Managed Access Gateway Third-Party Credential User Guide ...

Copyright © 2017 Exostar, LLC All rights reserved 1

Managed Access Gateway Third-Party Credential User Guide

August 2017


Contents Audience ............................................................................................................................................. 3

How to Register for a New MAG Account with your Third-Party Credential ................................ 3

How to Link Your Existing MAG Account to Your Third Party Credential ...................................... 7

How to Login into Exostar’s Managed Access Gateway (MAG) with your Linked Third

Party Credentials .............................................................................................................................. 10

How to Delink your Third Party Credential .................................................................................... 11

Possible Registration Error Messages............................................................................................. 11

Error Message: Insert Smart Card .................................................................................................. 11

Error Message: Registration ........................................................................................................... 12

Error Message: No user certificate was found. .......................................................................... 13

Error Message: User certificate is of unknown type................................................................. 13

Error Message: One or more required fields are missing. ....................................................... 14

Error Message: Your entries in the Email Address and Confirm email address fields must be the same ....................................................................................................................................... 15

Error Message: Digital Certificate Error.......................................................................................... 15

Possible Login Issues ........................................................................................................................ 16

To Clear SSL State ......................................................................................................................... 16


Audience This guide will provide instruction on how to link or delink your Government-Issued Common Access

Card, Northrop Grumman One Badge, or NASA PIV Card to your Exostar Managed Access Gateway

(MAG) account.

How to Register for a New MAG Account with your Third-Party Credential Pre-requisites:

The CAC Registration URL provided by your sponsor, and application list for

subscription (received via email and is not sent by Exostar).

o NOTE: If a MAG account has already been created for you (e.g. partners of or

suppliers to Boeing Defense, Space & Security (BDS), or other users who already

have MAG accounts), please skip to Page Error! Bookmark not defined., “Error!

Reference source not found.”

A valid DOD-issued CAC, NASA issued PIV Card, or Northrop Grumman One Badge. Card reader (may be a part of your computer and is not provided by Exostar).

1. Click on the Third Party Credential Registration URL provided to you by your sponsor. You will be

prompted to select your Third Party Credential Card Certificate from the digital certificate list.

Select your Card certificate and click OK.

DOD CAC users: Select the signature certificate issued by the DOD EMAIL CA (e.g.

“DOD EMAIL CA-##”, “DOD JITC EMAIL CA-##”. This certificate contains your email

address, which is required when linking your CAC to your MAG account. Although you


must select the EMAIL certificate when linking your CAC to your account, you may

choose either certificate when logging on to MAG in the future.

PIV users: Select the PIV Authentication (9A) certificate

NGC One Badge users: Select your Authentication certificate (this certificate will have

an “Enhanced Key Usage” that includes “Client Authentication (1.3.6.1.5.5.7.3.2)”

2. The following screen is presented after the card is inserted in the card reader. Click OK.

NOTE: If you receive a message that no card is in the reader, you will need to ensure that the card is in

the reader. Additional information can be found on page 9 (Possible Registration Error Messages).

3. You will be prompted to provide PIN for the card. Enter the PIN and click OK. The PIN number is

issued by your credential issuer. Exostar does not have PIN information available.


4. The User Registration page is presented. You will need to click on Start Registration.

5. The Exostar Managed Access Gateway (MAG) Registration screen will display. You will need to ensure

that the information displayed on this page is accurate before clicking Next.

Organization Information – The fields in this section cannot be modified.


Personal Information – The system displays the address that is associated with your company. Please enter any missing information in this section. If any information is incorrect, you will need to update the information to ensure that your personal information is correct. All fields marked with a red asterisk * are required fields. Once your card has been linked to your MAG account, your first and last name as well as your email address will be updated on your MAG account from your card data. This information will not be able to be modified from your My Account tab in MAG once the card has been linked.

