PDF DOWNLOAD: If you have issues opening the files below, please refresh your screen or right click and download the files to your local drive. This process may differ depending on your web browser.
User Guides
| Guide Name | Guide Description |
|---|---|
| Phone OTP User Guide | This guide provides information and instructions specific to the Phone OTP process. |
| OTP Hardware Token User Guide | This guide provides information and instructions specific to the OTP Hardware Token process. |
| OTP Renewal Guide | This guide provides information and instructions on renewing your OTP. |
| Exostar OTP Policy | This document provides policies and information on the OTP product. |
OTP FAQs
Please see the One-Time Password (OTP) Frequently Asked Questions (FAQs):
General
What is One-Time Password (OTP)? Is it the same as 2FA/MFA?
One Time Password refers to technology that requires users to authenticate during login with an additional temporary PIN. This PIN is valid for a single login session, and it is sent to the device or app that the user has in his/her possession. Exostar provides three types of OTP credentials: Exostar Mobile ID, OTP Hardware Token, and Phone OTP.
We use the terms OTP, 2FA (two-factor authentication), and MFA (multi-factor authentication) interchangeably, to mean the two-level protection for applications hosted in our system. The first level consists of the traditional user ID and password combination. The OTP provides the second layer of protection.
We use the terms OTP, 2FA (two-factor authentication), and MFA (multi-factor authentication) interchangeably, to mean the two-level protection for applications hosted in our system. The first level consists of the traditional user ID and password combination. The OTP provides the second layer of protection.
Can I share my OTP credential with someone else?
No, credentials cannot be shared. Each user requires their own credential. Sharing credentials is a violation of Exostar’s policy.
I have not activated my OTP credential. Can I give it to someone else?
If you have not activated the credential, it can be given to someone else, as long as the license key (provided at the time of purchase) has not been used.
My OTP credential has been lost or stolen. What should I do?
We recommend suspending the credential if you think it might have been misplaced. However, if you suspect it was stolen, revoke your credential immediately.
How do I purchase an OTP credential? How long is the subscription?
You can purchase credentials at Exostar’s Webstore. Our OTP credentials are sold as Annual Subscriptions (subscriptions are valid for one year from the date of purchase, and the renewal period lasts for 12 months).
Identity Proofing
What is Identity Proofing and why is it required?
Identity proofing refers to the process, by which Exostar verifies users’ identities before activating their credentials. Identity proofing provides a higher level of security, and some companies set it as the prerequisite for access to their secure applications. Exostar uses two proofing methods to verify a user’s identity. If you are located in the United States, you can complete identity proofing instantly by answering Experian credit bureau-based questions, or by scheduling a live proofing video proofing via webcam. Users located outside of United States must schedule a live proofing session.
Why is personal information required when activating my credential?
You might have already encountered the Experian identity proofing process in other contexts. Today, this type of proofing is a common practice for detecting fraud and establishing the validity of the individual’s identity. All checks are done through Experian, and the sole purpose of this process is to validate you are the person who you claim to be.
Will anything change on my credit report if I decide to activate my credential by answering credit bureau-based questions? Will it affect my credit rating?
No, a soft inquiry is placed on the report, and it is only available to you and Exostar. This does not affect your credit score or your ability to borrow. Please note credit bureau-based questions are only available to users located in the United States.
Is any personal information saved or stored during the Experian instant proofing (Social Security Number, Date of Birth and Personal Contact Information)?
No, this information is not stored or saved by Exostar. If you are answering credit bureau-based questions, the credit bureau already possesses this information, and is using it solely as matching or search criteria.
Who can complete Live Video Proofing?
Users located internationally must complete live video proofing using a webcam. Users located in the United States may be required to complete live video proofing if they cannot verify their identity through the self-service proofing option.
What if I don’t have a Webcam? Can I use a camera on my smart phone?
If you have a smart phone, the appointment can be completed using the camera on your phone. Before your appointment, download the Microsoft Teams application.
What important information safety measures are applicable during the proofing?
The Proofer shall not collect or record copies or images of the identity documents presented by the Applicant during the proofing event.
