You may have seen a recent blog post by Mr. Jackson Shaw “If you are a One Identity customer you really should read this post!” where he discusses the rationale for the One Identity Hybrid Subscription. If not, I would recommend that you check it out.
Here, I want to highlight some of the new features of Password Manager 5.8, with particular emphasis on the One Identity Hybrid Subscription (OIHS), and the enormous impact the OIHS will have for users of One Identity Password Manager.
Password Manager 5.8.0 became generally available on the 15thJune, delivering the following high-level capabilities.
- Starling One Identity Hybrid Subscription enabled
- Support for Starling 2FA for admin & helpdesk access
- Offline password reset using QR code
- Dedicated user registration workflow
- Support for LDAP to LDAP over SSL
- Support for Azure MFA
User registration in Password Manager has, for the longest time, been driven by the need to provide questions and answers as the principle mechanism for authentication, even though alternative authentication options are available. The 5.8 release has finally levelled the playing field in terms of how an Administrator allows their users to register and authenticate, resulting in a significantly streamlined end-user experience, with the need to provide only required information at registration. Furthermore, registration is now a dedicated workflow separate from the on-going account management, allowing administrators to simplify the first-time end-user experience, making it more intuitive and straight forward.
Starling 2-Factor Authentication and OIHS
Starling Two-Factor Authentication is continuing to grow as a preferred choice for end user authentication, sitting, as it does, alongside the other authentication options of Defender, Q&A, MSMFA, etc. The big difference in the 5.8 release, with the introduction of OIHS, is the availability of unlimited Starling Two Factor Authentication. Yes! You read that right. That is unlimited S2FA. So every end user, ever admin, everyone, can use S2FA included in the OIHS at no additional cost.
In addition to leveraging S2FA in the workflow, 5.8 also now adds the ability to authenticate access to the Admin Console with S2FA.
Taking advantage of the OIHS couldn’t be easier, the process to ‘Join’ is simple, and fully automated, and is consistent across the One Identity portfolio. There's a great video that shows the OIHS and how it can be configured, which can be seen here: https://youtu.be/9MhCY48r_8s
Offline Password Reset
The Offline Password Reset capability was released in June 2014 with Password Manager 5.5, enabling a user to reset a forgotten password when disconnected from the domain … perhaps travelling on business in a hotel, and locked out from their laptop. This required a user to obtain a ‘key’ from Password Manager, which, when entered at the Secure Password Extension, would facilitate access and password reset when isolated from the domain.
Version 5.8 extends and improves upon this with the introduction of the use of QR codes. With the ubiquity of smartphones, and the latest developments of QR code scanners, built-in to iOS and Android, we are able to leverage QR codes to simplify the end-user experience.
The Secure Password Extension can display a QR code, as above. Scanning this on your smartphone, takes you directly to a dedicated workflow in Password Manager, tied to your account, providing you a short (5 character) PIN code, that must then be entered into the SPE to obtain access to your laptop.
For die-hard old phone technology users, we continue to support the original ‘key’ based authentication.
So why should you flock to join Starling? With the introduction of the One Identity Hybrid Subscription in Password Manager 5.8, we firmly believe that we will help our many customers running on-premise versions of our software to ‘join’ the cloud, on their own terms and in their own time.
We have delivered an immediate and significant value to Password Manager customers with Starling 2-Factor Authentication and will continuously make new products and features available as part of our One Identity Starling SaaS platform going forward.
With the One Identity Hybrid Subscription, customers can use these Hybrid features immediately for their One Identity on-prem solutions. This way, everyone wins. One Identity wins through better allocation of resources and a “write-once, publish to many” strategy while our customers win by being able to immediately leverage these new features or solutions without having to abandon their on-premise software.