an organization administrator.
    • Demote to Collaborator: Selecting this option will demote the user to a collaborator within the organization. This role retains access to all services they are currently assigned, but they have limited capabilities when it comes to configuring the organization. This means they will be unable to access the Access Summary page and cannot delete the organization.
    • Promote to Organization Admin: Selecting this option will promote the user to an organization administrator within the organization. This role retains access to all services they are currently assigned and also allows them to configuring the organization. This means they will be able to access the Access Summary page and can delete the organization.

    The new user role will automatically save once an option has been selected.

Related Documents