The Proofer shall record the results of the proofing event in an SSL/TLS protected MAG session which is authenticated by Level 4 PKI two-factor credentials. Level 4 PKI certificate is a Medium Level of Assurance hardware certificate issued to Exostar staff to ensure a trusted connection between the user and Exostar systems. Exostar proofers will need to be in possession of and leveraging their credential in order to access the systems necessary to conduct the proofing. The issuance process for a PKI Level 4 credential is significantly more rigorous than Phone OTP, hardware OTP, and many other industry-standard credential types.
No recording or transcript of the Video Proofing event shall be created or retained by any party. The minimum retention periods for archive data is 3 years for Exostar’s MAG Platform and EAG Subscriber authentication events, and 10 years and 6 months for Exostar OTP proofing, provisioning, re-sync, and de-provisioning events.
Exostar records and stores the type of document presented, the issuer of the document, the unique document number, the legal name as it displays on the document, and the expiration of the document.
The Proofer shall record the results of the proofing event in an SSL/TLS protected MAG session which is authenticated by Level 4 PKI two-factor credentials. Level 4 PKI certificate is a Medium Level of Assurance hardware certificate issued to Exostar staff to ensure a trusted connection between the user and Exostar systems. Exostar proofers will need to be in possession of and leveraging their credential in order to access the systems necessary to conduct the proofing. The issuance process for a PKI Level 4 credential is significantly more rigorous than Phone OTP, hardware OTP, and many other industry-standard credential types.
No recording or transcript of the Video Proofing event shall be created or retained by any party. The minimum retention periods for archive data is 3 years for Exostar’s MAG Platform and EAG Subscriber authentication events, and 10 years and 6 months for Exostar OTP proofing, provisioning, re-sync, and de-provisioning events.
Exostar records and stores the type of document presented, the issuer of the document, the unique document number, the legal name as it displays on the document, and the expiration of the document.
Mobile ID
Why do I need to use Mobile ID? What are the benefits?
Due to the sensitivity of transactions you conduct, you are required to authenticate using the Multi-Factor Authentication (MFA) technology. Mobile ID ensures that it is really you who initiates these transactions. Exostar Mobile ID offers the following important benefits:
One Touch Authentication Capability: The Authy™ app provides users with One Touch authentication capability. This means you can authenticate directly from your app, without entering an OTP code every single time.
Ability to authenticate without Internet Connection: The Authy™ app’s Soft OTP Token mode can be used when your mobile device is offline, and you do not have to carry a special Hardware OTP token. If you do not have an Internet connection, use the Soft OTP option and manually enter the code from your mobile device.
One Touch Authentication Capability: The Authy™ app provides users with One Touch authentication capability. This means you can authenticate directly from your app, without entering an OTP code every single time.
Ability to authenticate without Internet Connection: The Authy™ app’s Soft OTP Token mode can be used when your mobile device is offline, and you do not have to carry a special Hardware OTP token. If you do not have an Internet connection, use the Soft OTP option and manually enter the code from your mobile device.
What types of phones and tablets can I use for Mobile ID?
Authy™ can be used on any Apple or Android smartphone or tablet, and a Google Chrome plugin can be used with Chrome on Windows, OSX, and Linux. The primary device on your Authy™ account must be a mobile telephone with the phone number you used to register your app.
Can I register multiple phone numbers to the Mobile ID service?
No, you can only register one phone number to the Mobile ID service.
When should I download the Authy™ app to my phone?
You may download the Authy™ app and register your phone number with the Authy™ service at any time. If you have not yet downloaded the Authy™ app when registering for Exostar Mobile ID, you receive an SMS message with the link to download the app to your mobile phone.
How do I know if my account is successfully set up and bound with the Authy™ app on my phone?
Once you complete the activation and registration process, a success message displays on the screen within MAG, SAM, or your EHR system.
Why is Authy asking me to enable a backup password?
Authy asks you to enable a back-up password if you have Authy installed on multiple devices, or are using it for multiple services. It is optional to set up a back up password.
