Responsibilities
Organization Administrators can perform the following common tasks in SAM:
- Accept Terms and Conditions
- Add New Users and Manage Existing Users
- Manage Application Access
- Manage Users and Access in Batch
- Reset Passwords
- Manage Organization Details
Org Admin Insights
The New Organization Admin Insights dashboard (March 2024) provides tailored insights with widgets that offer essential information at a glance, allowing admins to effectively analyze and understand their user’s activity.
As the Org Admin, select the Organization from the drop-down list in the Application Access to view the user’s data for that organization. Click Update Data to refresh the insights for each organization.
- User Activity
- Application Access
- Login Count for Application
This chart will display the user activity for your organization. The default display will show the user’s activity for active, suspended, and inactive users within your organization. You can view data for your organization for the last 7 days, 30 days, or up to 11 previous months.
This chart will display the user base who has access to the selected application that your organization is subscribed to. The view will display the total population of users in your organization subscribed to the application and the users who are active or suspended for this application. The percentages will show changes in this population for the past 7 days.
This chart will display the most accessed applications that the selected organization is subscribed to. It will also display login counts to display how many users have accessed this application within the selected organization over the past 30 days.
Tabs for Org Admins
There are two tabs in SAM Org Admins use to complete their administrative duties: the Administration and Registration Requests tabs. The absolute majority of admin duties can be completed from the Administration tab. The links on the left are clickable. The GIF below offers the view of your SAM account from the Administration and Registration Requests tabs:
Accept Terms & Conditions
To accept Terms and Conditions, follow the steps below:
1. Log into the Exostar SAM Platform at https://secureaccess.exostar.com.
2. Under the Home tab, click the View Service Agreement link (it displays next to the applications).
3. After reviewing the agreement, and click I Agree to accept it. The Service Agreement Confirmation message will display.
2. Under the Home tab, click the View Service Agreement link (it displays next to the applications).
3. After reviewing the agreement, and click I Agree to accept it. The Service Agreement Confirmation message will display.
Add New Users
To add an individual new user account in SAM:
1. Log into the Exostar SAM Platform at https://secureaccess.exostar.com.
2. Navigate to the Administration tab, and click Add New User. A password message displays, but the password is not required for this action.
3. In the Add New User section, complete all required fields (marked with the red asterisk).
4. In the Application Settings section, select a Role for the new user.
NOTE: The choices include: User, Organization Admin, Application Admin, and both Organization Admin and Application Admin.
5. Select the applications users should have access to, and click Continue.
NOTE: If the Application Administrator or Organization Administrator & Application Administrator role is assigned, you must also designate the applications this user is authorized to administer. By default, the Application Administrator role is disabled for most applications.
6. Review and verify the information you entered. Click Modify to make any changes or Cancel to cancel this transaction. Click Submit.
2. Navigate to the Administration tab, and click Add New User. A password message displays, but the password is not required for this action.
3. In the Add New User section, complete all required fields (marked with the red asterisk).
4. In the Application Settings section, select a Role for the new user.
NOTE: The choices include: User, Organization Admin, Application Admin, and both Organization Admin and Application Admin.
5. Select the applications users should have access to, and click Continue.
NOTE: If the Application Administrator or Organization Administrator & Application Administrator role is assigned, you must also designate the applications this user is authorized to administer. By default, the Application Administrator role is disabled for most applications.
6. Review and verify the information you entered. Click Modify to make any changes or Cancel to cancel this transaction. Click Submit.
How do Users Register themselves for a SAM Account?
You can ask new users to self-register for a SAM Platform account. Ask them to access self-registration at https://secureaccess.exostar.com/userRegistration. Please note you will need to provide your users with the Org ID for your company, in order for them to proceed through self-registration. After the user registers, you will receive an email verification about a pending user request.
