Enterprise Access Gateway User Guide - MyExostar...
17
Enterprise Access Gateway User Guide December 2016
Transcript of Enterprise Access Gateway User Guide - MyExostar...
Enterprise Access Gateway User Guide
December 2016
Contents What is Enterprise Access Gateway (EAG) .................................................................................................... 1
How does EAG Work ..................................................................................................................................... 1
How to Link your Account ............................................................................................................................. 1
How to Log Into your MAG Account After you Have Linked your Account .................................................. 6
How to Delink your Account and Relink Your Account ................................................................................. 8
FAQs ............................................................................................................................................................ 11
What are Corporate Credentials? ............................................................................................................ 11
Corporate credentials are credentials provided to a user by their own organization. Users are issued
login credentials by their company (e.g. Exostar issues internal users with a LAN User ID and Password
to access their computers daily). Corporate credentials are not provided by Exostar. .......................... 11
Can an individual purchase EAG? ............................................................................................................ 11
How much is EAG? .................................................................................................................................. 11
How do I reset my MAG Password or change my MAG Security Questions if I am using EAG Account
Linking? ................................................................................................................................................... 11
How does a user have their corporate password reset? ......................................................................... 11
I am unable to log into MAG using my shortcut or browser favorites. What should I do? ..................... 12
Why am I getting a Page Cannot be Displayed Message when trying to Log into MAG? ........................ 13
What do I do if I selected the wrong Identity Provider when trying to log into MAG under the Advanced
Log in Options and can't select the correct provider............................................................................... 13
How do I correct the system error that I am receiving after I select the Sign On (EAG, under Advanced
Login Options) on the MAG Login Page? ................................................................................................. 13
I am getting the following error, Error 5103: R-IDP user not yet linked when trying to log into MAG.
What do I need to do to resolve this? ..................................................................................................... 14
I am getting the following error, Error 5105: R-IDP user is not allowed to login with local credential.
What do I need to do to resolve this? ..................................................................................................... 14
I am being prompted for my corporate token Username and Password after selecting my identity
provider when trying to log into MAG. What do I need to do? ............................................................. 14
I am able to successfully log into MAG via EAG but I receive an error when trying to access my
application within the MAG portal. ......................................................................................................... 14
Why am I getting the error Higher Level of Credential Required when accessing an application? ......... 15
1
What is Enterprise Access Gateway (EAG)
Exostar’s Enterprise Access Gateway (EAG) is an authentication portal that allows users to use
their native (corporate credentials) to access Exostar’s Managed Access Gateway and
application that are federating with MAG Service. (EAG) acts an Identity Federation component
that functions as a forward trust proxy between Service Providers and Identity Providers,
supporting standards-based single sign-on and user account provisioning while remaining
completely invisible to the end users. EAG allows Identity Providers to gain access to multiple
participating Service Providers at Exostar. EAG allows users to use their corporate network login
credentials to access MAG applications.
How does EAG Work
An organization must be subscribed to EAG before a user can link their account.
How to Link your Account To link your corporate login credentials, you must first designate *.exostar.com as a trusted site in
Internet Explorer
2
1. Add *.exostar.com as a trusted site in Internet Explorer. Using Internet Explorer, select
Tools or the Gear icon and then select Internet Options.
2. From the Internet Options window, select the Security tab, and then select Sites.
3
3. Click on Sites, add *.exostar.com, and click Add.
Note: If the Require Server Verification (https:) for all sites in this zone is selected, please remove the checkmark from the box to unselect it and click Add. If you are unable to add Exostar as a Trusted Site or if you are unable to remove the checkmark, contact your IT Department or Help Desk.
Once your browser settings have been modified, follow the steps below to link your account:
1. Log into your Exostar Managed Access Gateway (MAG) account by going to
https://portal.exostar.com. You can log in with your username and password or a FIS
Digital Certificate.
2. Go to your My Account tab and click the Edit Profile sub-tab.
4
3. If your organization is subscribed to the EAG service, you will see the Enterprise Access
Gateway (EAG) Account settings section which will allow you to link your account. Click
on the Link Accounts button.
4. You are prompted to save your changes you have made to the profile. Click OK.
Alternatively, you can click the Cancel button to start the account linking process.
5. Complete step 1 of the linking process by clicking on the Connect to Identity Provider
button.
5
6. If you have logged in to your corporate network, go directly to step 10 below. If you have
not logged in, you will be prompted to provide your network login credentials on the next
page. Please note that the page that appears will be specific to your company.
