Chat now with support
Chat with Support

Starling Identity Analytics & Risk Intelligence Hosted - User Guide

Starling Identity Analytics & Risk Intelligence Getting started Settings Collaborators Collector agents Licensing Rules Risk Verification Reports

Additional hardware and software requirements

Starling Identity Analytics & Risk Intelligence has additional requirements beyond those necessary for Starling overall (for more information, see the Starling User Guide).

Collector agent requirements

The Starling Identity Analytics & Risk Intelligence collector agent has some additional hardware and software requirements before it can be downloaded.

Table 3: Starling Identity Analytics & Risk Intelligence Collector Agent requirements

Operating System

Minimum requirements:

Windows Server 2008 R2 SP1 x64

Memory

8GB

Server Software

.Net Framework 4.6.1

Data source module requirements

Once a collector agent has been installed you can begin configuring data sources modules. The following table shows the requirements based on the type of data source module you are configuring.

Table 4: Starling Identity Analytics & Risk Intelligence data source module requirements
Type of data source module Requirements
Active Roles

Active Roles 6.9 to 7.x

IMPORTANT: Although supported, it is strongly recommended that a collector agent not be installed on a machine with an Active Roles server.

  • At minimum, a domain member account with read access delegated to the following three Active Roles nodes is required: Configuration, Managed Units, and Active Directory.

    The Active Directory template All Objects - Read All Properties contains these minimum permissions and can be used. Or you can create a custom template so long as it contains those minimum permissions. See the Active Roles documentation for information on configuring permissions within Active Roles.

NOTE: By default, Distributed COM Users should contain Authenticated Users. However, if this is missing then you will be unable to connect to Active Roles remotely. For more information, see this article on adding MinARSAdmin or the exact account in order to fix this issue.

  • If both 6.9 and 7.x ADSI providers are available, the ARS 7.x ADSI provider will take precedence followed by 6.9 unless the ActiveRolesAdsiVersion environment variable (in the collector configuration file) has been edited to indicate either 6.9 or 7.0 (which covers all 7.x versions) as the specific version. No other versions can be used as the ActiveRolesAdsiVersion environment variable.
  • If no ADSI providers are installed, 6.9 and 7.2.0 ADSI providers will be installed. If an ADSI provider is detected, the collector agent will attempt to use that ADSI provider without installing additional providers.
  • When a collector agent is removed, any ADSI providers that were originally installed by the collector agent will also be removed. Any additional dependencies that were installed will not be removed since they are standard Windows redistributables.
  • Should an Active Roles installation not fully meet the supported version requirements for all detected ARS Administration Services, this will cause a version compatibility problem and the collector agent will be unable to collect from that installation.
Active Directory
  • Active Directory credentials are required for configuring the data source module.
  • A global catalog must be available in order to resolve trustees outside of the domain.
  • A global catalog must be resolvable via its DNS name regardless of whether you are connecting directly to it or to a domain controller connected with a global catalog.
Safeguard

Safeguard 2.1.0.0 (or greater)

  • A Safeguard user with Auditor permissions is required for configuring the data source module.
  • The machine running the Safeguard data source module must have the proper SSL root certificate authority certificate(s) that are being used by Safeguard. For more information, see SSL Certificates in the One Identity Safeguard Administration Guide (Safeguard documentation).

Azure Active Directory

  • A user with App registration permissions is required to add the Starling Identity Analytics & Risk Intelligence application within Azure Active Directory before it can be added as a data source module. For more information, see Configuring Azure Active Directory.
  • An Azure Active Directory administrator is required to approve the Azure Active Directory configuration changes.

Getting started

Topics:

Using the Starling Identity Analytics & Risk Intelligence service

Once you have added the Starling Identity Analytics & Risk Intelligence service to your One Identity Starling organization, as either a trial or paid subscription, you have full access to the Starling Identity Analytics & Risk Intelligence service.

The service is navigated using the title bar along the top of the site, which contains the following links:

  • : This button (displaying the name of the organization you are currently viewing) opens a drop-down menu that allows you to move between organizations associated with your account. See Introduction to Collaborators for related information.
  • : This button (displaying the first name of the account owner) opens a drop-down menu that allows you to select one of the following options:
    • My Services: Clicking this link takes you to the One Identity Starling home page.
    • Sign out: Clicking this link signs you out of One Identity Starling.
  • : This button opens a dialog displaying notifications related to your Starling Identity Analytics & Risk Intelligence service. See Notifications for information on this feature.
  • : This button opens the Settings page where you can manage your entire Starling account.

The main pages available within Starling Identity Analytics & Risk Intelligence are listed in the navigation bar, which is located directly beneath the title bar:

  • Dashboard page: This is the home page of Starling Identity Analytics & Risk Intelligence and provides insight into the current status of your service.
  • Risk: This drop-down menu provides access to pages with information on the accounts associated with your data sources.
  • Rules This page is used to configure the entitlement classification rules associated with your data sources.
  • Configuration: This drop-down menu provides access to pages for configuring Collector agents, data sources, and Licensing.
  • Collaborators: This page is used to add additional collaborators to your Starling Identity Analytics & Risk Intelligence service.
  • Verification: This page is used to review entitlement verification requests for the high risk users within your data sources.
  • Reports This page is used to download reports from the Starling Identity Analytics & Risk Intelligence service.

Inviting an administrator to a service

The following procedure applies to organization administrators. It is designed to allow additional administrators to be added and to allow a new administrator to be invited to a service in cases where the last administrator assigned to that service has left the organization.

To invite an administrator to a service

  1. From the Starling home page, click the button associated with the service to which you want to invite a new administrator.
  2. Select Invite Administrator.
  3. Depending on the type of account, the following methods can be used for inviting a new administrator to the service:
    • To invite an administrator:
      1. Click Unable to find an administrator.
      2. Enter the name and email address of the user.
      3. Click Invite. An invitation to the service will be sent to the user.
    • To invite an administrator with an Azure AD work account:

      NOTE: This option is only available for organization administrators with an Azure AD work account.

      1. Click the drop-down menu field.
      2. In the blank search box, begin typing the name of the user. When you have located the user, select them from the list.
      3. Click Invite. An invitation to the service will be sent to the user.
Related Documents