Phone-Based One-Time Password · About Phone One-Time Password Exostar features One-Time Password...

Copyright ©2017 Exostar LLC. All rights reserved

Phone-Based One-Time Password User Guide

November 2017

1 Copyright ©2017 Exostar LLC. All rights reserved

Table of Contents About Phone One-Time Password ................................................................................................................ 2

OTP Acquisition and Activation Process Overview ....................................................................................... 2

Step 1: Determine Your Need for an OPT Credential ................................................................................... 3

Step 2: Purchase Your OTP Credential .......................................................................................................... 3

Step 3: Register the Credential ..................................................................................................................... 9

Step 4: Identity Proofing ............................................................................................................................. 14

US Based User Proofing: Experian Proofing ............................................................................................ 14

International-Based User Proofing – Webcam Proofing ......................................................................... 17

Schedule Your Proofing Appointment ................................................................................................ 17

Complete Identity Proofing ................................................................................................................. 19

Activate Your Credential ..................................................................................................................... 19

Reschedule Video Proofing Appointment ........................................................................................... 21

Step 5: Register Your Phone ....................................................................................................................... 22

Register Additional Phones ..................................................................................................................... 23

Manage Registered Phones ........................................................................................................................ 24

Log into MAG with Phone OTP ................................................................................................................... 24

Credential Elevation .................................................................................................................................... 27


About Phone One-Time Password

Exostar features One-Time Password (OTP) credentialing technology providing users with a

physical credential which allows them to access an application using 2-factor authentication

(2FA). Using an OTP credential along with your username/password (2-factor authentication)

mitigates security risks by providing a stronger assurance level and better identity protections

than conventional username/password technologies that are vulnerable to theft.

There are two types of OTP credentials available which can be used to access applications

behind Exostar’s Managed Access Gateway (MAG):

One-Time Password Hardware Token (OTP Hardware)

Phone Based One-Time Password (Phone OTP)

This guide provides information on the Phone Based One-Time Password credential. Phone

Based One-Time Password (Phone OTP) allows you to register your mobile telephone or land

line telephone to receive a one-time password credential (numeric code) via text or voice. The

Phone Based OTP credential is used in combination with your MAG user ID and password, and

is required each time you log in to Exostar’s Managed Access Gateway (MAG) to access

applications that require the credential. Using this 2-factor authentication (Phone OTP +

username and password) reduces the risk of unauthorized access to your account, and provides

added security.

For more information about Phone OTP, including OTP FAQs, go to www.myexostar.com.

OTP Acquisition and Activation Process Overview

There are several steps in the process of acquiring and activating your Phone Based OTP

credential. Each step is covered in detail in this guide.

Step 1: Determine your need for an OTP Credential

• You are attempting to access an application that requires two-factor authentication, and

• You do not already have an equivalent security credential

Step 2: Purchase the OTP Credential

• Purchase the credential via the MAG Portal

• You can complete a purchase using a credit card or invoice

Step 3: Activate the OTP Credential

• Go to the MAG portal, then the Manage OTP tab to register your license key (received in

email)

• You must enter your name and country

Step 4: Identity Proofing

• Identity proofing is required for most OTP activations (OTP level 3)

o US based users are directed to Credit Bureau Proofing

o International based users are directed to Live Video Proofing

• Users obtaining an OTP-level 2 credential are not required to go through identity

proofing

http://www.myexostar.com/


Step 5: Register Your Phone

• Register a phone to receive a One-Time Password via SMS text or Voice message

• Registering more than one phone is recommended

Step 1: Determine Your Need for an OPT Credential

One Time Password credentials are often used to access applications that require two-factor authentication (2FA). Therefore, if you are attempting to access an application that requires 2FA, you need a security credential. If you already have a security credential, you may not need Phone-Based OTP if the following applies:

If you already have an acceptable 2FA credential used to access another application, you can use that to meet the requirements to access multiple applications. You do not need to proceed with purchasing and installing additional credentials.

If you have another account with a credential used with another application, you can leverage that by connecting your accounts. Visit myexostar.com to learn more about account connections.

If you are unsure of the credential requirement for an application you are accessing, please contact Exostar Tier I Support.