7. To complete Step 2 of the linking process, click on the Link Accounts button. Your
corporate network id will appear.
8. For Step 3 of the process, click on the Logout and Close Browser button to complete the
account linking process.
9. Users will receive a logout screen. Close the browser.
6
What Happens Next
When you click on the Logout and Close Browser button, you will be logged out of your current MAG session.
A persistent cookie is saved on your computer to identify your Corporate Identity Provider (also known as your Enterprise IDP) to ensure that you are not required to select your Enterprise IDP again at MAG. If you clear the browser history or use a different browser, then you will have to select the Enterprise IDP at MAG.
If you would like to access MAS outside of your company’s network you may contact your Organization Administrator for delinking of your account.
How to Log Into your MAG Account After you Have Linked your Account To access MAG again, open a new browser and access the MAG page or use an existing Favorites link. You will be taken directly to the MAG applications page or the application that you accessed.
The applications you see listed may be different than the illustration above.
Note: If you are NOT logged in to your corporate network, you may be prompted to login.
1. If you clear your browser cookies and cache, the persistent cookie will be removed and you will
not be taken directly to your corporate login page when accessing MAG. You will see the MAG
login page and will need to select the Single Sign on EAG under Advanced Login Options
7
2. From the MAG login page, select Single Sign ON (EAG) under Advanced Login Options.
3. Select your corporate Identity Provider from the drop down menu and click Login.
4. Depending on the Identity Provider you selected, you will be directed to a login page where
you will need to enter your corporate credentials.
Note: Your login page may look different than the illustration. If you are unable to login and
need your corporate password reset, contact your IT department or Internal Helpdesk.
5. A persistent cookie has been saved on your computer to identifying the Enterprise IDP so that
you are not required to select the Enterprise Identity provider again in MAG. The next time you
access your MAG account using EAG, you will be directed to enter your corporate credentials
which will log you directly into MAG. You may have the MAG URL saved as a favorite or saved
as an icon on your desktop.
8
How to Delink your Account and Relink Your Account
If you are not logged into your corporate network, you will be unable login using EAG. For
example, if you are working remotely and cannot use your Corporate VPN to login, you will not
be able to use EAG. To have your account delinked, you will need to contact your Organization
Administrator. They have the ability to delink your account. Once the account has been
delinked, you will receive an email confirmation with log in instructions.
Note: The credential strength of the application that you are accessing is set by the application
owner. Therefore, your username and password may not be a strong enough credential
strength to access the application and you may receive an error when trying to access the
application.
To relink your account:
1. Log into your Exostar Managed Access Gateway (MAG) account by going to
https://portal.exostar.com. You can log in with your username and password or a FIS
Digital Certificate.
2. Once you have logged into your MAG account, go to your My Account tab and click the
Edit Profile sub-tab.
9
3. If your organization is subscribed to the EAG service, you should see the Enterprise
Access Gateway (EAG) Account settings section which will allow you to link your account.
Click on the Link Accounts button.
4. You will be prompted to save any changes have made to the Edit Profile page. Click OK to
save any changes to the Edit Profile page. Alternatively, you can click the Cancel button to
start the account linking process.
5. Complete Step 1 by clicking on the Connect to Identity Provider button.
10
6. If you have logged in to your corporate network, go directly to step 10 below. If you have
not logged in, you will be prompted to provide your network login credentials on the next
page. Please note that the page that appears will be specific to your company.
7. To complete Step 2, click on the Link Accounts button. Your corporate network id should
appear.
8. For Step 3, click on the Logout and Close Browser button to complete the account linking
process.
9. Users will receive a logout screen. Close the browser.
11
What Happens Next
A new persistent cookie is saved on your computer to identify your Corporate Identity Provider (also known as your Enterprise IDP) to ensure that you are not required to select
your Enterprise IDP again at MAG. If you clear the browser history or use a different browser, then you will have to select the Enterprise IDP at MAG.
FAQs
What are Corporate Credentials?
Corporate credentials are credentials provided to a user by their own organization. Users are
issued login credentials by their company (e.g. Exostar issues internal users with a LAN User ID
and Password to access their computers daily). Corporate credentials are not provided by
Exostar.
Can an individual purchase EAG?
No, EAG is issued at the corporate level.
How much is EAG?
Callers inquiring about setting their organization up for EAG should be directed to Exostar Sales.
