Chat now with support
Chat with Support

Starling Identity Analytics & Risk Intelligence Hosted - User Guide

Starling Identity Analytics & Risk Intelligence Getting started Settings Collaborators Collector agents Licensing Rules Risk Verification Reports

Starling event forwarding

The Event Forwarding section of the Settings page allows you to send Starling event data to a service that supports SYSLOG. This feature is not enabled by default.

To enable event forwarding

IMPORTANT: Only events occurring after the feature has been configured will be sent to your SYSLOG service and then able to be stored according to your preferences. Events that occur prior to configuration are not forwarded nor are they accessible within Starling.

  1. From the Starling home page, click the button in the upper right corner.
  2. In the Event Forwarding section of the Settings page, click Change.
  3. On the Configure Event Forwarding page, click the On/Off toggle to switch it to the On position.
  4. Fill in the following configuration fields:

    • Hostname/IP Address: Enter the hostname or IP address to which the event data will be sent.
    • Port: Enter the port number in this field. By default this is 6514.
    • Structured Data ID: (Optional) Use this field to specify an ID that can be passed to the Loggly logging service (https://www.loggly.com/) to identify a specific customer tenant within Loggly.

    Once you have filled in these fields the information will be saved automatically. Clicking the Send Test Event button will send a test event to your SYSLOG service to confirm the connection is working.

Connecting with ServiceNow

The Third Party Applications option on the Settings page allows you to connect Starling Identity Analytics & Risk Intelligence to the third party application ServiceNow in order to create incident tickets for rejected verification requests that can be managed and assigned within the ServiceNow application. This feature is not enabled by default.

To connect ServiceNow with the Starling Identity Analytics & Risk Intelligence service

  1. From the Starling home page, click the button in the upper right corner.
  2. In the Third Party Applications section of the Settings page, click Change.
  3. On Third Party Applications page, click the On/Off toggle to switch it to the On position.
  4. Fill in the following configuration fields:

    • Instance URL: Enter the URL of the ServiceNow instance to which Starling Identity Analytics & Risk Intelligence will connect.
    • Username: Enter the username for a ServiceNow account with the itil role.
    • Password: Enter the password associated with the account.

    Once you have filled in these fields the information will be saved automatically.

  5. Click Test Connection to ensure Starling is able to connect with ServiceNow.
  6. In the Integration with Starling services section at the bottom of the page, click the On/Off toggle to switch it to the On position for Starling Identity Analytics & Risk Intelligence. Once this feature has been enabled, all rejected verification requests within Starling Identity Analytics & Risk Intelligence will create an incident ticket within ServiceNow.

Managing Organization Admins page

IMPORTANT: Only organization administrators can access this page.

The Manage Organization Admins page allows you to view and manage the users associated with your organization.

The following options and information appears on this page:

Hovering over this icon displays a field that is used for filtering the displayed users.

Name

This is the name associated with the user.

Email

This is the email address associated with the user.

Role

This is the role currently assigned to the user.

Clicking the button associated with a user allows you to change a user's role. Depending on the type of user you are looking at, Promote to Organization Admin or Demote to Collaborator will be available for selection.

NOTE: This option does not appear when you are viewing your own account since you cannot demote your own role. It also does not appear for users that do not have a Starling Identity Analytics & Risk Intelligence account (for example, Two-Factor Authentication end users). For information on viewing a list of users associated with all your Starling services, see the Starling User Guide.

Editing organization roles

The Manage Organization Admins page allows organization administrators to manage the users associated with your Starling organization by promoting or demoting a user's access level within the organization.

To edit a user role within an organization

NOTE: Only organization administrators can edit user roles within an organization. Also, you cannot demote your own role.

  1. From the Starling home page, click the button in the upper right corner.
  2. In the User Access section of the Settings page, click Manage.
  3. Locate the user you want to edit. You can use the filtering options at the top of the page to filter the listed users.
  4. Click the button associated with the user and, depending on their current role, you can select to either demote the user to a collaborator or promote them to an organization administrator.
    • Demote to Collaborator: Selecting this option will demote the user to a collaborator within the organization. This role retains access to all services they are currently assigned, but they have limited capabilities when it comes to configuring the organization. This means they will be unable to access the Access Summary page and cannot delete the organization.
    • Promote to Organization Admin: Selecting this option will promote the user to an organization administrator within the organization. This role retains access to all services they are currently assigned and also allows them to configuring the organization. This means they will be able to access the Access Summary page and can delete the organization.

    The new user role will automatically save once an option has been selected.

Related Documents