Step 2: Purchase Your OTP Credential

Before completing an OTP credential purchase, please ensure you have access to the application that requires the OTP credential. If you are an existing MAG account holder, you can purchase your OTP credential from within the MAG portal. If you do not have a MAG account, and are certain you require an OTP credential, please visit the Exostar Webstore. You need to log into your Exostar Managed Access Gateway (MAG) account with your username and password.

http://www.myexostar.com/Managed-Access-Gateway/MAG-Account-Connections/

http://www.myexostar.com/Online-Support/

http://www.myexostar.com/Exostar-Webstore/

https://portalvs.exostar.com/



To purchase a Phone Based OTP credential: 1. Go to https://portal.exostar.com and log in to your Exostar Managed Access Gateway

(MAG) account.

Note: If you have never logged into your MAG account, refer to the First Time Login guide for more information on establishing your account.

2. Go to the My Account tab and select the Manage OTP link.

3. Click Purchase or Register Credentials link. You are redirected to the onboarding process.

https://portal.exostar.com/

http://www.myexostar.com/uploadedFiles/Pages/10_Find_Information_by_APPLICATION/A08_Managed_Access_Gateway_(MAG)/A08_03_User_Training/_Content/First%20Time%20Login%20Guide.pdf


4. The Let’s Get Credentialed page is displayed. Click Continue.

5. Your list of applications is displayed. Click Purchase.


6. The Webstore page is displayed. Select your Partner from the dropdown list. The Webstore will display the list of appropriate credentials to use with the partner application.

7. A list of credential products appropriate for use with the selected partner application is displayed. Locate the desired product and click Add to Cart. Click Checkout to proceed. Note: If Add Proofing is selected, you will be required to complete the Identity Proofing process. See details steps for proofing below.


Note: Users based in the United States must purchase Phone Based OTP (US). Users based internationally (including Canada and US Territories) must purchase Phone Based OTP (International).

8. Review the shopping cart. Click Proceed to Checkout.

9. During the checkout process you may be prompted to verify your Name, Address and Shipping Address. Enter the payment information. You can choose to pay by Invoice Billing or Credit Card. If paying by invoice: enter the PO Order Number. If paying by Credit Card, enter the card information.


Note: If you select the invoice option, Exostar must receive and process your payment before you receive the license key to complete the activation of your credential. Additionally, if you have a Reference or PO Number for your invoice, you must submit it to [email protected].

10. Verify the billing address. Click Edit or Change Address to modify the information presented. Click Continue to proceed with checkout.

11. Confirm all of the purchase details and click Place Order.

mailto:[email protected]


12. A confirmation page is displayed including a confirmation number. You can download the confirmation message as a pdf to keep for your records. Click Exit Webstore to exit the webstore and return to the onboarding process.

Upon completion of the purchase, you will receive an email notification. If you paid with a credit card, you will receive a second email with the activation information for your license key. IMPORTANT: Once you activate the license key, you cannot use it again.

Step 3: Register the Credential

Once you receive your license key, proceed through the steps below to register your OTP Phone

credential.

1. Log into your MAG account with your username and password.



2. Go to the My Account tab and select the Manage OTP link.

3. Prior to activating the credential, you can test your phone to verify your mobile

telephone or land-line telephone is able to receive messages. This step is optional, but

recommended.

a. Click Test Phone.

b. On the Test a Phone page, enter your phone number. Select Send Test Message.

Note: Shared phone numbers or devices are NOT permitted.


4. Once you successfully test your phone, proceed to register the credential. Check the Purchase or Register Credentials link to continue.

5. The Let’s Get Credentialed page is displayed. Review the information. Click Continue.


6. Your list of applications and recommended credentials are provided. Since you have already purchased your OTP credential, click the I do not need to purchase a credential link.

7. Enter the license key you received via email in the License Key field. Click Activate.


8. Confirm your profile and select your country from the dropdown list. Click Next.

9. If you purchased a Phone Based OTP credential without Proofing, you may activate the credential and proceed to proceed to the Register Your Phone section below. Click Activate.

If you purchased a Phone Based OTP credential with Proofing, proceed through the

proofing step.


Step 4: Identity Proofing

In many cases, users must go through identity proofing in order to complete the activation of their OTP credential. If this does not apply to you, proceed to the Register Your Phone section below.

There are two types of proofing processes:

US Based Users - Experian Proofing Service: For US-based users requiring proofing, it is preferred you proceed through the Experian proofing by completing the Credit Bureau-Based Proofing process.

International Based Users - Exostar Webcam Proofing: International-Based Users requiring proofing must complete the Live Video Proofing

US Based User Proofing: Experian Proofing

Experian proofing is a credit bureau proofing process which requires you to verify your identity by answering credit bureau-based questions. If you successfully complete the questions you will have completed the process, and will then be prompted to register your telephone for the OTP credential. Credit Bureau-Based Proofing is only available for users located in the US.

