managed access gateway third-party credential user guide
TRANSCRIPT
Copyright © 2017 Exostar, LLC All rights reserved 1
Managed Access Gateway Third-Party Credential User Guide
August 2017
Copyright © 2017 Exostar, LLC All rights reserved 2
Contents Audience ............................................................................................................................................. 3
How to Register for a New MAG Account with your Third-Party Credential ................................ 3
How to Link Your Existing MAG Account to Your Third Party Credential ...................................... 7
How to Login into Exostar’s Managed Access Gateway (MAG) with your Linked Third
Party Credentials .............................................................................................................................. 10
How to Delink your Third Party Credential .................................................................................... 11
Possible Registration Error Messages............................................................................................. 11
Error Message: Insert Smart Card .................................................................................................. 11
Error Message: Registration ........................................................................................................... 12
Error Message: No user certificate was found. .......................................................................... 13
Error Message: User certificate is of unknown type................................................................. 13
Error Message: One or more required fields are missing. ....................................................... 14
Error Message: Your entries in the Email Address and Confirm email address fields must be the same ....................................................................................................................................... 15
Error Message: Digital Certificate Error.......................................................................................... 15
Possible Login Issues ........................................................................................................................ 16
To Clear SSL State ......................................................................................................................... 16
Copyright © 2017 Exostar, LLC All rights reserved 3
Audience This guide will provide instruction on how to link or delink your Government-Issued Common Access
Card, Northrop Grumman One Badge, or NASA PIV Card to your Exostar Managed Access Gateway
(MAG) account.
How to Register for a New MAG Account with your Third-Party Credential Pre-requisites:
The CAC Registration URL provided by your sponsor, and application list for
subscription (received via email and is not sent by Exostar).
o NOTE: If a MAG account has already been created for you (e.g. partners of or
suppliers to Boeing Defense, Space & Security (BDS), or other users who already
have MAG accounts), please skip to Page Error! Bookmark not defined., “Error!
Reference source not found.”
A valid DOD-issued CAC, NASA issued PIV Card, or Northrop Grumman One Badge. Card reader (may be a part of your computer and is not provided by Exostar).
1. Click on the Third Party Credential Registration URL provided to you by your sponsor. You will be
prompted to select your Third Party Credential Card Certificate from the digital certificate list.
Select your Card certificate and click OK.
DOD CAC users: Select the signature certificate issued by the DOD EMAIL CA (e.g.
“DOD EMAIL CA-##”, “DOD JITC EMAIL CA-##”. This certificate contains your email
address, which is required when linking your CAC to your MAG account. Although you
Copyright © 2017 Exostar, LLC All rights reserved 4
must select the EMAIL certificate when linking your CAC to your account, you may
choose either certificate when logging on to MAG in the future.
PIV users: Select the PIV Authentication (9A) certificate
NGC One Badge users: Select your Authentication certificate (this certificate will have
an “Enhanced Key Usage” that includes “Client Authentication (1.3.6.1.5.5.7.3.2)”
2. The following screen is presented after the card is inserted in the card reader. Click OK.
NOTE: If you receive a message that no card is in the reader, you will need to ensure that the card is in
the reader. Additional information can be found on page 9 (Possible Registration Error Messages).
3. You will be prompted to provide PIN for the card. Enter the PIN and click OK. The PIN number is
issued by your credential issuer. Exostar does not have PIN information available.
Copyright © 2017 Exostar, LLC All rights reserved 5
4. The User Registration page is presented. You will need to click on Start Registration.
5. The Exostar Managed Access Gateway (MAG) Registration screen will display. You will need to ensure
that the information displayed on this page is accurate before clicking Next.
Organization Information – The fields in this section cannot be modified.
Copyright © 2017 Exostar, LLC All rights reserved 6
Personal Information – The system displays the address that is associated with your company. Please enter any missing information in this section. If any information is incorrect, you will need to update the information to ensure that your personal information is correct. All fields marked with a red asterisk * are required fields. Once your card has been linked to your MAG account, your first and last name as well as your email address will be updated on your MAG account from your card data. This information will not be able to be modified from your My Account tab in MAG once the card has been linked.
