Enterprise Access Gateway Management for Exostar s IAM Platform June 2018

Similar documents
Managed Access Gateway Third-Party Credential User Guide August 2017

Managed Access Gateway. User Guide

Managed Access Gateway. User Guide

Identity and Access Management (IAM) Platform User Guide

Identity and Access Management (IAM) Platform User Guide

Exostar Identity Access Management Platform (IAM) First Time Login November 2017

Managed Access Gateway. Request Management Guide (For Administrators)

Managed Access Gateway One-Time Password Hardware Tokens. User Guide

Secure Access Manager (SAM) Administrator Guide December 2017

Exostar Identity Access Platform (SAM) User Guide July 2018

13241 Woodland Park Road, Suite 400 Herndon, VA USA A U T H O R : E X O S T A R D ATE: M A R C H V E R S I O N : 3.

Hardware One-Time Password User Guide August 2018

Exostar Identity Access Platform (SAM) User Guide September 2018

Secure Access Manager User Guide September 2017

Identity and Access Management (IAM) Application Administrator and Federated Identity Service Administrator Guide

Secure Access Manager User Guide December 2017

Managed Access Gateway

E X O S T A R, LLC D A T E : M AY V E R S I O N : 4.0

Hardware One-Time Password User Guide November 2017

E X O S T A R L L C D A T E : N O V E M B E R V E R S I O N : 2.0

ForumPass Familiarization Participant Workbook June 2018

Partner Information Manager Supplier Guide October 2017

Managed Access Gateway. Request Management Guide (For FIS Administrators)

Two-Factor Authentication User FAQ s

Single Sign On through PingOne. Go to and click on the Change Healthcare IdentityIQ icon.

AT&T Business Messaging Account Management

Martin Baker Secure Source-to-Pay How to Access and Log In

Phone-Based One-Time Password without Proofing (Level 2) User Guide November 2017

Requesting an Account, Role and Logging into AMPs for Strategic Materials Sales Portal

Administering Jive Mobile Apps for ios and Android

ForumPass User Guide. June Copyright 2018 Exostar LLC. All rights reserved

RNDC / NDC MicroStrategy Supplier Web Troubleshooting Guide

Client Fact Sheet. Personalized Concur Open

VMware Workspace ONE UEM Integration with Apple School Manager

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

Partner Information Manager (PIM)

USER MANUAL. SalesPort Salesforce Customer Portal for WordPress (Lightning Mode) TABLE OF CONTENTS. Version: 3.1.0

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

DSS User Guide. End User Guide. - i -

IT Access Portal User Guide (Employees)

A. Getting Started About e-access Enrolling in e-access: Authenticating your account Login... 5

Anchor User Guide. Presented by: Last Revised: August 07, 2017

How to Login, Logout and Manage Password (QRG)

Workspace Secure Container for Mobile Devices

Data Warehouse: User Computer Configuration Guide

SANTA CLARA COUNTY CFET THIRD PARTY PARTNERS REMOTE ACCESS GUIDE

BMS Managing Users in Modelpedia V1.1

Sync User Guide. Powered by Axient Anchor

Managed Access Gateway One-Time Password Guide Version 1.0 February 2017

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

Configuring Confluence

Using the Telstra T-Suite Management Console. Customer Administrator s Reference Manual

Xifin Client Portal User s Guide Version 1.0. January 2018

SSL VPN Web Portal User Guide

Phone-Based One-Time Password User Guide November 2017

Overview What is Azure Multi-Factor Authentication? How it Works Get started Choose where to deploy MFA in the cloud MFA on-premises MFA for O365

Cisco Voice Services Self-Care Portal User Guide

Verizon MDM UEM Unified Endpoint Management

Support Connect Overview and FAQ

STRS OHIO F5 Access Client Setup for ChromeBook Systems User Guide

Aventail Connect Client with Smart Tunneling

Administering Workspace ONE in VMware Identity Manager Services with AirWatch. VMware AirWatch 9.1.1