To approve a user via self-registration:
1. Log into Exostar SAM Platform at https://secureaccess.exostar.com.
2. Navigate to the Registration Requests tab, and access the Verify link to view the list of pending requests.
3. Click the Request ID link for the request you would like to approve.
4. Review the User Registration Request information, including the Products & Services access request. Click Next.
5. Complete all required fields, and click Next. If you select Deny, you are required to enter Comments to explain your reasons for denial.
6. The Confirmation page displays, confirming the user’s active SAM status.
2. Navigate to the Registration Requests tab, and access the Verify link to view the list of pending requests.
3. Click the Request ID link for the request you would like to approve.
4. Review the User Registration Request information, including the Products & Services access request. Click Next.
5. Complete all required fields, and click Next. If you select Deny, you are required to enter Comments to explain your reasons for denial.
6. The Confirmation page displays, confirming the user’s active SAM status.
Manage Existing Users
To locate users and modify their profiles:
1. Log into Exostar SAM Platform at https://secureaccess.exostar.com.
2. Access the Administration tab on the Exostar SAM Platform portal. Click View Users.
3. Use filters to narrow your search, or view the complete list of users in your Organization by clicking Search.
4. All search results display. Click the User ID to access the user’s profile information.
5. Make changes in User Profile section, and click Continue.
NOTE: In the User Profile section, you can update any field, except for User ID, Role, Org Name, and Org ID. In the Application Settings section, you can update a user’s role, access to applications, and access to SAM. You can also reset the user’s one-time password.
6. Verify the changes. You can click Modify to go back and make further changes, or Cancel to go back to the Search page. Click Submit.
NOTE: The Modify Email option allows you to update a user’s email address. After an Org Admin modifies the email address, the user receives an email with the activation code and steps for activating their new email address. The new email address is not reflected in Exostar SAM Platform until the user completes the activation process. However, this feature does not work with SSO/EAG users. SSO/EAG users who need to update their email, must contact their Corporate Helpdesk. Also, Admins of a Sponsor-Managed Org cannot update user profiles once a user becomes “Shared,” or subscribed to at least one non-sponsor application.
2. Access the Administration tab on the Exostar SAM Platform portal. Click View Users.
3. Use filters to narrow your search, or view the complete list of users in your Organization by clicking Search.
4. All search results display. Click the User ID to access the user’s profile information.
5. Make changes in User Profile section, and click Continue.
NOTE: In the User Profile section, you can update any field, except for User ID, Role, Org Name, and Org ID. In the Application Settings section, you can update a user’s role, access to applications, and access to SAM. You can also reset the user’s one-time password.
6. Verify the changes. You can click Modify to go back and make further changes, or Cancel to go back to the Search page. Click Submit.
NOTE: The Modify Email option allows you to update a user’s email address. After an Org Admin modifies the email address, the user receives an email with the activation code and steps for activating their new email address. The new email address is not reflected in Exostar SAM Platform until the user completes the activation process. However, this feature does not work with SSO/EAG users. SSO/EAG users who need to update their email, must contact their Corporate Helpdesk. Also, Admins of a Sponsor-Managed Org cannot update user profiles once a user becomes “Shared,” or subscribed to at least one non-sponsor application.
How do I resend the activation email to a user:
Organization or Service Provider Administrators can resend the Activation Email for inactive users from the Application Settings section of the User Details page. Locate the user and access their profile page by following the steps above. Complete these steps:
1. Log into Exostar SAM Platform at https://secureaccess.exostar.com.
2. Access the Administration tab on the Exostar SAM Platform portal.
3. Click View Users, and use filters to narrow your search. Click Search.
4. Click the User ID to access the user’s profile information.
5. If a user account has an Inactive status, scroll down to the Application Settings, and click Resend Activation Email.
6. A confirmation page displays. Click Submit to resend the email.
1. Log into Exostar SAM Platform at https://secureaccess.exostar.com.
2. Access the Administration tab on the Exostar SAM Platform portal.
3. Click View Users, and use filters to narrow your search. Click Search.
4. Click the User ID to access the user’s profile information.
5. If a user account has an Inactive status, scroll down to the Application Settings, and click Resend Activation Email.
6. A confirmation page displays. Click Submit to resend the email.
To suspend, reactivate, or delete a SAM user:
1. Log into Exostar SAM Platform at https://secureaccess.exostar.com.
2. Access the Administration tab on the Exostar SAM Platform portal.
3. Click View Users, and use filters to narrow your search. Click Search.
4. Click the User ID to access the user’s profile information.
5. Scroll down to the Application Settings, and click one of these buttons: Suspend User Access or Delete User. A confirmation page will display.