Permanent Identifiers from Certificates – The fields in this section cannot be modified. If you are registering a DoD CAC card, the Electronic Data Interchange-Personal Identifier (EDI-PI) number will be captured. If you are registering a NASA PIV card or NGC One Badge, the Subject Alternate Name will be captured.
6. You will now need to select the applications that you need access to. The invitation email that you
received from your Sponsor should provide the application(s) that you require access to. Please refer to
the email to select the applications to access.
NOTE: For each application, you have the option to enter the Sponsor Code. This field is not required. The
sponsor code is only necessary for the ForumPass applications. Your Sponsor or your ForumPass Sponsor
should have provided you with a sponsor code. You will not be approved for access to applications that
your sponsor has not pre-approved you for.
Copyright © 2017 Exostar, LLC All rights reserved 7
7. Click Next (located on the lower, right hand corner of the page) to complete the registration.
You will receive a submission confirmation page and a confirmation email.
What happens next?
Once you complete the registration process and receive the confirmation email, an administrator
will review your registration request. The account and application subscriptions will be approved
subject to confirmation received from the sponsor. You will receive notification of account and application approval status via email from Exostar.
How to Link Your Existing MAG Account to Your Third Party Credential 1. Login to your MAG account via https://portal.exostar.com.
2. Go to the My Account tab and select the Edit Profile sub-tab.
Copyright © 2017 Exostar, LLC All rights reserved 8
3. Scroll down to the Additional Login Options section. If you do not see the Additional Login Options
section at the bottom of the Edit Profile screen, you are currently unable to link your MAG account to your card. Contact Exostar Customer Support if you need assistance.
4. Make sure that your Third Party Credential Card is inserted into the card reader.
5. Click on the Associate your hardware/software certificate (not Exostar FIS Certificates) with your
MAG account link.
6. If you are prompted, select your certificate. Follow the prompts to complete the linking.
Copyright © 2017 Exostar, LLC All rights reserved 9
7. You will prompted to select your Third Party Credential Card Certificate from the digital certificate
list.
8. Select your Authentication certificate and click OK.
DOD CAC users: Select the signature certificate issued by the DOD EMAIL CA (e.g.
“DOD EMAIL CA-##”, “DOD JITC EMAIL CA-##”. This certificate contains your email
address, which is required when linking your CAC to your MAG account. Although
you must select the EMAIL certificate when linking your CAC to your account, you
may choose either certificate when logging on to MAG in the future.
PIV users: Select the PIV Authentication (9A) certificate
NGC One Badge users: Select your Authentication certificate (this certificate will
have an “Enhanced Key Usage” that includes “Client Authentication
(1.3.6.1.5.5.7.3.2)”
9. The following screen is presented after the card is inserted in the card reader. Click OK.
NOTE: If you receive a message that no card is in the reader, you will need to ensure that the card is in the reader. Additional information can be found on page 9 (Possible Registration Error Messages).
Copyright © 2017 Exostar, LLC All rights reserved 10
10. You will be prompted to provide PIN for the card. Enter the PIN and click OK. The PIN number is
issued by your credential issuer. Exostar does not have PIN information available.
How to Login into Exostar’s Managed Access Gateway (MAG) with your Linked Third Party
Credentials 1. Once you have linked your third party credentials to your Exostar MAG account, go to
https://portalvs.exostar.com.
2. You will be prompted to select your certificate. Select your Third Party Credential Card.
NOTE: If your Third Party Credential is not inserted into the card reader, you may be prompted
to insert it at this time.
DOD CAC users: Select either the Identity certificate issued by DOD CA-## or the
Signature certificate issued by DOD EMAIL CA-##.
o Note: Although either certificate may be used to log on to an account with a linked
CAC, only the EMAIL certificate can be used for initial linking as described in the
above sections.
PIV users: Select the PIV Authentication (9A) certificate
NGC One Badge users: Select your Authentication certificate (this certificate will have
an “Enhanced Key Usage” that includes “Client Authentication (1.3.6.1.5.5.7.3.2)”
3. Enter your Third Party Credential Card PIN when prompted.
4. Once your Third Party Credential Card is accepted, you will be presented the MAG
Dashboard. Your credential strength should say Medium Hardware Cert (located in the upper
Copyright © 2017 Exostar, LLC All rights reserved 11
right hand corner). You can now leverage your credential to access applications that require a
higher credential strength than just username and password.