GRS Enterprise Synchronization Tool

Introduction to application management

Federal Vendor Portal & e-invoicing User Guide. January 2018

Integrating the YuJa Enterprise Video Platform with Dell Cloud Access Manager (SAML)

Aventail WorkPlace. User s Guide Version 8.7.0

Using the Secure MyApps Environment

Supplier FAQ s for the isupplier Portal Version Date: May 12, 2016

Regions OnePass USER GUIDE. It s time to expect more. Regions Bank Member FDIC Revised

Securewireless Windows 7 Setup Guide

Before you attempt to connect to IFAS, there are a few settings that you will have to change in Internet Explorer.

Sophos Mobile Control Super administrator guide. Product version: 3.5

ISUPPLIER PORTAL USER MANUAL ADERP VERSION 1.0

CMS Enterprise Portal User Manual

Pulse Secure Client for Chrome OS

The MyCSF Administrator s Tool Guide

Remote Access Resources

Enhanced Curtailment Calculator (ECC) Admin Guide

Windows 8.1 and Windows 10 a) Connect to wireless network Click on the wireless icon in taskbar. Select detnsw and click on Connect.

Accessing Carolinas Healthcare System Resources Remotely

VMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

PRACTICE-LABS User Guide

SCP Embraer Supplier Guide

Administering Jive Mobile Apps

End User Manual. theicn.org/elearning-how-to

Version 5.0 September P Xerox App Gallery. App Gallery User Guide

Xerox App Gallery App Gallery User Guide. Version 5.0 September P06709

Contents Using the Primavera Cloud Service Administrator's Guide... 9 Web Browser Setup Tasks... 10

Vodafone Secure Device Manager Administration User Guide

Using Microsoft Azure Active Directory MFA as SAML IdP with Pulse Connect Secure. Deployment Guide

Configure Unsanctioned Device Access Control

Configuring and Using your Nationwide Extranet Virtual Machine

How to Obtain a Medium Level of Assurance Hardware or Software Digital Certificate it is necessary to Complete Webcam Proofing

ARRIS MEMBERSHIP REGISTRATION GUIDE

PowerSchool User Guide For Parents

What is MobiKEY? Definitions

Contact: Wealth Passport Help Center

Deliver and manage customer VIP POCs. The lab will be directed and provide you with step-by-step walkthroughs of key features.

Transcription:

Enterprise Access Gateway Management for Exostar s IAM Platform June 2018 Copyright 2018 Exostar LLC All rights reserved. 1

Version Impacts Date Owner Enterprise Access Gateway (EAG) Guide Revised June 2018 S. Puthanveetil Copyright 2018 Exostar LLC All rights reserved. 2

Contents Enterprise Access Gateway (EAG) Overview... 5 Modify Trusted Sites in Internet Explorer... 6 Self-Link an Exostar IAM Platform Account to EAG... 7 Link an Exostar IAM Platform Account to EAG with Just-in-Time (JIT) Provisioning... 9 Bulk Load EAG Subscriptions... 12 Login... 13 Login if Persistent Cookie was Removed... 14 Delink or Relink Account... 15 FAQs... 16 What are Corporate Credentials?... 16 Corporate credentials are credentials provided to a user by their own organization. Users are issued login credentials by their company (e.g. Exostar issues internal users with a LAN User ID and Password to access their computers daily). Corporate credentials are not provided by Exostar.... 16 Can an individual purchase EAG?... 16 How much is EAG?... 16 How do I reset my Exostar s IAM Platform (MAG) Password or change my Security Questions if I am using EAG Account Linking?... 16 How does a user have their corporate password reset?... 16 I am unable to log into Exostar s IAM Platform (MAG) using my shortcut or browser favorites. What should I do?... 16 Why am I getting a Page Cannot be Displayed Message when trying to Log into Exostar s IAM Platform (MAG)?... 18 What do I do if I selected the wrong Identity Provider when trying to log into Exostar s IAM Platform (MAG) under the Advanced Log in Options and can't select the correct provider.... 18 How do I correct the system error that I am receiving after I select the Sign On (EAG, under Advanced Login Options) on the Exostar s IAM Platform (MAG) Login Page?... 18 I am getting the following error, Error 5103: R-IDP user not yet linked when trying to log into Exostar s IAM Platform (MAG). What do I need to do to resolve this?... 18 I am getting the following error, Error 5105: R-IDP user is not allowed to login with local credential. What do I need to do to resolve this?... 18 I am being prompted for my corporate token Username and Password after selecting my identity provider when trying to log into Exostar s IAM Platform (MAG). What do I need to do?... 19 Copyright 2018 Exostar LLC All rights reserved. 3

