What is a third-party credential?
Department of Defense Common Access Card (DoD CAC) is a Third-Party Credential (CAC, PIV, NGC OneBadge, Canada DND PKI Smart Card) smart card, issued by the United States Department of Defense (DoD), NASA, or Northrup Grumman as a standard identification. It is also used for physical access to buildings, controlled spaces, and to gain access to computer networks and systems. Exostar now accepts Third-Party Credentials as an acceptable digital credential to access applications and services behind Exostar’s Managed Access Gateway (MAG) Platform.
As a courtesy to our users, Exostar reminds you that prior to linking your Department of Defense Common Access Card (DoD CAC) to your Exostar account you should confirm your usage of the DoD CAC on the Exostar Exchange is compliant with DoD requirements for its use. Section 1.4 of the DoD Certificate Policy stipulates that DoD CACs “shall only be used for transactions related to DOD business. Please verify compliance with this stipulation prior to using your CAC to access Exostar products, or any system accessed through Exostar’s Managed Access Gateway”.
Get Started
Access Requirements: In order to link your third-party credential, you must have an Exostar’s Managed Access Gateway (MAG) Account. Please see the steps below to complete the linking process. Prerequisites:
– The CAC Registration URL provided by your sponsor and application list for subscription (received via email and is not sent by Exostar).
– A valid DoD-issued CAC, NASA issued PIV Card, or Northrop Grumman One Badge.
– Card reader (may be a part of your computer and is not provided by Exostar).
If a MAG account has already been created for you, please skip to the Linking Credentials section. When receiving certificate prompts, please ensure the following:
- DoD CAC Users: Select the signature certificate issued by the DOD EMAIL CA (e.g. DOD EMAIL CA-##”, “DOD JITC EMAIL CA-##). This certificate contains your email address, which is required when linking your CAC to your MAG account. Although you must select the EMAIL certificate when linking your CAC to your account, you may choose either certificate when logging in.
- PIV Users: Select the PIV Authentication (9A) certificate.
- NGC One Badge Users: Select your Authentication certificate (this certificate has an “Enhanced Key Usage” that includes “Client Authentication (1.3.6.1.5.5.7.3.2).”
Step 1. Register for MAG
Once you complete the registration process and receive the confirmation email, an Administrator reviews your Registration Request. The account and application subscriptions are approved, subject to confirmation received from the sponsor. You will receive notification of account and application approval status via email from Exostar.
2. Select your PIV-Auth Cert and click OK.
3. Insert Smart Card dialog box displays after the card is inserted in the card reader. Click OK.
NOTE: If you receive a message that no card is in the reader, please ensure the card is in the reader.
4. You are prompted to provide the PIN for the card. Enter the PIN and click OK.
NOTE: The PIN number is provided by your credential issuer. Exostar does not have PIN information available.
5. The User Registration page displays. Click Start Registration.
6. On the Registration page, please verify the information displayed is correct before clicking Next.
7. Select the applications you need to access (please refer to the invitation email sent from your sponsor to help determine your application requirements).
8. Click Next to complete the registration process.
Step 2. Link Credential
2. Navigate to the My Account tab, then the Edit Profile sub-tab.
3. Scroll down to Additional Login Options.
NOTE: If you do not see the Additional Login Options section at the bottom of the Edit Profile screen, you are currently unable to link your MAG account to your card. Contact Exostar Customer Support if you need assistance.
4. Ensure your Third-Party Credential Card is inserted into the card reader. Click Associate your hardware/software certificate (not Exostar FIS Certificates) with your MAG account link.
5. If prompted, select your certificate. Follow the prompts to complete the linking. Select your Third-Party Credential Card Certificate from the digital certificate list, and click OK.
6. Next Insert Smart Card dialog window displays after the card is inserted in the card reader. Click OK.
NOTE: If you receive a message that no card is in the reader, ensure the card is in the reader.
7. You are prompted to provide the PIN for the card. Enter the PIN and click OK.
NOTE: The PIN number is issued by your credential issuer. Exostar does not have PIN information available.
Step 3. Login with Credential
2. You are prompted to select your certificate. Select your Third-Party Credential Card.
3. Enter your Third-Party Credential Card PIN when prompted.
4. Once your Third-Party Credential Card is accepted, you are logged into your MAG account.
5. On the MAG Dashboard, your credential strength should display Medium Hardware Cert (located in My 2FA Credentials section).
To learn more about Third-Party Credentials or troubleshooting tips, view the user guide.