NOTE: Sponsor Managed Organization Administrators and MPAs cannot permanently delete Shared Users Exostar SAM Platform accounts.
2. Access the Administration tab on the Exostar SAM Platform portal.
3. Click View Users, and use filters to narrow your search. Click Search.
4. Click the User ID to access the user’s profile information.
5. Scroll down to the Application Settings, and click one of these buttons: Suspend User Access or Delete User. A confirmation page will display.
NOTE: Sponsor Managed Organization Administrators and MPAs cannot permanently delete Shared Users Exostar SAM Platform accounts.
Manage Application Access
To subscribe my company to a new application:
To subscribe your organization to an application, complete the steps below:
1. Log into Exostar SAM Platform at https://secureaccess.exostar.com.
2. Access the Administration tab on the Exostar SAM Platform portal, and click the Subscribe to Application link on the left.
3. Complete the Administrator Information page, or select an existing administrator from the drop down list. Click Next.
4. Confirm the administrator selection and information. Click Next, you will receive a confirmation with a reference number.
Please note most applications in SAM require an invitation. If you do not see the desired application, contact Exostar’s Customer Support.
1. Log into Exostar SAM Platform at https://secureaccess.exostar.com.
2. Access the Administration tab on the Exostar SAM Platform portal, and click the Subscribe to Application link on the left.
3. Complete the Administrator Information page, or select an existing administrator from the drop down list. Click Next.
4. Confirm the administrator selection and information. Click Next, you will receive a confirmation with a reference number.
Please note most applications in SAM require an invitation. If you do not see the desired application, contact Exostar’s Customer Support.
To suspend, edit, and reactivate application access for users:
1. Log into Exostar SAM Platform at https://secureaccess.exostar.com.
2. Access the Administration tab on the Exostar SAM Platform portal.
3. Click View Users, and use filters to narrow your search. Click Search.
4. Click the User ID to access the user’s profile information.
5. Scroll down to the Application Settings. Click Suspend next to the appropriate application to suspend access to it. Click Edit to modify the subscription period for the application.
6. Click Continue. A confirmation page displays. The user status changes to Inactive.
7. Return to the user’s profile page. The Application Settings section shows the user’s status as Suspended. To reinstate access to the application, click Activate. A confirmation page displays.
NOTE: Sponsor Managed Organization Administrators and MPAs cannot suspend, edit, or reactivate non-sponsored applications on Shared Users Exostar SAM Platform accounts. However, Service Provider Administrators can suspend, reactivate, or edit access.
2. Access the Administration tab on the Exostar SAM Platform portal.
3. Click View Users, and use filters to narrow your search. Click Search.
4. Click the User ID to access the user’s profile information.
5. Scroll down to the Application Settings. Click Suspend next to the appropriate application to suspend access to it. Click Edit to modify the subscription period for the application.
6. Click Continue. A confirmation page displays. The user status changes to Inactive.
7. Return to the user’s profile page. The Application Settings section shows the user’s status as Suspended. To reinstate access to the application, click Activate. A confirmation page displays.
NOTE: Sponsor Managed Organization Administrators and MPAs cannot suspend, edit, or reactivate non-sponsored applications on Shared Users Exostar SAM Platform accounts. However, Service Provider Administrators can suspend, reactivate, or edit access.