Permanent Identifiers from Certificates – The fields in this section cannot be modified. If you are registering a DoD CAC card, the Electronic Data Interchange-Personal Identifier (EDI-PI) number will be captured. If you are registering a NASA PIV card or NGC One Badge, the Subject Alternate Name will be captured.

6. You will now need to select the applications that you need access to. The invitation email that you

received from your Sponsor should provide the application(s) that you require access to. Please refer to

the email to select the applications to access.

NOTE: For each application, you have the option to enter the Sponsor Code. This field is not required. The

sponsor code is only necessary for the ForumPass applications. Your Sponsor or your ForumPass Sponsor

should have provided you with a sponsor code. You will not be approved for access to applications that

your sponsor has not pre-approved you for.


7. Click Next (located on the lower, right hand corner of the page) to complete the registration.

You will receive a submission confirmation page and a confirmation email.

What happens next?

Once you complete the registration process and receive the confirmation email, an administrator

will review your registration request. The account and application subscriptions will be approved

subject to confirmation received from the sponsor. You will receive notification of account and application approval status via email from Exostar.

How to Link Your Existing MAG Account to Your Third Party Credential 1. Login to your MAG account via https://portal.exostar.com.

2. Go to the My Account tab and select the Edit Profile sub-tab.

https://portal.exostar.com/

https://portal.exostar.com/


3. Scroll down to the Additional Login Options section. If you do not see the Additional Login Options

section at the bottom of the Edit Profile screen, you are currently unable to link your MAG account to your card. Contact Exostar Customer Support if you need assistance.

4. Make sure that your Third Party Credential Card is inserted into the card reader.

5. Click on the Associate your hardware/software certificate (not Exostar FIS Certificates) with your

MAG account link.

6. If you are prompted, select your certificate. Follow the prompts to complete the linking.

http://www.myexostar.com/Online-Support/


7. You will prompted to select your Third Party Credential Card Certificate from the digital certificate

list.

8. Select your Authentication certificate and click OK.

DOD CAC users: Select the signature certificate issued by the DOD EMAIL CA (e.g.

“DOD EMAIL CA-##”, “DOD JITC EMAIL CA-##”. This certificate contains your email

address, which is required when linking your CAC to your MAG account. Although

you must select the EMAIL certificate when linking your CAC to your account, you

may choose either certificate when logging on to MAG in the future.


NGC One Badge users: Select your Authentication certificate (this certificate will

have an “Enhanced Key Usage” that includes “Client Authentication

(1.3.6.1.5.5.7.3.2)”

9. The following screen is presented after the card is inserted in the card reader. Click OK.

NOTE: If you receive a message that no card is in the reader, you will need to ensure that the card is in the reader. Additional information can be found on page 9 (Possible Registration Error Messages).


10. You will be prompted to provide PIN for the card. Enter the PIN and click OK. The PIN number is

issued by your credential issuer. Exostar does not have PIN information available.

How to Login into Exostar’s Managed Access Gateway (MAG) with your Linked Third Party

Credentials 1. Once you have linked your third party credentials to your Exostar MAG account, go to

https://portalvs.exostar.com.

2. You will be prompted to select your certificate. Select your Third Party Credential Card.

NOTE: If your Third Party Credential is not inserted into the card reader, you may be prompted

to insert it at this time.

DOD CAC users: Select either the Identity certificate issued by DOD CA-## or the

Signature certificate issued by DOD EMAIL CA-##.

o Note: Although either certificate may be used to log on to an account with a linked

CAC, only the EMAIL certificate can be used for initial linking as described in the

above sections.


NGC One Badge users: Select your Authentication certificate (this certificate will have

an “Enhanced Key Usage” that includes “Client Authentication (1.3.6.1.5.5.7.3.2)”

3. Enter your Third Party Credential Card PIN when prompted.

4. Once your Third Party Credential Card is accepted, you will be presented the MAG

Dashboard. Your credential strength should say Medium Hardware Cert (located in the upper


right hand corner). You can now leverage your credential to access applications that require a

higher credential strength than just username and password.