What should I do if my OTP code expired when using One Touch?
If you fail to approve or deny from your mobile device within the allotted time frame, generate a new OTP code using One Touch. Simply click One Touch from your Exostar MAG or SAM account. The ability to automatically approve or deny presents again. You can also manually enter the soft OTP code (displayed in the Authy™ app) into the Soft OTP field in your MAG or SAM account.
I did not receive the SMS message with link to install or register Authy. What should I do?
Sometimes, due to high network traffic or spam filters, you will not receive the text message. Follow the steps below to install the app and to register:
To install the app, open http://www.authy.com/install on your phone’s browser. This redirects to Authy’s app for your phone. Simply install and configure it. Register the app using the same phone number you used to register for Exostar’s Mobile ID service.
To register: If you do not receive SMS messages, request the code to be sent via a phone call.
To install the app, open http://www.authy.com/install on your phone’s browser. This redirects to Authy’s app for your phone. Simply install and configure it. Register the app using the same phone number you used to register for Exostar’s Mobile ID service.
To register: If you do not receive SMS messages, request the code to be sent via a phone call.
I am not receiving OneTouch requests on my mobile device. Can I still login?
Yes, if you are having trouble getting online with your mobile device, you can use the Soft OTP Token mode. Follow the steps below to log in using Soft OTP:
1. If you already requested OneTouch authentication, click the small X button next to the progress bar within the Mobile ID logon page in MAG.
2. On your mobile device, click the No Mobile Connection link in the Authy™ app.
3. Type the six or eight digit code displayed on the screen of your mobile device into the Mobile ID logon page in MAG to authenticate.
ProviderPass users, refer to your EHR vendor’s support materials to determine how to cancel an existing eRx request, and use Soft OTP mode instead. If you have additional questions or issues, please contact Exostar Customer Support.
1. If you already requested OneTouch authentication, click the small X button next to the progress bar within the Mobile ID logon page in MAG.
2. On your mobile device, click the No Mobile Connection link in the Authy™ app.
3. Type the six or eight digit code displayed on the screen of your mobile device into the Mobile ID logon page in MAG to authenticate.
ProviderPass users, refer to your EHR vendor’s support materials to determine how to cancel an existing eRx request, and use Soft OTP mode instead. If you have additional questions or issues, please contact Exostar Customer Support.
What should I do if I am not receiving push notifications?
If you are using the One Touch option, and are not receiving push notifications to your mobile device, ensure Allow Notifications is set to Allow in your mobile device settings. If you confirmed Allow Notifications is turned on, ensure all apps are closed on your device. Click One Touch to try again.
There is no code displaying in the Authy™ App. What should I do?
If the app is not generating a code, close the app and reopen it. If this does not resolve the issue, uninstall the app from your phone, and reinstall it from the mobile app store. Exostar Mobile ID will not be deleted from the app when you uninstall. Upon reinstallation of the app, you will see Exostar Mobile ID for Exostar’s MAG or SAM Platform.
I am receiving Public Key Error. What should I do?
If you receive a Public Key error in the Authy™ app, please uninstall the app from your phone, and reinstall it from the mobile app store. Exostar Mobile ID will not be deleted from the app when you uninstall. Upon reinstallation of the app, you will see Exostar Mobile ID for Exostar’s MAG or SAM Platform.
What should I do if I am unable to automatically approve/deny after clicking One Touch?
If you are not automatically prompted to Approve or Deny after clicking One Touch, you can approve or deny from the app. It can take up to 30 seconds to receive the option. To approve or deny from the app:
1. Go to the Authy™ App on your mobile device.
2. Click Requests (upper, left corner of app).You will see the status of Pending, Accepted and Denied requests. Click Pending.
3. If the code has not expired, click Approve me to authenticate.
4. Click Approve or Deny.
1. Go to the Authy™ App on your mobile device.
2. Click Requests (upper, left corner of app).You will see the status of Pending, Accepted and Denied requests. Click Pending.
3. If the code has not expired, click Approve me to authenticate.
4. Click Approve or Deny.
OTP Hardware Token
What should I do if my token says “locked”? How do I unlock it?