Manage Users and Access in Batch
To upload multiple users simultaneously (in batch):
To complete a batch action, download and fill out our SAM User Upload Template. For the template instructions, consult the SAM Administrator Guide (appendix A). Create a CSV file that contains user and organization information. When applicable, include the R-IDP User ID. R-IDP provisions enterprise users directly, using enterprise credentials. Follow the steps below to add users via the User Upload link:
1. Log into the Exostar SAM Platform at https://secureaccess.exostar.com.
2. Navigate to the Administration tab, and click the User Upload link.
3. Click Pick a file. Navigate and select the desired file. Click Upload.
4. Using the drop-down menu, select the Onboarding Sponsor.
NOTE: The selection affects the branding, help links, and content specific to that sponsor.
5. After selecting the file and onboarding sponsor, click Validate. The system examines the file. If the system detects errors, they display on the screen, marked with a red X. User information with errors will not be processed. Please correct the errors, and re-upload the file.
6. Click Commit to upload the users. The system creates new accounts, and sends emails to users informing them about their new SAM accounts.
1. Log into the Exostar SAM Platform at https://secureaccess.exostar.com.
2. Navigate to the Administration tab, and click the User Upload link.
3. Click Pick a file. Navigate and select the desired file. Click Upload.
4. Using the drop-down menu, select the Onboarding Sponsor.
NOTE: The selection affects the branding, help links, and content specific to that sponsor.
5. After selecting the file and onboarding sponsor, click Validate. The system examines the file. If the system detects errors, they display on the screen, marked with a red X. User information with errors will not be processed. Please correct the errors, and re-upload the file.
6. Click Commit to upload the users. The system creates new accounts, and sends emails to users informing them about their new SAM accounts.
Batch users created with “Defer Email” option:
If users are created with the Defer E-emails option enabled, no first time login emails are sent to these users. Depending on what type of user is created in the .CSV file (username/password vs. SSO user), there are two options to enable the users:
1. Username/Password users: Use the Resend Activation Email link from within the user profile, or use the Batch Activation Email option to resend the activation email to multiple users.
2. SSO/Federated/EAG users: There is no option to retrigger login emails for SSO users. Instead, instruct the users to go to the Exostar SAM Platform Login Page: https://secureaccess.exostar.com, and enter their email address or User ID. Exostar SAM Platform will then link the user to the proper R-IDP.
If the R-IDP User ID is specified for the user, the system shall link that user to the organization’s R-IDP using the specified R-IDP User ID. Instruct the user to go to the Exostar SAM Platform Login page and enter their email address or user ID. User not uploaded with an R-IDP ID will receive the Account Activation email.
1. Username/Password users: Use the Resend Activation Email link from within the user profile, or use the Batch Activation Email option to resend the activation email to multiple users.
2. SSO/Federated/EAG users: There is no option to retrigger login emails for SSO users. Instead, instruct the users to go to the Exostar SAM Platform Login Page: https://secureaccess.exostar.com, and enter their email address or User ID. Exostar SAM Platform will then link the user to the proper R-IDP.
If the R-IDP User ID is specified for the user, the system shall link that user to the organization’s R-IDP using the specified R-IDP User ID. Instruct the user to go to the Exostar SAM Platform Login page and enter their email address or user ID. User not uploaded with an R-IDP ID will receive the Account Activation email.
To subscribe multiple users to an application (in batch):
Org Admins may choose to provision existing user accounts to a specific application in batch, using the Batch Subscription function. To complete this batch action, fill out the Batch Subscription Template. For the template instructions, consult the SAM Administrator Guide (appendix C). Fill out the template, and follow the steps below to complete this batch operation:
1. Log into Exostar SAM Platform at https://secureaccess.exostar.com.
2. Access the Administration tab on the Exostar SAM Platform portal, and click the Batch Subscription link on the left.
3. Click Pick a file to locate the correct file. Click Upload to upload the file
4. Select the application. Click Validate to proceed.
5. A confirmation message will display. Click Commit to load user subscriptions.
NOTE: If users have a green check-mark next to their name, it means they were granted access. Users with the red X mark next to their name were not processed due to errors: review the list of errors, and correct them to complete the upload.
