Once Starling Two-Factor Authentication is enabled (that is, Safeguard Authentication Services is joined to Starling and users are authorized to use Starling Two-Factor Authentication), anytime an authorized user attempts to log in to an integrated Unix-based host, they will see an additional login screen informing them that an additional authentication step is required.
The default prompt contains the following:
Enter a token or select one of the following options:
Token or option (1-3) [1]: <Token or option number>
This default prompt can be modified in vas.conf.
[STARLING] OPTIONS
The behavior of QAS Starling can be modified by using the following options in the [starling] section.
[starling]
prompt = <boolean>
prompt = <message-text>
Default value: "Enter a token or select one of the following options:\n\n 1. Starling Push\n 2. Phone
call\n 3. Send an SMS\n \nToken or option (1-3)[1]: "
This is the message that is initially displayed during a Starling authentication.
This prompt can span multiple lines, line separation is specified by adding \n to the prompt string.
NOTE: Changing the prompt will not change what is accepted as input.
[starling]
prompt = "Enter 1 for a push request, 2 for a phone call, 3 for a txt, or enter a token.\n "
NOTE: In order to display the prompts, the application must be able to handle pam conversations, such as sshd(keyboard-interactive). If the application can not handle pam conversations, such as sshd(password), a push authentication is sent instead of a prompt.
Unjoining Safeguard Authentication Services from Starling disables Starling Two-Factor Authentication in Safeguard Authentication Services.
To unjoin Safeguard Authentication Services from Starling
A Starling Organization Admin account or Collaborator account can rejoin Safeguard Authentication Services at any time.
To disable Starling 2FA for a specific PAM service, edit the PAM configuration file (/etc/pam.conf or /etc/pam.d/<service>). Modify the auth pam_vas line for the desired service.
To disable Starling 2FA for a specific PAM service
As root, add the following line to the PAM configuration file, on the first auth pam_vas line for the service:
disable_starling
From the Control Center, select Preferences then Schema Attributes to view and update schema configurations. These attribute mappings can be customized:
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center