I am able to successfully log into Exostar s IAM Platform (MAG) via EAG but I receive an error when trying to access my application within the Exostar s IAM Platform (MAG).... 19 Why am I getting the error Higher Level of Credential Required when accessing an application?... 20 Copyright 2018 Exostar LLC All rights reserved. 4

Enterprise Access Gateway (EAG) Overview Exostar s Enterprise Access Gateway (EAG) is an authentication portal that allows users to use their native (corporate credentials) to access the Exostar IAM Platform (formerly known as MAG) service and application that are federating with the service. EAG acts an Identity Federation component that functions as a forward trust proxy between Service Providers and Identity Providers, supporting standards-based single sign-on and user account provisioning while remaining completely invisible to the end users. EAG allows Identity Providers to gain access to multiple participating Service Providers at Exostar. EAG allows users to use their corporate network login credentials to access Exostar IAM Platform (MAG) applications. An organization must be subscribed to EAG before a user can link their account. Copyright 2018 Exostar LLC All rights reserved. 5

Modify Trusted Sites in Internet Explorer Exostar.com must be designated a trusted site in Internet Explorer before corporate login credentials can be used for EAG. To modify trusted sites in Internet Explorer: 1. From Internet Explorer, select Tools or the Gear icon in the top right corner of the browser. Then, select Internet Options. 2. The Internet Options window displays. Select the Security tab, then click Sites. Copyright 2018 Exostar LLC All rights reserved. 6

3. Insert *.exostar.com into the text field and click Add. Note: If the Require Server Verification (https:) for all sites in this zone is selected, please remove the checkmark from the box and click Add. If you are unable to add Exostar as a trusted site or if you are unable to remove the checkmark, contact your IT Department or Help Desk. Self-Link an Exostar IAM Platform Account to EAG After designating Exostar as a trusted site, your MAG account can be linked to EAG. Follow the steps to complete linking. 1. Log into your Exostar IAM Platform (MAG) account by going to https://portal.exostar.com. Log in with your username and password or a FIS Digital Certificate(s). 2. Go to the My Account tab and click the Edit Profile sub-tab. 3. If your organization is subscribed to the EAG service, you will see the Enterprise Access Gateway (EAG) Account Settings section which allows you to link your account. Click Link Accounts. Copyright 2018 Exostar LLC All rights reserved. 7

4. A notification displays. To save profile changes, click OK. Click OK to start the account linking process. 5. Click Connect to Identity Provider. 6. If you have logged into your corporate network, click Link Accounts. If you have not, you are prompted to provide your network credentials. The displayed page is specific to your company. After entering your corporate credentials, the Account Linking page displays. Click Link Accounts. Copyright 2018 Exostar LLC All rights reserved. 8

