This page reviews MAG FIS Administrator role and common tasks they can perform. To view the MAG FIS Administrator guide, click here.
Responsibilities
Federated Identity Service (FIS) Administrators can perform these common tasks in Managed Access Gateway (MAG):
Authorize FIS
2. Select Registration Requests sub-tab. Click Authorize FIS. Any pending requests display.
3. Click the Request ID. The user’s information displays.
4. Review the User’s information. Please verify the User ID, first and last name matches their legal name. Also verify the email address is valid (public email addresses such as Hotmail, Gmail, etc – are not allowed).
NOTE: For example, Patrick Starr is a match for starrp_8036. If the request displays a first and last name of Patrick Starr but the user id is doej_1234, the request must be denied. Additionally, ensure the user registered a business domain email address. For MLOA Certificates, ensure the user’s first and last name matches their proofing appointment identity documents. If an account is non-compliant, users need to work with their Organization Administrator to obtain a new account.
5. You can modify the following fields if the user entered incorrect information:
– Partner/Application: Which requires digital certificates.
– Certificate Assurance Level: Basic (BLOA), Medium (MLOA), or Unknown.
– Certificate Usage: Only displays if user selects Basic.
– Certificate Type: Software, Hardware, or Unknown.
– Certificate Validity Period: 1 or 3 years. One year is only available for Basic.
– Request Reason: Reason why user requires certificates.
6. From FIS Administrator Action, select Approve or Deny. If denying, you are required to enter comments. Click Next.
7. If approving a BLOA certificate request, the user will receive an email with installation instructions. If approving MLOA certificates, the request is routed to Exostar for review.
Revoke FIS Certificates
FIS Administrators can revoke certificates for users within their organization. Once certificates are revoked, they can no longer be used. New certificates will require a new purchase.
2. Go to the Administration tab. Click View Users sub-tab.
3. Search for the User. Once the results display, click the User ID hyperlink.
4. Scroll to the Certificates section. Click Revoke.
5. Select the Certificates you are revoking. You are required to select a revocation reason and enter comments. Click Submit.
6. You will receive a Certificate Revocation Request form. Click Sign.
7. A signing page displays, enter your MAG password in the Passcode field. Click Sign.
8. Click Done (located in the lower, right corner of the page) when finished.
Users can revoke their own certificates at any time.
1. You should revoke a user’s certificates if you believe the security of those certificates have been compromised in any way.
2. You should revoke a user’s certificates if they are no longer employed with your organization.
3. Revocation of certificates is a Permanent action (i.e. there is no way to recover those certificates and the user must reapply should they need those certificates).
Upgrade Organization to FIS MLOA
If your organization is subscribed to the Basic Level of Assurance (BLOA) Digital Certificate Service, but your users require a Medium Level of Assurance (MLOA) Digital Certificates, please contact your Organization Administrator for assistance. They can request an Upgrade for FIS MLOA certificate.