1. Log into Exostar SAM Platform at https://secureaccess.exostar.com.
2. Access the Administration tab on the Exostar SAM Platform portal, and click the Batch Subscription link on the left.
3. Click Pick a file to locate the correct file. Click Upload to upload the file
4. Select the application. Click Validate to proceed.
5. A confirmation message will display. Click Commit to load user subscriptions.
NOTE: If users have a green check-mark next to their name, it means they were granted access. Users with the red X mark next to their name were not processed due to errors: review the list of errors, and correct them to complete the upload.
To batch-resend activation emails to inactive users:
If there are multiple inactive users, Org Admins can reset their accounts by clicking the Batch Activation Email link. To complete this action, download and fill out the Batch Activation Email Template. Review the SAM Administrator Guide (Appendix D) for the instructions on this template. Upload the CSV file containing user UPNs (UserID@fis.evincible.com) to reset inactive accounts in bulk. Follow the steps below to complete this action:
1. Log into Exostar SAM Platform at https://secureaccess.exostar.com.
2. Access the Administration tab on the Exostar SAM Platform portal, and click the Batch Activation Email link on the left.
3. Click Pick a file to locate the file containing user information. Click Upload to upload the file.
4. Click Validate to proceed.
5. A confirmation message displays. Click Commit to complete the reset.
1. Log into Exostar SAM Platform at https://secureaccess.exostar.com.
2. Access the Administration tab on the Exostar SAM Platform portal, and click the Batch Activation Email link on the left.
3. Click Pick a file to locate the file containing user information. Click Upload to upload the file.
4. Click Validate to proceed.
5. A confirmation message displays. Click Commit to complete the reset.
Reset Passwords
To reset a user’s permanent password or security questions:
1. Log into Exostar SAM Platform at https://secureaccess.exostar.com.
2. Access the Administration tab on the Exostar SAM Platform portal.
3. Click View Users, and use filters to narrow your search. Click Search.
4. Click the User ID to access the user’s profile information.
5. To reset the user’s permanent password, click Reset Permanent Password. Click Reset Security Question to reset the user’s security question.
The user receives an email with instructions on how to reset the permanent password and security questions.
NOTE: Please be advised once a user becomes a Shared User, Sponsor Managed Org Admins and MPAs is unable to reset their password. SP Administrators can reset permanent password or resend the activation email.
2. Access the Administration tab on the Exostar SAM Platform portal.
3. Click View Users, and use filters to narrow your search. Click Search.
4. Click the User ID to access the user’s profile information.
5. To reset the user’s permanent password, click Reset Permanent Password. Click Reset Security Question to reset the user’s security question.
The user receives an email with instructions on how to reset the permanent password and security questions.
NOTE: Please be advised once a user becomes a Shared User, Sponsor Managed Org Admins and MPAs is unable to reset their password. SP Administrators can reset permanent password or resend the activation email.
Manage Organization Details
To update my company’s allowed email domain(s):
Org Admins can define allowed email domains for their company. If this filter is set, all existing users will need to conform to this standard. To define allowed domains for your company’s users, complete the steps below:
1. Log into Exostar SAM Platform at https://secureaccess.exostar.com.
2. Access the Administration tab on the Exostar SAM Platform portal, and click the Update Organization link on the left.
3. Enter email domains permitted for automatic provisioning (for example: exostar.org). Click Submit.
4. If any existing users do not comply with the allowed email domains, you receive an error message. Correct the list of domains to include all current user domains, or modify user emails to comply with the new restriction.
5. Click Submit.
1. Log into Exostar SAM Platform at https://secureaccess.exostar.com.
2. Access the Administration tab on the Exostar SAM Platform portal, and click the Update Organization link on the left.
3. Enter email domains permitted for automatic provisioning (for example: exostar.org). Click Submit.
4. If any existing users do not comply with the allowed email domains, you receive an error message. Correct the list of domains to include all current user domains, or modify user emails to comply with the new restriction.
5. Click Submit.