EAG is an Exostar service that allows users to access SAM applications and services accessible through the platform, using their company-issued credentials. EAG must be enabled at the organization level, and is typically implemented across an entire organization. Users should look for notification from their organizations to begin using EAG.
To link your company-issued credentials to SAM, you will need an Exostar SAM account along with your company-issued credentials. Additionally, your company must be subscribed to Exostar’s EAG service.
Register for EAG
2. Your IT Team works with Exostar to implement integrated technology.
3. EAG technology allows users to connect corporate credentials to access customer organization applications behind Exostar’s Secure Access Manager (SAM).
NOTE: Before users can start linking their corporate credentials to their MAG account, EAG must be enabled at the organization level.
Link your EAG Account
2. Go to the My Account tab and click Edit Profile.
3. If your organization is subscribed to the EAG service, you will see the Remote Identity Provider (R-IDP) Account Settings section which allows you to link your account. Click the Link.
4. A notification displays. To save profile changes, click OK. Click OK to start the account linking process.
5. Click Connect to Identity Provider.
6. If you have logged into your corporate network, click Link Account. If you have not, you are prompted to provide your network credentials. The displayed page is specific to your company. After entering corporate credentials, the Account Linking page displays. Click Link Account.
7. After clicking Link Account, your corporate network ID displays.
8. Click Complete Account Linking to complete linking process.
9. The logout screen displays. Close the browser.
10. A persistent cookie is saved on your computer to identify you by your company (also called the Corporate Identity Provider). The cookie will ensure that you don’t need to enter this information for subsequent logins to SAM.
NOTE: If you clear the browser history or use a different browser, you will need to select the Corporate Identity Provider for the Exostar SAM Platform once again.
Bulk Load Subscriptions
Organization Administrators and Exostar Portal Administrator (EPA) who want to add multiple users can subscribe users to the EAG service by entering the Remote Identity Provider (R-IDP) for the user in the ridpUserID field in the .CSV file. Once upload completes, users receive an email with instructions on how to access Exostar’s Secure Access Manager (SAM).
NOTE: You must have the Organization Administrator or EPA role to use the User Upload feature.
2. Access User Upload.
Scenario 1: Organization Administrators will need to go to the Administration tab and click the appropriate sub-tab (User Upload).
Scenario 2: EPA will need to go to the Customer Support tab, then click View Organizations to search for an organization. Click the hyperlinked Org ID to access organization details and then click Upload Users.
3. Complete the .CSV template and ensure the ridpUserID field is completed. Do not enter information in the password field. This will cause an error when uploading the file. Save the completed template as .CSV. (For instructions on how to use User Upload and to obtain the .CSV file, use Online Help).
NOTE: Application access requires approval by an Application Administrator. If an application requires additional approval, the request routes to the next participant in the approval workflow.
4. Once the upload completes, users receive an email with instructions about accessing the Exostar SAM Platform. Users will follow steps 5-7 to complete EAG connection.
5. Go to https://secureaccess.exostar.com and enter SAM User ID/Email address and then click Next.
6. Depending on the RIDP associated to SAM User ID, you are directed to a login page where you are required to enter your corporate credentials. If you are unable to login and need your corporate password reset, contact your IT department or Internal Helpdesk.
7. A persistent cookie is saved on your computer to identify you by your company (also called the Corporate Identity Provider). The cookie will ensure that you don’t need to enter this information for subsequent logins to Exostar’s SAM.
NOTE: If you clear the browser history or use a different browser, you will need to enter your SAM User ID/Email address on SAM login screen once again. The next time you access your account using EAG, you are directed to enter your corporate credentials, which will log you directly into your account. You can save the SAM URL as a favorite in your browser or saved as an icon on your desktop.
Link Account – JIT Provisioning
Just-In-Time provisioning allows users to be provisioned in SAM automatically. Users go through a one-time registration process and are required to subscribe an application. When account attributes change in the Enterprise, JIT based assertion allows user attributes to be updated in SAM when users federate to Exostar SAM services.
Enterprises that have configured and subscribed to EAG (Remote Identity Provider service connection) in SAM can place a URL on their internal website. Employees can self-register for Exostar SAM connected application services.
NOTE: JIT URL is different per EAG.
2. Use your native (corporate) credentials to complete login.
3. The JIT User Registration page displays. Click Next.
4. Personal information displays.
5. Please note most fields are not editable. The information displaying in these fields is provided from your corporate identity provider and not Exostar. Click Next.
6. Select applications you need to access. Click Next to complete. Application access requires approval by an Application Administrator. If an application requires additional approval, the request routes to the next participant in the approval workflow.
7. A persistent cookie is saved on your computer to identify you by your company (also called the Corporate Identity Provider). The cookie will ensure that you don’t need to enter this information for subsequent logins to SAM.
NOTE: If you clear the browser history or use a different browser, you will need to provide your SAM User ID/Email on the login screen so that EAG service can identify R-IDP associated with user profile.