How do I reset my MAG Password or change my MAG Security Questions if I am using EAG
Account Linking?
If your account is linked with corporate account, you do not need to change the password or
set up security questions in Exostar’s Managed Access Gateway (MAG). Your password life cycle
is managed by your corporate enterprise.
If you want to reset your MAG password or change your security questions, you will need to
have EAG de-linked from your MAG account. You will need to contact Exostar Customer
Support.
How does a user have their corporate password reset?
If you do not know your corporate credentials (your corporate user id and/or password), you
will need to work with your Corporate Help Desk.
12
I am unable to log into MAG using my shortcut or browser favorites. What should I do?
1. Once you have successfully authenticated to MAG with EAG, you will need to create a new favorites/shortcuts or update your existing favorites/shortcuts. Your old links will not work. To update your existing links, in an Internet Explorer browser window, you will need click on the Star (upper, right hand corner).
2. Find the favorite (e.g. MAG Dashboard) that you want to update and right click on it.
13
3. Select Properties and update the URL. Click Apply and OK.
Why am I getting a Page Cannot be Displayed Message when trying to Log into MAG?
Close all browsers and attempt to log in again. You can complete this by going to Single Sign On (EAG) under the Advanced Log in Options on the MAG login page. Select your correct Remote Identity Provider and enter your corporate credentials. If the problem continues, please contact your local IT help desk to ensure there are no issues with your local account.
What do I do if I selected the wrong Identity Provider when trying to log into MAG under the
Advanced Log in Options and can't select the correct provider.
Close all browsers and try to log in again. You can complete this by going to Single Sign On (EAG) under the Advanced Log in Options on the MAG login page. Select the proper Remote Identity Provider and enter your corporate credentials. If the problem continues, please contact your local IT help desk to ensure there are no issues with your local account.
How do I correct the system error that I am receiving after I select the Sign On (EAG, under
Advanced Login Options) on the MAG Login Page?
Clear your cookies, browser history and close the browser. Open a new browser and go to the MAG log in page again (https://portal.exostar.com). Select your correct Remote Identity Provider.
14
I am getting the following error, Error 5103: R-IDP user not yet linked when trying to log into
MAG. What do I need to do to resolve this?
You need to ensure that you have linked your MAG account to the correct corporate
credentials.
I am getting the following error, Error 5105: R-IDP user is not allowed to login with local
credential. What do I need to do to resolve this?
If you have already linked your MAG account via EAG, you will not be required to enter you MAG login credentials to access MAG or MAG-supported applications. If you attempt to access your account using MAG credentials, you will receive this error message.
I am being prompted for my corporate token Username and Password after selecting my identity
provider when trying to log into MAG. What do I need to do?
Please ensure that you are logging in with your corporate credentials (e.g. username/password, token password, smart card, etc.).
I am able to successfully log into MAG via EAG but I receive an error when trying to access my
application within the MAG portal.
If the status of the application you are trying to access says Open Application and you receive
an error, you will need to contact Exostar Customer Support.
Please see what action to take if the status of the application says:
Pending Application Administrator Approval-You will need to contact the MAG Application Administrator who has the ability to approve or deny access to the application.
Inactive-You will need to request access to the application. Once you request access, your Application Administrator will need to approve the request.
Organization application suspended-The application has been suspended by Exostar. You will need to have your Organization Administrator contact Exostar Customer Support.
Suspended-The application access has been suspended by your Application Administrator or by Exostar. You will need to contact the Application Administrator to have the application unsuspended.
15
Pending Acceptance of Terms and Conditions-Your MAG Organization Administrator or the Application Administrator for that application will need to accept the Terms and Conditions before you can request access to it.
Pending Application Owner-The application owner (the owner of an application) needs to approve the access. You can determine which company is the owner of the application by checking the company name in the upper, left hand corner of the applications section from the Home dashboard view of your MAG account. In the example below, Exostar LLC is the application owner of the listed applications.
You will need to work with the Application Owner. If the application is managed by Exostar,
please contact Exostar Customer Support.
Why am I getting the error Higher Level of Credential Required when accessing an application?
Your authentication details from your Remote Identity Provider (your corporate provider) may not have been passed to the application owner or the application might not accept your credential strength. Close all browsers and attempt to log in again under the Single Sign On (EAG) under the Advanced Log in Options on the MAG login page. If problem continues, please contact Exostar Customer Support to verify if your authentication level is supported on the application(s) you are trying to access.