7. After clicking Link Account, your corporate network ID appears. 8. Click Logout and Close Browser to complete the account linking process. When you click Logout and Close Browser, you are logged out of your current Exostar IAM Platform (MAG) session. 9. The logout screen displays. Close the browser. When you click Logout and Close Browser, you are logged out of your current Exostar IAM Platform (MAG) session. 10. A persistent cookie is saved on your computer to identify your Corporate Identity Provider (also known as your Enterprise IDP) to ensure that you are not required to select your Enterprise IDP again for the Exostar IAM Platform (MAG). If you clear the browser history or use a different browser, you need to select the Enterprise IDP for the Exostar IAM Platform (MAG). Link an Exostar IAM Platform Account to EAG with Just-in-Time (JIT) Provisioning Just-In-Time provisioning allows users to be provisioned in the Exostar IAM Platform (MAG) automatically. Users go through a one-time registration process and are required to subscribe an application. When account attributes change in the Enterprise, JIT based assertion allows user attributes to be updated in the Exostar IAM Platform (MAG) when users federate to Exostar IAM Platform (MAG) services. Enterprises that have configured and subscribed to EAG (Remote Identity Provider service connection) in Exostar s IAM Platform (MAG) can place a URL on their internal website. Employees can self-register for Exostar IAM connected application services. Follow the steps below to use JIT provisioning. Copyright 2018 Exostar LLC All rights reserved. 9

1. Go to https://portal.exostar.com. 2. Select Single Sign On (EAG) under Advanced Login Options. 3. Select your Remote Identity Provider (R-IDP) service connection. 4. Use your native (corporate) credentials to complete login. 5. The JIT User Registration page displays. Click Next. 6. Personal information displays. Copyright 2018 Exostar LLC All rights reserved. 10

Note: Most fields are not editable. The information displaying in these fields is provided from your corporate identity provider and not Exostar. Click Next. 7. Select applications you need to access. Click Next to complete. Application access requires approval by an Application Administrator. If an application requires additional approval, the request routes to the next participant in the approval workflow. 8. A persistent cookie is saved on your computer to identify your Corporate Identity Provider (also known as your Enterprise IDP) to ensure that you are not required to select your Enterprise IDP again for the Exostar IAM Platform (MAG). If you clear the browser history or use a different browser, you need to select the Enterprise IDP for the Exostar IAM Platform (MAG). Copyright 2018 Exostar LLC All rights reserved. 11

Bulk Load EAG Subscriptions Organization Administrators who want to complete a multiple user or complete actions for multiple users can subscribe users to the EAG service by entering the Remote Identity Provider (R-IDP) for the user in the ridpuserid field of the.csv file. Once upload completes, users receive an email with instructions on how to access Exostar s IAM Platform (MAG). 1. Log into your Exostar IAM Platform (MAG) account by going to https://portal.exostar.com. Log in with your username and password or a FIS Digital Certificate(s). 2. Go to the Administration tab and click the appropriate sub-tab (User Upload or Bulk Actions). 3. Complete the.csv template and ensure that complete the ridpuserid field. Do not enter information in the password field. This will cause an error when uploading the file. Save the completed template as.csv. For instructions on how to use User Upload or Bulk Actions and to obtain the.csv file, use Online Help. Note: Application access requires approval by an Application Administrator. If an application requires additional approval, the request routes to the next participant in the approval workflow. 4. Once the upload completes, users receive an email with instructions about accessing the Exostar IAM Platform (MAG). Copyright 2018 Exostar LLC All rights reserved. 12

5. After going to https://portal.exostar.com and clicking Enterprise Single Sign On (EAG), select your corporate Identity Provider from the drop-down menu. Click Login. 6. Depending on the Identity Provider you selected, you are directed to a login page where you are required to enter your corporate credentials. Note: Your login page may look different than the illustration. If you are unable to login and need your corporate password reset, contact your IT department or Internal Helpdesk. 7. A persistent cookie is saved on your computer to identifying the Enterprise IDP so that you are not required to select the Enterprise Identity provider again in Exostar s IAM Platform (MAG). The next time you access your account using EAG, you are directed to enter your corporate credentials which will log you directly into your account. You can have the Exostar IAM Platform (MAG) URL saved as a favorite in your browser or saved as an icon on your desktop. Login Open a new browser or use an existing Favorites link. You are taken directly to the Exostar IAM Platform (MAG) applications page or the application you access. Note: The applications you see listed may be different than the illustration above. Copyright 2018 Exostar LLC All rights reserved. 13