Your token might get locked due to repeated login failures. If this happens, follow the steps below to unlock your token:
1. Go to https://portal.exostar.com.
2. Login to your Exostar MAG account using Email Address/User ID and Password only.
3. Select My Account. Select Manage OTP.
4. Click View Details.
5. Click Resync.
6. Press the button on the front of the token to generate a digital password. Enter this number into the One-Time Password One field. Wait 30 seconds.
7. Press the button on the token to generate a second digital password. Enter this number into the One-Time Password Two field.
8. Click the Resync button.
1. Go to https://portal.exostar.com.
2. Login to your Exostar MAG account using Email Address/User ID and Password only.
3. Select My Account. Select Manage OTP.
4. Click View Details.
5. Click Resync.
6. Press the button on the front of the token to generate a digital password. Enter this number into the One-Time Password One field. Wait 30 seconds.
7. Press the button on the token to generate a second digital password. Enter this number into the One-Time Password Two field.
8. Click the Resync button.
How can I renew my OTP Hardware Token?
Please see the OTP Renewal page for complete instructions and additional renewal information.
Will I receive a new OTP Hardware Token when I complete renewal?
No, a new OTP Hardware Token is not issued. If you need a new token, purchase a new subscription instead of a renewal.
I am receiving an OTP Hardware Token replacement. What do I need to do?
You need to revoke your existing OTP Hardware Token before activating your new token. We recommend you revoke your token 24 hours prior to activating your new token.
What are the steps for revoking my old token?
Follow these steps to revoke your old token:
1. Go to https://portal.exostar.com.
2. Login to your account using Email Address/User ID and Password only.
3. Go to the My Account tab.
4. Click the Manage OTP sub-tab.
5. Click View Details, and click Revoke.
6. You receive a message asking to confirm the revocation: click OK.
1. Go to https://portal.exostar.com.
2. Login to your account using Email Address/User ID and Password only.
3. Go to the My Account tab.
4. Click the Manage OTP sub-tab.
5. Click View Details, and click Revoke.
6. You receive a message asking to confirm the revocation: click OK.
The battery died on my OTP Hardware Token. Can I be issued a new token?
You need to purchase a new token if the token purchase is outside of the 45 day warranty period. Please note the battery should last for a period of three to five years depending on the number of times you use your token.
My OTP Hardware Token displays an Err message, and I am unable to access my application. What should I do?
If your token shows Err, or the numbers on the screen are ineligible, you need a new token. Please note an OTP Hardware Token is covered under warranty for 45 days from the date of your purchase.
The numbers on my OTP Hardware Token don’t display correctly. What should I do?
You need a new token. Please review the Warranty FAQs section to verify if your token is under warranty.
What do I do if my token is suspended?
After the expiration of the OTP Hardware Token, the token status will change to Suspended. If your token is suspended, you will not be able to login with your token, but you will be able to renew it for a year after the expiration. If you do not renew your token within this time period, your token will be revoked.
Phone OTP
How many phone numbers can I register in my account? Should I register additional phone numbers?
You can register up to three (3) phone numbers, and we recommend registering at least two (2). If at some point you lose access to your primary and only phone number, you lose access to your OTP as well. With two or three phone numbers, you can use your alternative phone numbers to receive OTPs and update phone numbers on record.
How can I update the primary phone number and add additional numbers to my OTP?
For the security of your account, you must be logged in with your Phone OTP credential to add or update phone numbers. If you are unable to login with the currently registered phone number, you must purchase a new subscription.
