The Secure Token Server (STS) feature will be available in the upcoming Password Manager 5.10 release.
Once Password Manager 5.10 is available and installed, please follow these steps to remove Starling 2FA from all workflows and unjoin Password Manager from Starling.
- Configure the Secure Token Server providers. Please refer to the Password Manager Administration Guide Configuring Password Manager Secure Token Server section.
- Remove Authenticate with Starling 2FA activity from all the workflows, add Authenticate with external provider activity in their place, and select the preferred authentication provider from the configured ones from Step 1.
- Remove Authenticate with Starling Two-Factor Authentication authentication method from all Authentication Methods activity.
- Disable password generation with Starling from Assign Passcode helpdesk activity.
- If Corporate Authentication with Starling was configured during registration, use phone or email verification instead.
- Disable Send password using Starling push notification in Reset Password in Active Directory activities from helpdesk workflows.
- Fully test all actions in PMSelfService and PMHelpdesk sites to ensure Starling 2FA has been removed successfully, and that STS is functioning as expected.
- If login with Starling is enabled for admins and/or helpdesk users on admin site in One Identity Starling/Starling Configurations and you plan to use it, you can until November 1st, 2022. Password Manager 5.11.0 will use STS features instead of Starling.
- If you are using Password Manager in a realm, please refer to the Password Manager Administration Guide To use STS features in a Password Manager realm section.
- If you don't plan to use Starling anymore for admin or helpdesk logins, then in admin site, under One Identity Starling, select Unjoin Starling. If you have issues with unjoining see https://support.oneidentity.com/kb/311139