If you are NOT logged in to your corporate network, you may be prompted to login. Note: The credential strength of an application in Exostar s IAM Platform is determined by the application owner. If you receive the Login Requirements Not Met message when accessing an application or have additional questions, please contact Exostar Customer Support. Login if Persistent Cookie was Removed If you clear your browser cookies and cache, the persistent cookie is removed and you are not taken directly to your corporate login page when accessing Exostar s IAM Platform (MAG), follow the steps below. 1. The Exostar IAM Platform (MAG) login page displays. Select Single Sign ON (EAG) under Advanced Login Options. 2. Select your corporate Identity Provider from the drop-down menu. Click Login. Copyright 2018 Exostar LLC All rights reserved. 14

3. Depending on the Identity Provider you selected, you are directed to a login page where you are required to enter your corporate credentials. Note: Your login page may look different than the illustration. If you are unable to login and need your corporate password reset, contact your IT department or Internal Helpdesk. 4. A persistent cookie is saved on your computer to identifying the Enterprise IDP so that you are not required to select the Enterprise Identity provider again in Exostar s IAM Platform (MAG). The next time you access your account using EAG, you are directed to enter your corporate credentials which will log you directly into your account. You can have the Exostar IAM Platform (MAG) URL saved as a favorite in your browser or saved as an icon on your desktop. Delink or Relink Account If you are not logged into your corporate network, you are unable login using EAG. For example, if you are working remotely and cannot use your Corporate VPN to login, you are unable to use EAG. To have your account delinked, contact your Exostar IAM Platform (MAG) Organization Administrator. They can delink your account. Once the account has been delinked, you receive an email confirmation with log in instructions. To relink your account, follow the instructions in the How to Link Your Account section of this document. If you linked your account using JIT provisioning, you are required to register again. Copyright 2018 Exostar LLC All rights reserved. 15

FAQs What are Corporate Credentials? Corporate credentials are credentials provided to a user by their own organization. Users are issued login credentials by their company (e.g. Exostar issues internal users with a LAN User ID and Password to access their computers daily). Corporate credentials are not provided by Exostar. Can an individual purchase EAG? No, EAG is issued at the corporate level. How much is EAG? Callers inquiring about setting their organization up for EAG should be directed to Exostar Sales. How do I reset my Exostar s IAM Platform (MAG) Password or change my Security Questions if I am using EAG Account Linking? If your account is linked with corporate account, you do not need to change the password or set up security questions in Exostar s Managed Access Gateway (Exostar s Identity and Access Management Platform (MAG)). Your password life cycle is managed by your corporate enterprise. If you want to reset your Exostar s IAM Platform (MAG) password or change your security questions, you will need to have EAG de-linked from your Exostar s IAM Platform (MAG) account. You will need to contact Exostar Customer Support. How does a user have their corporate password reset? If you do not know your corporate credentials (your corporate user id and/or password), you will need to work with your Corporate Help Desk. I am unable to log into Exostar s IAM Platform (MAG) using my shortcut or browser favorites. What should I do? 1. Once you have successfully authenticated to Exostar s IAM Platform (MAG) with EAG, you will need to create a new favorites/shortcuts or update your existing favorites/shortcuts. Your old links will not work. To update your existing links, in an Internet Explorer browser window, you will need click on the Star (upper, right hand corner). Copyright 2018 Exostar LLC All rights reserved. 16

2. Find the favorite (e.g. Exostar s IAM Platform (MAG) Dashboard) that you want to update and right click on it. 3. Select Properties and update the URL. Click Apply and OK. Copyright 2018 Exostar LLC All rights reserved. 17

