Starling Identity Analytics & Risk Intelligence Hosted - User Guide

Starling Identity Analytics & Risk Intelligence Getting started Settings Collaborators Collector agents Licensing Rules Risk Verification Reports

Data Source Modules page

The Data Source Modules page is displayed by editing a configured collector agent (see Adding data source modules to Starling Identity Analytics & Risk Intelligence). The Data Source Modules page is used for adding and managing the data source modules for a collector agent.

Once a collector agent has been installed, the following information appears on this page:

Search for modules

Use this field to filter the list of data source modules appearing at the bottom of this page.

Add Module

This button is used for adding a new data source module. For more information, see Adding data source modules to Starling Identity Analytics & Risk Intelligence.

The following information appears in the table at the bottom of the page once at least one data source module has been configured for the collector agent.

Module

This is the type of data source module.

Host

This is the host name for the collector agent.

Last Updated

This is the last update from the data source module to Starling Identity Analytics & Risk Intelligence. These updates can occur manually and are also configurable for each data source module (for information on configuring those settings, see Editing a data source module).

Status

This indicates the current status of the connection. Mousing over the displayed icon provides a brief explanation of the current status.

More Details

Clicking this button displays information regarding the currently installed versions of both the collector agent and the installer.

Actions

This drop-down menu displays the following configuration options:

  • Edit: This option provides access to the Edit Module Configuration dialog where you can edit the current data source module configuration.
  • Initiate Collection: This option is for manually initiating data collection outside of the scheduled collection times. For more information, see Initiating data source module collection.
  • Uninstall: This option uninstalls the data source module. For more information, see Uninstalling a data source module.

Managing data source modules

Once a data source has been added to Starling Identity Analytics & Risk Intelligence and appears on the Data Source Modules page, the following actions can be taken:

For Azure Active Directory data source modules there are additional configuration requirements. For more information, see Configuring Azure Active Directory and Removing the connection to Azure Active Directory.

Configuring Azure Active Directory

In order for Azure Active Directory to connect with Starling Identity Analytics & Risk Intelligence, some additional configuration must first be done within Azure Active Directory.

IMPORTANT: Read the Additional hardware and software requirements before beginning the process of configuring Azure Active Directory.

To configure Azure Active Directory to connect with Starling Identity Analytics & Risk Intelligence

  1. With a user that has App registration permissions, log in to Azure Active Directory.
  2. Click Azure Active Directory in the left pane.
  3. On the Azure Active Directory page, click Properties.
  4. On the Properties page, copy and save the Directory ID value.
  5. On the Azure Active Directory page, click App registrations.
  6. On the App registrations page, click New application registration.
  7. In the Name field, enter a name for the application (for example, IARI).
  8. In the Application type field, select Web app / API.
  9. For the Sign-on URL, enter https://iari/collector.
  10. Click Create.
  11. Once the application has registered, copy and save the Application ID value.
  12. Click Settings at the top of the Registered app page.
  13. On the Settings page, click Properties.
  14. In the App ID URI field, enter https://iari/collector.
  15. Click Save at the top of the Properties page.
  16. On the Settings page, click Keys.
  17. On the Keys page, enter App Secret in the Key Description field.
  18. Select Never Expires for the Duration.
  19. Click Save at the top of the Keys page.
  20. Copy and save the key value that appears. You will NOT be able to access this key again and it is required by Starling Identity Analytics & Risk Intelligence when adding the Azure Active Directory data source module.
  21. On the Settings page, click Required permissions.
  22. On the Required permissions page, click Add.
  23. On the Add API access page, click Select an API.
  24. On the Select an API page, click Microsoft Graph.
  25. Click Select.
  26. On the Enable Access page, select the following permissions:

    • Read all audit log data
    • Read all hidden memberships
    • Read all groups
    • Read directory data
    • Read all users' full profiles
  27. Click Select.
  28. On the Add API access page, click Done.
  29. Once these permissions have been saved, administrator approval is required. This administrator will require the Directory ID and Application ID saved during the configuration process to access https://login.microsoftonline.com/<Directory ID>/adminconsent?client_id=<Application ID>&redirect_uri=https://iari/collector.

Removing the connection to Azure Active Directory

If you decide to remove the connection between Azure Active Directory and Starling Identity Analytics & Risk Intelligence, the following instructions will walk you through undoing the configuration changes originally made to Azure Active Directory.

To undo the Azure Active Directory configuration changes

  1. Uninstall the Azure Active Directory data source module within Starling Identity Analytics & Risk Intelligence. For more information, see Uninstalling a data source module.
  2. With the same user account that originally configured Azure Active Directory, log in to Azure Active Directory.
  3. Click Azure Active Directory in the left page.
  4. On the Azure Active Directory page, click App registrations.
  5. Click the name of the Starling Identity Analytics & Risk Intelligence application that you originally added to Azure Active Directory.
  6. On the Registered app page, click Delete.
  7. In the confirmation dialog, click Yes. Once the application has been removed, confirm with your administrator that the application is no longer registered.
Related Documents