Phone-Based One-Time Password without Proofing (Level 2) User Guide November 2017 1
Contents About Phone Based One-Time Password... 3 OTP Acquisition and Activation Process Overview... 3 Step 1: Determine Your Need for an OTP Credential... 4 Step 2: Purchase Your OTP Credential... 4 Step 3: Register the Credential... 10 Step 4: Register Your Phone... 15 Log into MAG with Phone OTP... 16 2
About Phone Based One-Time Password Exostar features One-Time Password (OTP) credentialing technology which provides users with a credential which allows them to access an application using 2-factor authentication (2FA). Using an OTP credential along with your username/password (2-factor authentication) mitigates security risks by providing a stronger assurance level and better identity protections than conventional username/password technologies that are vulnerable to theft. There are two types of OTP credentials available which can be used to access applications behind Exostar s Managed Access Gateway (MAG): One-Time Password Hardware Token (OTP Hardware) Phone Based One-Time Password (Phone OTP) This guide provides information on the Phone Based One-Time Password credential. Phone Based One-Time Password (Phone OTP) allows you to register your mobile telephone or landline telephone in order to receive a one-time password credential (numeric code) via text or voice. The Phone Based OTP credential is used in combination with your MAG user ID and password, and is required each time you log in to Exostar s Managed Access Gateway (MAG) to access applications that require the credential. Using this 2-factor authentication (Phone OTP + username and password) reduces the risk of unauthorized access to your account, and provides added security. For more information about Phone OTP, including OTP FAQs, go to www.myexostar.com. OTP Acquisition and Activation Process Overview There are several steps in the process of acquiring and activating your Phone Based OTP credential. Each step is covered in detail in this guide. Step 1: Determine your need for an OTP Credential You are attempting to access an application that requires two-factor authentication, and You do not already have an equivalent security credential Step 2: Purchase the OTP Credential Purchase the credential via the MAG Portal You can complete a purchase using a credit card or invoice Step 3: Register the Credential Go to the MAG portal, then Manage OTP tab to register your license key (received in email) You must enter your name and country Step 4: Activate Your Phone 3
Step 1: Determine Your Need for an OTP Credential One Time Password credentials are often used to access applications that require two-factor authentication (2FA). Therefore, if you are attempting to access an application that requires 2FA, you need a security credential. If you already have a security credential, you may not need Phone-Based OTP if the following applies: If you already have an acceptable 2FA credential used to access another application, you can use that to meet the requirements to access multiple applications. You do not need to proceed with purchasing and installing additional credentials. If you have another account with a credential used with another application, you can leverage that by connecting your accounts. Visit myexostar.com to learn more about account connections. If you are unsure of the credential requirement for an application you are accessing, please contact Exostar Tier I Support. Step 2: Purchase Your OTP Credential Before completing an OTP credential purchase, please ensure you have access to the application that requires the 2FA credentialing. If you are an existing MAG account holder, you can purchase your OTP credential from within the MAG portal. If you do not have a MAG account, and are certain you require an OTP credential, please visit the Exostar Webstore. To purchase a Phone Based OTP credential: 1. Go to https://portal.exostar.com and log in to your Exostar Managed Access Gateway (MAG) account. 4
2. Go to the My Account tab and select the Manage OTP link. 3. Click the Purchase or Register Credentials link. You are redirected to the onboarding process 4. The Let s Get Credentialed page is displayed. Click Continue. 5
5. Your list of applications is displayed. Click Purchase. 6. The Webstore page is displayed. Select your Partner from the dropdown list. The Webstore will display the list of appropriate credentials to use with the partner application. 7. A list of credential products appropriate for use with the selected partner application is displayed. Locate the desired product and click Add to Cart. Click Checkout to proceed. Users based in the United States must purchase Phone Based OTP (US). Users based internationally (including Canada and US Territories) must purchase Phone Based OTP (International). 6
Note: If Add Proofing is selected, you will be required to complete the Identity Proofing process. See details steps for proofing below. 7
8. Review the shopping cart. Click Proceed to Checkout. 9. During the checkout process you may be prompted to verify your Name and Address. Enter the payment information. You can choose to pay by Invoice Billing or Credit Card. If paying by invoice: enter the PO Order Number. If paying by Credit Card, enter the card information Note: If you select the invoice option, Exostar must receive and process your payment before you receive the license key to complete the activation of your credential. Additionally, if you have a Reference or PO Number for your invoice, you must submit it to transactions@exostar.com. 8
10. Verify the billing address. Click Edit or Change Address to modify the information presented. Click Continue to proceed with checkout. 11. Confirm all of the purchase details and click Place Order. 12. A confirmation page is displayed including a confirmation number. You can download the confirmation message as a pdf to keep for your records. Click Exit Webstore to exit the webstore and return to the onboarding process. 9
Upon completion of the purchase, you will receive an email notification. If you paid with a credit card, you will receive a second email with the activation information for your license key. IMPORTANT: Once you activate the license key, you cannot use it again. Step 3: Register the Credential Once you receive your licensing key, proceed through the steps below to register your OTP Phone credential. 1. Log into your MAG account with your username and password. 2. Go to the My Account tab and select the Manage OTP link. 3. Prior to activating the credential, you can test your phone to verify your mobile telephone or land-line telephone is able to receive messages. This step is optional, but recommended. 10
a. Click Test Phone. b. Enter your phone number and select Send Test Message. Note: Shared phone numbers or devices are NOT permitted. 4. Once you have successfully tested your phone, proceed to register the credential. Click the Purchase or Register Credentials link to continue. 11
5. The Let s Get Credentialed page is displayed. Review the information and click Continue. 6. Your list of applications and recommended credentials are provided. Since you have already purchased your OTP credential, click the I do not need to purchase a credential link. 12
7. Enter the license key you received via email in the License Key field and click Activate. 13
8. Confirm your legal first and last name, and select your country. Click Next. 9. Your identity is verified. To activate the credential, click Activate. 14
Step 4: Register Your Phone Once you purchase and activate the credential (license key), you are ready to register your phone to receive the OTP credential. Please note after you register your initial telephone, you can register additional phones. It is recommended you register at least two phones, but you can register up to three. 1. When registering your phone, you can select to have the OTP code delivered via Voice Message or SMS Text Message. Select the desired delivery method. 2. Select your Country from the dropdown, and enter your phone number. Click Register. 3. An activation code is sent to your phone via the delivery method selected. Enter the verification code and click Register. Note: You have two minutes to enter the code before it expires. If the code expires, click Resend Code to have a new code sent to you. 4. A Success confirmation page is displayed. You may click Register Another Credential to proceed through the steps again to register an additional phone, if desired (recommended).). Or, click I m Done to complete the activation. 15
Log into MAG with Phone OTP To log in using your Phone OTP credential: 1. Go to www.portal.exostar.com and enter your username and password. Click Login. 2. Select the phone you want to receive the OTP code. Click Send to have the code sent to your phone. 16
3. You will receive the OTP code on your telephone. Enter the code in the OTP Code field. Click Submit. Note: Once you receive the code, the code expires after two minutes. You can resend the code by selecting Resend Code. You are now logged in with your Phone OTP credential. You can confirm you have successfully logged in with Phone OTP by verifying the credential strength in the upper, right hand corner. It should say Phone OTP. 17