Starling Two-Factor Authentication Current - Administration Guide

Starling Two-Factor Authentication Getting started Collaborators Users Approvals Hardware Tokens Settings Starling Two-Factor Authentication applications

Additional hardware and software requirements

Features available within Starling Two-Factor Authentication have additional requirements beyond those necessary for Starling overall (for more information, see the Starling User Guide).

Starling Two-Factor Authentication application requirements

Table 3: Application requirements

Application type

Link

Desktop (64-bit only)

https://2fa.cloud.oneidentity.com/install

Android

https://play.google.com/store/apps/details?id=com.starling.twofactor

iOS

https://itunes.apple.com/app/starling-2fa/id1205700916

Hardware token requirements

Table 4: Hardware token requirements

Token type

Specifications

OATH-HOTP

  • CSV

    Each line must use the following column order:

    NOTE: Examples:

    • {serial},{secretKeyTxt},{oathMovingFactorSeed}
    • {serial},{secretKeyTxt},,,,{timeInterval}
    • Serial number
    • Secret key in decrypted hexadecimal format

    NOTE: The following columns are only required if the default value is incorrect. Columns left empty are automatically read as the default value.

    • Counter (HOTP only, default 0)
    • Algorithm type (default HOTP)
    • Response length (default 6)
    • Time interval (TOTP only, default 30)
  • PSKC
    • If unencrypted, secret must be in decrypted base 64 encoded string.
    • If encrypted, either AES (Advanced Encryption Standard) or 3DES (Triple Data Encryption Algorithm) is supported, the file key is required.

      Supported hash algorithms:

      • HMAC-SHA1
      • HMAC-MD5
      • HMAC-SHA256
      • HMAC-SHA384
      • HMAC-SHA512

TOTP

NOTE: The token code is valid for approximately 5 minutes.

  • CSV

    Each line must use the following column order:

    NOTE: Examples:

    • {serial},{secretKeyTxt},{oathMovingFactorSeed}
    • {serial},{secretKeyTxt},,,,{timeInterval}
    • Serial number
    • Secret key in decrypted hexadecimal format

    NOTE: The following columns are only required if the default value is incorrect. Columns left empty are automatically read as the default value.

    • Counter (HOTP only, default 0)
    • Algorithm type (default HOTP)
    • Response length (default 6)
    • Time interval (TOTP only, default 30)
  • PSKC:

    NOTE: Vasco v12 PSKC is supported, but not Vasco v11 PSKC.

    • If unencrypted, secret must be in decrypted base 64 encoded string.
    • If encrypted, either AES (Advanced Encryption Standard) or 3DES (Triple Data Encryption Algorithm) is supported, the file key is required.

      Supported hash algorithms:

      • HMAC-SHA1
      • HMAC-MD5
      • HMAC-SHA256
      • HMAC-SHA384
      • HMAC-SHA512
  • DPX
    • NOSTATIC

Integrating client products with Starling Two-Factor Authentication

There are two methods client products (such as Password Manager and One Identity Safeguard) are able to use to integrate with Starling Two-Factor Authentication. Check the documentation for the client product for more information on which integration option is available.

  • Subscription key method: This method requires the Subscription key (available on the Dashboard page of Starling Two-Factor Authentication) be used to configure your on-premises client product to connect with Starling Two-Factor Authentication.

  • Join method: This method requires the on-premises client product be joined to Starling Two-Factor Authentication without the use of a subscription key. For information on this process specific to your client product, contact Support or Sales for more information on joining with Starling.

    If you are joining Starling Two-Factor Authentication via a purchased Hybrid subscription, see the on-premises product's documentation for information on the join process. You can also find information and video tutorials on this process on the One Identity Hybrid Subscription knowledge base.

The Starling Two-Factor Authentication service

Once you have created a Starling organization, you can add the Starling Two-Factor Authentication service to that organization. The types of subscriptions available for Starling Two-Factor Authentication are:

Paid subscription

A Starling Two-Factor Authentication subscription can be purchased by a Starling organization. A paid subscription provides you with full access to the product (including the on-premises components) for the length of your contract and a set number of user licenses. This type of subscription can also be combined with the Hybrid subscription (which provides unlimited licenses for your hybrid product) in order to gain full access to all features of Starling Two-Factor Authentication. For information on the on-premises Starling Two-Factor Authentication components (AD FS Adapter, Desktop Login, HTTP Module, and RADIUS Agent), see the Starling Two-Factor Authentication documentation.

For information on purchasing a subscription to the Starling Two-Factor Authentication service, use the More Information button associated with the service.

NOTE: Contact Sales or Support to cancel a paid subscription.

Related Documents