To update the primary phone number, login to your MAG account with your Phone OTP. Add the desired phone number as new, and then delete the previous phone number. To add the phone number, follow these steps:
1. Log into your Exostar MAG account with your Phone OTP credential.
2. Click the My Account tab and Manage OTP.
3. From the Manage OTP section, click View Details.
4. Click Add Phone.
5. Select Delivery Method and enter phone number in Phone Number and Confirm Phone Number fields.
6. Click Send Code. A verification code is sent to the selected delivery method.
7. Enter the verification code in the Verification Code field. Click Submit to complete.
To update the primary phone number, login to your MAG account with your Phone OTP. Add the desired phone number as new, and then delete the previous phone number. To add the phone number, follow these steps:
1. Log into your Exostar MAG account with your Phone OTP credential.
2. Click the My Account tab and Manage OTP.
3. From the Manage OTP section, click View Details.
4. Click Add Phone.
5. Select Delivery Method and enter phone number in Phone Number and Confirm Phone Number fields.
6. Click Send Code. A verification code is sent to the selected delivery method.
7. Enter the verification code in the Verification Code field. Click Submit to complete.
How do I purchase the Identity Proofing Upgrade for an existing Phone OTP?
If you have an existing MAG account with an OTP attached to it, you must initiate the purchase of a proofing upgrade after you log into your MAG account. Follow the steps below to complete your purchase:
1. Log into your MAG account.
2. Go to the My Account tab, and click the Manage OTP sub-tab.
3. Scroll to the Proofing Upgrade, check the box that you understand the requirements, and click Upgrade.
4. Follow the prompts to complete your purchase. In order to finalize your upgrade, complete the identity proofing process. To learn more, review the information on the Identity Proofing page.
1. Log into your MAG account.
2. Go to the My Account tab, and click the Manage OTP sub-tab.
3. Scroll to the Proofing Upgrade, check the box that you understand the requirements, and click Upgrade.
4. Follow the prompts to complete your purchase. In order to finalize your upgrade, complete the identity proofing process. To learn more, review the information on the Identity Proofing page.
What do I do if my Phone OTP expired?
As long as your token still shows in your MAG account, you can follow the renewal process. To view your token in MAG:
1. Log into your MAG account.
2. Navigate to the My Account tab.
3. Select the Manage OTP sub-tab to view your token.
1. Log into your MAG account.
2. Navigate to the My Account tab.
3. Select the Manage OTP sub-tab to view your token.
Renewal
How can I purchase a renewal for my OTP credential?
Follow the steps below to renew your OTP credential:
1. Login to MAG via https://portal.exostar.com.
2. Go to the My Account tab.
3. Select Manage OTP.
4. Scroll down, and click the Renew button. The Renew button will be visible only if you are within the eligibility period for renewing your OTP credential.
5. Select the appropriate subscription.
6. Click Add to Cart, and complete the checkout process.
1. Login to MAG via https://portal.exostar.com.
2. Go to the My Account tab.
3. Select Manage OTP.
4. Scroll down, and click the Renew button. The Renew button will be visible only if you are within the eligibility period for renewing your OTP credential.
5. Select the appropriate subscription.
6. Click Add to Cart, and complete the checkout process.
I purchased a renewal for my OTP, but it still shows as expired, and I am unable to login. Why?
Please make sure you purchased the renewal, and not a brand-new OTP credential. If you purchased the renewal, please note there is a delay in activation if you paid using the invoice option. The payment must go through before your credential is renewed. If your situation does not fit the above scenarios, please contact Exostar Customer Support.
I am an administrator for my company. How can I purchase an OTP renewal for other users?
Follow the steps below to renew the OTP subscription for other users:
1. Log into your Exostar account via https://portal.exostar.com.
2. Select Billing and Support at the bottom of your MAG Dashboard.
3. You will be redirected to another page, select Subscription Renewals.
4. Next choose the appropriate OTP type from the drop-down options, then select the appropriate subscription. Please note that you can renew subscriptions for yourself, for other users and yourself, or for other users only.
5. Click Add to Cart at the bottom of the screen, and complete the checkout process.
1. Log into your Exostar account via https://portal.exostar.com.
2. Select Billing and Support at the bottom of your MAG Dashboard.
3. You will be redirected to another page, select Subscription Renewals.
4. Next choose the appropriate OTP type from the drop-down options, then select the appropriate subscription. Please note that you can renew subscriptions for yourself, for other users and yourself, or for other users only.
5. Click Add to Cart at the bottom of the screen, and complete the checkout process.