How to Delink your Third Party Credential To request de-linking of your Third Party Credential from your MAG account, contact Exostar Customer Support.
Possible Registration Error Messages
Error Message: Insert Smart Card. You will receive this notification when there is no card in the reader.
To resolve, this, you will need to ensure that the card is in the reader.
Copyright © 2017 Exostar, LLC All rights reserved 12
Error Message: Registration You will receive this error message when your Third Party Credential is already registered with a MAG
account.
To resolve this, you should access the MAG Login page at: https://portalvs.exostar.com and select
your Third Party Credential from the list of certificates to access your existing MAG account. If you need to upgrade your existing MAG account for a new application, follow the steps below:
1. On the MAG Dashboard (Home tab), check if the application is listed under the My Applications
section.
2. If the application is listed, check the status of the application. If the status of the application says
Request Access, you do not have access to the application. Click on the Request Access link to request
access to the application. If you see the Open Application link, you are already subscribed to the
application.
3. If you were required to Request Access, you will receive a confirmation page and your subscription request will be queued for approval subject to sponsor approval. 4. You will receive an email notification once the request to the application has been approved or denied.
Copyright © 2017 Exostar, LLC All rights reserved 13
5. If you do not see the application listed under the My Applications section, you will need to work with your contact at your buying organization to be invited to the application. However, if you need access to Boeing Supply Chain Platform (BSCP) or SourcePass, please work with your Organization Administrator. Your Organization Administrator can subscribe the organization to these applications.
Error Message: No user certificate was found.
You will receive this message if you did not select any certificate(s), your certificates are expired or
clicked Cancel when the certificate selection pop-up appeared. If you have a valid Third Party
Credential Card, close the browser and open a new Internet Explorer browser. Click on the registration URL (sent by your sponsor) and select the Third Party Credential Card.
If you click on Start Registration (in the illustration above), an additional error message is presented
(see below). Close the browser, open a new Internet Explorer browser and re-start the registration process.
Error Message: User certificate is of unknown type.
Copyright © 2017 Exostar, LLC All rights reserved 14
This message is presented if you did not select your Third Party Credential Card during the certificate
selection. Close the browser and open a new Internet Explorer browser. Click on the registration URL and select your valid Third Party Credential Card.
If you click on Start Registration (in the illustration above), an additional error message is presented
(see below). Close the browser, open a new Internet Explorer browser and re-start the registration process.
Error Message: One or more required fields are missing.
You will receive this message when you click Next without providing all required information in the
Personal Information section. Review the Personal Information section of the registration and make sure all fields with a red asterisk * have been completed.
Copyright © 2017 Exostar, LLC All rights reserved 15
Error Message: Your entries in the Email Address and Confirm email address fields must be the same.
This message is presented if you clicked Next when the information in the Email Address and Confirm Email Address fields do not match. Make sure that the email address matches in both of these fields.
Error Message: Digital Certificate Error.
To resolve this, you will need to review your Third Party Credential validity by contacting your
credential issuer to verify validity. Once you have verified that your credential is valid (and is not
expired, corrupt or revoked) and you continue to receive this message while accessing MAG, contact
Exostar Customer Support.
Copyright © 2017 Exostar, LLC All rights reserved 16
Possible Login Issues
When accessing MAG, the user is not prompted for their Third Party Credential and receive the
following login page.
Clear your SSL state. You can do this by going to Tools (may display as a gear icon), Internet Options,
Content and then Clear SSL State. Once you have cleared your SSL state, using Internet Explorer, please
access https://portalvs.exostar.com. You should be prompted to select your certificate when you access this URL. Select your Third Party Credential and to access the MAG portal.
To Clear SSL State 1. Go to Tools and select Internet Options.
Note: Tools may display as a gear icon. If you do not see Tools or the gear icon, you can click CTRL+T.
Copyright © 2017 Exostar, LLC All rights reserved 17
2. Select Content and Clear SSL state.
3. Once you click on Clear SSL state, you will receive confirmation that your SSL cache was successfully
cleared.