Important:

If you do not answer the questions correctly, but the credit bureau is able to locate you with your personal information (e.g. name and address), you will receive the activation code via postal mail.

Users unable (or unwilling) to complete credit bureau-based questions can opt to complete the Webcam Proofing with a live proofing agent.

If you click I Disagree you will be redirected into the Live Proofing process. to complete the Live Video proofing

Follow the steps below to complete Experian proofing:


1. Locate the Experian Proofing Service option. Click Continue with Proofing.

2. Complete the required fields. Click the Next arrow to continue.

Note: If the last four digits of your Social Security number cannot be verified, you will be prompted to enter all nine digits.


3. Read the important information about the verification process. Click Agree to continue.

4. You will be presented with a list of questions regarding your financial and residential history. These questions, and your responses, will be used to verify your identity, so please answer carefully and accurately.

Once you complete all questions, click Submit to continue. Note: If incorrect answers are provided, but the credit bureau is able to locate you with your personal information, you will receive an activation code in four business days via postal mail. The activation code is required for you to activate your credential. If the credit bureau cannot locate you or verify your identity, the system will redirect you to the Webcam proofing process.

5. Upon successful completion of your identity authentication, a confirmation message is displayed. Click Activate to complete the activation process.


The last step in the process is to register your phone. Refer to the section on registering your phone for details steps.

International-Based User Proofing – Webcam Proofing

International-based users, and US users who are unable to complete the credit bureau proofing, will be directed to Exostar’s Webcam Proofing process. Exostar’s Webcam Proofing requires you to present valid Government-issued photo identification to prove your identity to an Exostar Proofing Agent, over a live webcam- proofing session. Please review the Acceptable Documentation requirements to view the list of identity documents required. Exostar Webcam Proofing takes place within a secure Cisco Webex meeting. Before your appointment, we highly recommend performing the Webex System Test on your machine, as there is limited time during the proofing session to troubleshoot your system configuration. Excessive troubleshooting time during the proofing appointment will likely result in the need to reschedule. For additional information about webcam proofing requirements, including acceptable documentation and troubleshooting, please reference the Webcam Proofing Resource page.

Schedule Your Proofing Appointment Follow the steps below to complete Webcam proofing:

1. Locate the Exostar Webcam Proofing option and click Schedule and Appointment.

http://www.myexostar.com/lm2fa/webcam_proofing_information/#acc_documentation


https://www.webex.com/test-meeting.html




2. To schedule your proofing appointment, select an available date and select a time. Click Continue.

3. Enter your contact information. Click Confirm.


4. You have successfully scheduled your appointment and an appointment confirmation page displays. You will receive an appointment confirmation email.

An Exostar proofing agent will contact you on your scheduled appointment date. The proofing appointment can take up to 30 minutes.

Complete Identity Proofing

You will be contacted by the Exostar Proofer on the day of your appointment. You will be required to answer a series of yes or no questions, and provide acceptable, unexpired identification via a webcam to the proofer. Visit the Live Video Proofing Resource page for more information. Once you successfully complete proofing, the proofing agent will provide you the activation code.

Activate Your Credential

To activate your credential:

1. From the MAG portal, go to the My Account tab, then the Manage OTP sub-tab.

2. Click Purchase and Register Credentials link.

http://www.myexostar.com/One-Time-Password/phoneotp/webcam/


3. Enter the activation code provided to you by the Proofing Agent. Click Continue.

4. Click Activate to complete the credential activation.


The last step in the process is to register your phone. Refer to the section on registering your phone for details steps.

Reschedule Video Proofing Appointment

If you are unable to make the scheduled proofing time, or do not successfully complete the proofing during your appointment, you must reschedule your appointment. You can reschedule your Webcam Live Proofing appointment from within the MAG portal. To reschedule your proofing appointment,

1. Log into your Exostar Managed Access Gateway (MAG) account with your username and password.

2. Go to the My Account tab and select the Manage OTP sub-tab.

3. Click the Purchase or Register Credential link.

4. Your confirmed proofing time is presented. Click the Re-Schedule link to select a new date/time for your proofing appointment.



Step 5: Register Your Phone

Once you purchase and activate the credential (license key), and complete the identity proofing, if applicable, you are ready to register your phone to receive the OTP credential. Please note after you register your initial telephone, you can register additional phones. It is recommended you register at least two phones, but you can register up to three.