Why am I getting a Page Cannot be Displayed Message when trying to Log into Exostar s IAM Platform (MAG)? Close all browsers and attempt to log in again. You can complete this by going to Single Sign On (EAG) under the Advanced Log in Options on the Exostar s IAM Platform (MAG) login page. Select your correct Remote Identity Provider and enter your corporate credentials. If the problem continues, please contact your local IT help desk to ensure there are no issues with your local account. What do I do if I selected the wrong Identity Provider when trying to log into Exostar s IAM Platform (MAG) under the Advanced Log in Options and can't select the correct provider. Close all browsers and try to log in again. You can complete this by going to Single Sign On (EAG) under the Advanced Log in Options on the Exostar s IAM Platform (MAG) login page. Select the proper Remote Identity Provider and enter your corporate credentials. If the problem continues, please contact your local IT help desk to ensure there are no issues with your local account. How do I correct the system error that I am receiving after I select the Sign On (EAG, under Advanced Login Options) on the Exostar s IAM Platform (MAG) Login Page? Clear your cookies, browser history and close the browser. Open a new browser and go to the Exostar s IAM Platform (MAG) log in page again (https://portal.exostar.com). Select your correct Remote Identity Provider. I am getting the following error, Error 5103: R-IDP user not yet linked when trying to log into Exostar s IAM Platform (MAG). What do I need to do to resolve this? You need to ensure that you have linked your Exostar s IAM Platform (MAG) account to the correct corporate credentials. I am getting the following error, Error 5105: R-IDP user is not allowed to login with local credential. What do I need to do to resolve this? If you have already linked your Exostar s Identity and Access Management Platform (MAG) account via EAG, you will not be required to enter your Exostar s IAM Platform (MAG) login credentials to access Exostar s IAM Platform (MAG) and applications. If you attempt to access your account using Exostar s IAM Platform (MAG) credentials, you will receive the error message. To resolve: 1. Go to https://portal.exostar.com. 2. Click Sign Sign On (EAG). 3. Select Corporate Identity Provider from the drop-down menu. Copyright 2018 Exostar LLC All rights reserved. 18

4. Click Login. You are directed to a login page where you need to enter your corporate credentials. I am being prompted for my corporate token Username and Password after selecting my identity provider when trying to log into Exostar s IAM Platform (MAG). What do I need to do? Please ensure that you are logging in with your corporate credentials (e.g. username/password, token password, smart card, etc.). I am able to successfully log into Exostar s IAM Platform (MAG) via EAG but I receive an error when trying to access my application within the Exostar s IAM Platform (MAG). If the status of the application you are trying to access says Open Application and you receive an error, you will need to contact Exostar Customer Support. Please see what action to take if the status of the application says: Pending Application Administrator Approval-You will need to contact the Exostar s IAM Platform (MAG) Application Administrator who has the ability to approve or deny access to the application. Inactive-You will need to request access to the application. Once you request access, your Application Administrator will need to approve the request. Organization application suspended-the application has been suspended by Exostar. You will need to have your Organization Administrator contact Exostar Customer Support. Suspended-The application access has been suspended by your Application Administrator or by Exostar. You will need to contact the Application Administrator to have the application unsuspended. Pending Acceptance of Terms and Conditions-Your Exostar s IAM Platform (MAG) Organization Administrator or the Application Administrator for that application will need to accept the Terms and Conditions before you can request access to it. Pending Application Owner-The application owner (the owner of an application) needs to approve the access. You can determine which company is the owner of the Copyright 2018 Exostar LLC All rights reserved. 19

application by checking the company name in the upper, left hand corner of the applications section from the Home dashboard view of your Exostar s IAM Platform (MAG) account. In the example below, Exostar LLC is the application owner of the listed applications. You will need to work with the Application Owner. If the application is managed by Exostar, please contact Exostar Customer Support. Why am I getting the error Higher Level of Credential Required when accessing an application? Your authentication details from your Remote Identity Provider (your corporate provider) may not have been passed to the application owner or the application might not accept your credential strength. Close all browsers and attempt to log in again under the Single Sign On (EAG) under the Advanced Log in Options on the Exostar s IAM Platform (MAG) login page. If problem continues, please contact Exostar Customer Support to verify if your authentication level is supported on the application(s) you are trying to access. Copyright 2018 Exostar LLC All rights reserved. 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback