One Identity Starling integration
Starling Two-Factor Authentication requirements
Joining Authentication Services with Starling
Logging in with Starling Two-Factor Authentication
Disabling Starling 2FA for a specific PAM service
One Identity Defender integration
One Identity Defender installation prerequisites
Change Auditor for Authentication Services integration
Authentication Services integrates with the following products.
This section includes instructions for integrating Starling Two-Factor Authentication, Defender, and Change Auditor with Authentication Services.
|
Note: See the One Identity website for information related to the integration of Authentication Services with other products. |
One Identity Starling Two-Factor Authentication is a SaaS solution that provides two-factor authentication on a product enabling organizations to quickly and easily verify a user's identity. This service is provided as part of the One Identity Starling cloud platform. In addition, Starling offers a hybrid service, One Identity Hybrid, that allows you to take advantage of companion features from Starling services, such as Starling Two-Factor Authentication (2FA). Joining One Identity Authentication Services to One Identity Starling allows you to take advantage of these companion features from Starling services.
In order to use Starling 2FA with Authentication Services, you must join Authentication Services to Starling. This is done from the Preferences | Starling Two-Factor Authentication Join pane in the Control Center. This pane also includes the following Help links, which provide assistance with Starling:
In order to use Starling Two-Factor Authentication with Authentication Services, you will need the following:
An Active Directory group for Starling users.
|
NOTE: All Starling users must have the following defined in order to work with Starling 2FA:
|
The following table provides a list of supported platforms for integrating Authentication Services with Starling Two-Factor Authentication.
|
NOTE: PPC64 and PPC64LE architectures require a kernel greater than 2.6.37. |
Platform |
Version |
Architecture |
---|---|---|
CentOS Linux |
5, 6, 7 |
Current Linux architectures: s390, s390x, PPC64, PPC64le, ia64, x86, x86_64, AARCH64 |
Debian |
x86_64, x86, AARCH64 | |
Fedora Linux |
x86_64, x86, AARCH64 | |
OpenSuSE |
x86_64, x86, AARCH64 | |
Oracle Enterprise Linux (OEL) |
5, 6, 7 |
Current Linux architectures: s390, s390x, PPC64, PPC64le, ia64, x86, x86_64, AARCH64 |
Red Hat Enterprise Linux (RHEL) |
5, 6, 7 |
Current Linux architectures: s390, s390x, PPC64, PPC64le, ia64, x86, x86_64, AARCH64 |
Solaris |
10.x 11.x |
SPARC SPARC, x64 |
SuSE Linux Enterprise Server (SLES)/Workstation |
11, 12, 15 |
Current Linux architectures: s390, s390x, PPC64, PPC64le, ia64, x86, x86_64, AARCH64 |
Ubuntu |
x86_64, x86, AARCH64 |
A new Group Policy Object has been added to Authentication Services to manage the group file for Starling, which is located in /etc/opt/quest/vas/users.starling.
# This assumes that the host has been joined to the example.com domain.
# To validate the users.starling file, run:
# vastool info acl
#
# This file controls which user's have Starling appled to them during login based
# on group membership.
# For entries:
# If DOMAIN is omitted ( simple name given )it is assumed to be the joined domain.
# Entries are case insensitive.
# DOMAIN can be either long(fqdn) or short(netbios).
# Apply Starling to members of the sales and engineering groups.
# The entry DOMAIN\SamAccountName format is preferred.
EXAMPLE\sales
engineering
This file can be manually created or set using the GPO.
To enable Starling for users using the GPO
It may take up to 90 minutes to apply this configuration change. Use vgptool apply to apply the changes quicker.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy