One Identity Starling incident

Safeguard On Demand Stargate Clients disconnected in US region

Critical Resolved View vendor source →

One Identity Starling experienced a critical incident on October 3, 2025 affecting Safeguard On Demand, lasting 1h 48m. The incident has been resolved; the full update timeline is below.

Started
Oct 03, 2025, 08:07 PM UTC
Resolved
Oct 03, 2025, 09:55 PM UTC
Duration
1h 48m
Detected by Pingoru
Oct 03, 2025, 08:07 PM UTC

Affected components

Safeguard On Demand

Update timeline

  1. investigating Oct 03, 2025, 08:07 PM UTC

    We are currently investigating and issue with Safeguard On Demand Stargate Clients are in a disconnected state in US region. This issue only impacts instances that use the Stargate connection. We will provide updates hourly as we work towards a resolution.

  2. monitoring Oct 03, 2025, 09:22 PM UTC

    We have identified the issue and have applied a fix and are currently monitoring

  3. resolved Oct 03, 2025, 09:55 PM UTC

    Issue has been resolved and we will continue to monitor.

  4. postmortem Oct 13, 2025, 03:40 PM UTC

    **What happened?** 10/03/25 6:43 AM UTC Safeguard On-Demand Starling Edition that utilize Stargate connectivity dropped all connected clients. **What went wrong and why?** The SSL Certificate used in the Safeguard On-Demand Starling Edition environments that was set to expire soon was renewed and placed into production. While this new certificate functioned without issue with all other resources it was applied to, it was not tolerated well by the One Identity Safeguard Agent used on Windows servers. The Sectigo Root CA that was on the certificate was unfortunately not included by default in the Windows Trusted Root Authorities store of the hosts. **How did we respond?** The Safeguard On-Demand Starling Edition environments were rolled back to use the prior certificate. We have renewed the certificate utilizing another Certificate Authority. We have applied that new certificate and validated One Identity Safeguard Agent functionality. **How are we making incidents like this less likely or less impactful?** Our team will be moving away from our prior 3rd party certificate provider and using a new Certificate Authority. We will be automating the SSL Certificate workflow to expedite certificate creation. We will be making changes to improve our pre-production testing process to ensure certificate changes are tolerated by the One Identity Safeguard Agent on supported platform versions.