Chat now with support
Chat with Support

Starling Identity Analytics & Risk Intelligence Hosted - User Guide

Starling Identity Analytics & Risk Intelligence Getting started Settings Collaborators Collector agents Licensing Rules Risk Verification Reports

Managing data source modules

Once a data source has been added to Starling Identity Analytics & Risk Intelligence and appears on the Data Source Modules page, the following actions can be taken:

For Azure Active Directory data source modules there are additional configuration requirements. For more information, see Configuring Azure Active Directory and Removing the connection to Azure Active Directory.

Configuring Azure Active Directory

In order for Azure Active Directory to connect with Starling Identity Analytics & Risk Intelligence, some additional configuration must first be done within Azure Active Directory.

IMPORTANT: Read the Additional hardware and software requirements before beginning the process of configuring Azure Active Directory.

To configure Azure Active Directory to connect with Starling Identity Analytics & Risk Intelligence

  1. With a user that has App registration permissions, log in to Azure Active Directory.
  2. Click Azure Active Directory in the left pane.
  3. On the Azure Active Directory page, click Properties.
  4. On the Properties page, copy and save the Directory ID value.
  5. On the Azure Active Directory page, click App registrations.
  6. On the App registrations page, click New application registration.
  7. In the Name field, enter a name for the application (for example, IARI).
  8. In the Application type field, select Web app / API.
  9. For the Sign-on URL, enter https://iari/collector.
  10. Click Create.
  11. Once the application has registered, copy and save the Application ID value.
  12. Click Settings at the top of the Registered app page.
  13. On the Settings page, click Properties.
  14. In the App ID URI field, enter https://iari/collector.
  15. Click Save at the top of the Properties page.
  16. On the Settings page, click Keys.
  17. On the Keys page, enter App Secret in the Key Description field.
  18. Select Never Expires for the Duration.
  19. Click Save at the top of the Keys page.
  20. Copy and save the key value that appears. You will NOT be able to access this key again and it is required by Starling Identity Analytics & Risk Intelligence when adding the Azure Active Directory data source module.
  21. On the Settings page, click Required permissions.
  22. On the Required permissions page, click Add.
  23. On the Add API access page, click Select an API.
  24. On the Select an API page, click Microsoft Graph.
  25. Click Select.
  26. On the Enable Access page, select the following permissions:

    • Read all audit log data
    • Read all hidden memberships
    • Read all groups
    • Read directory data
    • Read all users' full profiles
  27. Click Select.
  28. On the Add API access page, click Done.
  29. Once these permissions have been saved, administrator approval is required. This administrator will require the Directory ID and Application ID saved during the configuration process to access https://login.microsoftonline.com/<Directory ID>/adminconsent?client_id=<Application ID>&redirect_uri=https://iari/collector.

Removing the connection to Azure Active Directory

If you decide to remove the connection between Azure Active Directory and Starling Identity Analytics & Risk Intelligence, the following instructions will walk you through undoing the configuration changes originally made to Azure Active Directory.

To undo the Azure Active Directory configuration changes

  1. Uninstall the Azure Active Directory data source module within Starling Identity Analytics & Risk Intelligence. For more information, see Uninstalling a data source module.
  2. With the same user account that originally configured Azure Active Directory, log in to Azure Active Directory.
  3. Click Azure Active Directory in the left page.
  4. On the Azure Active Directory page, click App registrations.
  5. Click the name of the Starling Identity Analytics & Risk Intelligence application that you originally added to Azure Active Directory.
  6. On the Registered app page, click Delete.
  7. In the confirmation dialog, click Yes. Once the application has been removed, confirm with your administrator that the application is no longer registered.

Editing a data source module

After Adding collector agents to Starling Identity Analytics & Risk Intelligence and Adding data source modules to Starling Identity Analytics & Risk Intelligence, you can edit the data source module at any point.

To edit a data source module

NOTE: Editing the data source while it is working (for example, collecting data) will stop any processes. Once changes have been saved, the processes will start over again using the new settings.

  1. From the Collector Agents page, expand the Action drop-down menu associated with the collector agent to which you want to add a data source module.
  2. Select Edit. This will open the Data Source Modules page.
  3. This will open the related Data Source Modules page.
  4. From the Actions drop-down menu associated with the data source module to be edited, select Edit to open the Edit Module Configuration dialog.
  5. In the Edit Module Configuration dialog, make any necessary changes to the current module configuration settings.
  6. Click Save to save the changes and close the dialog.
Related Documents