1. When registering your phone, you can select to have the OTP code delivered via Voice Message or SMS Text Message. Select the desired delivery method.

2. Select your country from the dropdown, and enter your phone number. Click Register.

3. An activation code is sent to your phone via the delivery method selected. Enter the verification code and click Register. Note: You have two minutes to enter the code before it expires. If the code expires, click Resend Code to have a new code sent to you.

4. A Success confirmation page is displayed. You may click Register Another Credential to proceed through the steps again to register an additional phone, if desired (recommended).


To complete the activation, click the I’m Done link.

Register Additional Phones

Registering an additional phone allows you to have an alternative device in case you lose access to your primary phone. Additionally, if you do lose access to your primary phone, having a second phone registered preserves your proofing. If you do not register an additional phone and lose access to the phone you initially registered, you have to complete identity proofing again to register a new phone. You can register up to three phones.

To register additional phones: 1. From My Account, click Manage OTP and then View Details under the Manage OTP

section.

2. Click View Details.

3. On the Manage OTP page, go to the Manage Phones section. Click Add Phone.


4. Select the delivery method, country, and enter the phone number. Click Send Code to continue.

5. A verification code is sent to the phone. Enter the verification code and click Submit. Please note once you receive the code, the code expires after two minutes. You can have a code resent by selecting Resend Code.

6. Once you successfully enter the code, the system registers and adds the phone to your account.

Manage Registered Phones

Once you register phones to your account, you can return to the Manage OTP page to manage the phones. From here you can delete phones, change delivery methods, and revoke your Phone OTP credential.

Please note revoking the credential is a permanent, irreversible action. Once you revoke Phone OTP, you cannot authenticate to any applications that requires the use of the credential. You must register for Phone OTP again, and complete the identity proofing process (video proofing or credit bureau-based proofing).

Log into MAG with Phone OTP

To log in using your Phone OTP credential: 1. Go to www.portal.exostar.com and enter your username and password. Click Login.

http://www.portal.exostar.com/


2. Select the phone you want to receive the OTP code. Click Send to have the code sent to your phone.

3. You will receive the OTP code on your telephone. Enter the code in the OTP Code field. Click Submit.


Note: Once you receive the code, the code expires after two minutes. You can resend the code by selecting Resend Code.

You are now logged in with your Phone OTP credential. Confirm you successfully logged in with Phone OTP by verifying the credential strength in the upper, right hand corner. It should say Phone OTP.


Credential Elevation

If you log in without invoking your OTP credential, you may choose to elevate your credential strength, and invoke the token, during our session To elevate you log in credential status after log in:

1. Go to My Account, Manage OTP and click Elevate.

2. Select the phone you want to receive the OTP code. Click Send to have the code sent to your phone.

3. You will receive the OTP code on your telephone. Enter the code in the OTP Code field. Click Submit.


Note: Once you receive the code, the code expires after two minutes. You can resend the code by selecting Resend Code.

You are now logged in with your Phone OTP credential. You can confirm you have successfully logged in with Phone OTP by verifying the credential strength in the upper, right hand corner. It should say Phone OTP.

Use Phone OTP for Multiple MAG Accounts

If you have multiple MAG user accounts, you can connect your accounts in order to leverage your Phone OTP credential from one account to access applications associated with another account, as long as the accounts meet the eligibility rules. Accounts are connected in a parent-child hierarchy. You must designate the account with Phone OTP as the parent, and the remaining accounts designate as the child. It is important to note child accounts CANNOT have any credentials associated with them. If they do, you cannot connect these accounts.

For example, you have two MAG accounts; smithj_0001 and smithj_0002. You have Phone OTP linked to your smithj_0001. You have no credentials linked to smithj_0002. You can make smithj_0001 the parent account and smithj_0002 the child account. Once the accounts are connected, you can leverage your Phone OTP across both accounts. If you have Phone OTP linked to smithj_0001 and another credential linked to smithj_0002, you could not link the accounts.

Enable Account Connections

To connect your active MAG accounts through Exostar’s account connection feature, please visit our Account Connections page.

http://www.myexostar.com/Managed-Access-Gateway/MAG-Account-Connections/

Phone-Based One-Time Password · About Phone One-Time Password Exostar features One-Time Password...

Documents

Transcript of Phone-Based One-Time Password · About Phone One-Time Password Exostar features One-Time Password...