How to Delink your Third Party Credential To request de-linking of your Third Party Credential from your MAG account, contact Exostar Customer Support.

Possible Registration Error Messages

Error Message: Insert Smart Card. You will receive this notification when there is no card in the reader.

To resolve, this, you will need to ensure that the card is in the reader.




Error Message: Registration You will receive this error message when your Third Party Credential is already registered with a MAG

account.

To resolve this, you should access the MAG Login page at: https://portalvs.exostar.com and select

your Third Party Credential from the list of certificates to access your existing MAG account. If you need to upgrade your existing MAG account for a new application, follow the steps below:

1. On the MAG Dashboard (Home tab), check if the application is listed under the My Applications

section.

2. If the application is listed, check the status of the application. If the status of the application says

Request Access, you do not have access to the application. Click on the Request Access link to request

access to the application. If you see the Open Application link, you are already subscribed to the

application.

3. If you were required to Request Access, you will receive a confirmation page and your subscription request will be queued for approval subject to sponsor approval. 4. You will receive an email notification once the request to the application has been approved or denied.

https://portalvs.exostar.com/



5. If you do not see the application listed under the My Applications section, you will need to work with your contact at your buying organization to be invited to the application. However, if you need access to Boeing Supply Chain Platform (BSCP) or SourcePass, please work with your Organization Administrator. Your Organization Administrator can subscribe the organization to these applications.

Error Message: No user certificate was found.

You will receive this message if you did not select any certificate(s), your certificates are expired or

clicked Cancel when the certificate selection pop-up appeared. If you have a valid Third Party

Credential Card, close the browser and open a new Internet Explorer browser. Click on the registration URL (sent by your sponsor) and select the Third Party Credential Card.

If you click on Start Registration (in the illustration above), an additional error message is presented

(see below). Close the browser, open a new Internet Explorer browser and re-start the registration process.

Error Message: User certificate is of unknown type.


This message is presented if you did not select your Third Party Credential Card during the certificate

selection. Close the browser and open a new Internet Explorer browser. Click on the registration URL and select your valid Third Party Credential Card.

If you click on Start Registration (in the illustration above), an additional error message is presented

(see below). Close the browser, open a new Internet Explorer browser and re-start the registration process.

Error Message: One or more required fields are missing.

You will receive this message when you click Next without providing all required information in the

Personal Information section. Review the Personal Information section of the registration and make sure all fields with a red asterisk * have been completed.


Error Message: Your entries in the Email Address and Confirm email address fields must be the same.

This message is presented if you clicked Next when the information in the Email Address and Confirm Email Address fields do not match. Make sure that the email address matches in both of these fields.

Error Message: Digital Certificate Error.

To resolve this, you will need to review your Third Party Credential validity by contacting your

credential issuer to verify validity. Once you have verified that your credential is valid (and is not

expired, corrupt or revoked) and you continue to receive this message while accessing MAG, contact

Exostar Customer Support.




Possible Login Issues

When accessing MAG, the user is not prompted for their Third Party Credential and receive the

following login page.

Clear your SSL state. You can do this by going to Tools (may display as a gear icon), Internet Options,

Content and then Clear SSL State. Once you have cleared your SSL state, using Internet Explorer, please

access https://portalvs.exostar.com. You should be prompted to select your certificate when you access this URL. Select your Third Party Credential and to access the MAG portal.

To Clear SSL State 1. Go to Tools and select Internet Options.

Note: Tools may display as a gear icon. If you do not see Tools or the gear icon, you can click CTRL+T.




2. Select Content and Clear SSL state.

3. Once you click on Clear SSL state, you will receive confirmation that your SSL cache was successfully

cleared.

Managed Access Gateway Third-Party Credential User Guide ...

Documents

Transcript of Managed Access Gateway Third-Party Credential User Guide ...