Exostar uses the One-Time Password (OTP) technology to ensure only authorized users can access applications hosted in Secure Access Manager (SAM). SAM supports three OTP types: Hardware Token, Phone OTP, and Exostar Mobile ID.
After the OTP is activated, you start receiving text or voice messages with OTP codes to your mobile or landline phone, application, or hardware token. OTPs can be used for a single login only, and they expire within a minute or two. To setup and manage an OTP in your SAM account, follow the steps below based on the OTP type you have.
OTP Hardware Token
To activate your OTP Hardware Token:
1. Log into the Exostar SAM Platform at https://secureaccess.exostar.com.
2. Click Register to register a new device to your account. Choose OTP Hardware, enter your address, and click Submit.
3. You will receive a confirmation screen stating your registration request is pending approval. Once approved, you receive an email with instructions on how to register your OTP Hardware Token.
2. Click Register to register a new device to your account. Choose OTP Hardware, enter your address, and click Submit.
3. You will receive a confirmation screen stating your registration request is pending approval. Once approved, you receive an email with instructions on how to register your OTP Hardware Token.
To login with your OTP Hardware Token:
1. Log into your SAM account at https://secureaccess.exostar.com using User ID/Email and Password.
2. Navigate to My Account, and click the OTP link in the left-hand menu.
3. Click Elevate.
4. The OTP Authentication page displays. Enter the One-Time Password code displayed on your token in the One-Time Password field.
5. Click Authenticate. You are authenticated with your OTP Hardware token. The credential strength (upper, right corner) displays Hardware OTP.
2. Navigate to My Account, and click the OTP link in the left-hand menu.
3. Click Elevate.
4. The OTP Authentication page displays. Enter the One-Time Password code displayed on your token in the One-Time Password field.
5. Click Authenticate. You are authenticated with your OTP Hardware token. The credential strength (upper, right corner) displays Hardware OTP.
Phone OTP
To activate your Phone OTP:
1. Log into your SAM account at https://secureaccess.exostar.com, with you User ID/Email and Password.
2. Navigate to My Account, and click the OTP link in the left-hand menu.
3. Click Register to register a new device to your account. Select Phone OTP, and click Submit.
4. Enter user information, select the Country, and click Next.
5. Select Delivery Method (text message or voice message) and Country. Enter the phone number in the Enter and Confirm Phone Number fields.
Click Send Code. You will receive a verification code via your selected delivery method.
7. Enter the received code in the Verification Code field. Click Submit.
8. A successful registration message displays. Click Complete.
2. Navigate to My Account, and click the OTP link in the left-hand menu.
3. Click Register to register a new device to your account. Select Phone OTP, and click Submit.
4. Enter user information, select the Country, and click Next.
5. Select Delivery Method (text message or voice message) and Country. Enter the phone number in the Enter and Confirm Phone Number fields.
Click Send Code. You will receive a verification code via your selected delivery method.
7. Enter the received code in the Verification Code field. Click Submit.
8. A successful registration message displays. Click Complete.
To login with your Phone OTP:
1. Log into your SAM account at https://secureaccess.exostar.com using User ID/Email and Password.
2. Navigate to My Account, and click the OTP link in the left-hand menu.
3. Click Elevate.
4. The phone number and delivery method default. Click Send.
5. Receive the authentication code via your selected delivery method, and enter the code you receive in the OTP Code field. Click Submit.
6. You are now logged in with your Phone OTP credential. The credential strength (upper, right corner) displays Phone OTP.
2. Navigate to My Account, and click the OTP link in the left-hand menu.
3. Click Elevate.
4. The phone number and delivery method default. Click Send.
5. Receive the authentication code via your selected delivery method, and enter the code you receive in the OTP Code field. Click Submit.
6. You are now logged in with your Phone OTP credential. The credential strength (upper, right corner) displays Phone OTP.
Exostar Mobile ID
To activate Exostar Mobile ID (with Proofing):
1. If you completed Experian Proofing and successfully answered questions, select country and mobile phone number. Click Register Phone. If you successfully completed Webcam Proofing, log into your SAM account.
2. Click My Account, then OTP. Enter the proofing activation code provided to you by the Proofing Agent. Click Continue. Do not discard your proofing activation code until you successfully registered your credential.
3. Install Authy™ on your mobile device. This can be found on the app store.
4. Select and complete required fields. Click Register Phone.
5. View the push notification on Authy™ app from your mobile device to approve or deny. If this is unsuccessful, obtain a token ID from the app. Click the X to cancel One Touch. Enter the token ID that displays in the Authy™ app in the Soft OTP field in SAM.
6. Click Submit. Your Exostar Mobile ID is now active.
2. Click My Account, then OTP. Enter the proofing activation code provided to you by the Proofing Agent. Click Continue. Do not discard your proofing activation code until you successfully registered your credential.
3. Install Authy™ on your mobile device. This can be found on the app store.
4. Select and complete required fields. Click Register Phone.
5. View the push notification on Authy™ app from your mobile device to approve or deny. If this is unsuccessful, obtain a token ID from the app. Click the X to cancel One Touch. Enter the token ID that displays in the Authy™ app in the Soft OTP field in SAM.
6. Click Submit. Your Exostar Mobile ID is now active.
To activate Exostar Mobile ID (without Proofing):
1. Log into the Exostar SAM Platform at https://secureaccess.exostar.com.
2. Navigate to the My Account tab, and click OTP.
3. Click Register and select Mobile ID. Click Submit.
4. Confirm your profile. Ensure your name matches the legal name as displayed on your legal documentation. Select the country where you live. If you live in the USA but do not have a social security number, select your country of citizenship. Click Next.
5. Install Authy™ on your mobile device (this can be found on the app store).
6. Complete all required fields. Click Register Phone.
7. View the push notification on the Authy™ app from your mobile device to approve or deny. If this is unsuccessful, obtain a token ID from the app. Click the X to cancel One Touch. Enter the token ID that displays in the Authy™ app in the Soft OTP field in SAM.
8. Click Submit. Your Exostar Mobile ID is now active.
2. Navigate to the My Account tab, and click OTP.
3. Click Register and select Mobile ID. Click Submit.
4. Confirm your profile. Ensure your name matches the legal name as displayed on your legal documentation. Select the country where you live. If you live in the USA but do not have a social security number, select your country of citizenship. Click Next.
5. Install Authy™ on your mobile device (this can be found on the app store).
6. Complete all required fields. Click Register Phone.
7. View the push notification on the Authy™ app from your mobile device to approve or deny. If this is unsuccessful, obtain a token ID from the app. Click the X to cancel One Touch. Enter the token ID that displays in the Authy™ app in the Soft OTP field in SAM.
8. Click Submit. Your Exostar Mobile ID is now active.
To login with your Exostar Mobile ID:
1. Log into your SAM account at https://secureaccess.exostar.com using your User ID/Email and Password.
2. Navigate to My Account, and click the OTP link in the left-hand menu.
3. Click Elevate.
4. To approve with One Touch, click Approve from the push notification received via your mobile device.
5. If One Touch is not working or you want to enter the token ID manually, click X.
6. Enter the code that displays in the Authy™ app on your mobile device in the Soft OTP field. Click Submit.
7. You are now authenticated with your Exostar Mobile ID credential. The credential strength (upper, right corner) displays Mobile ID.
2. Navigate to My Account, and click the OTP link in the left-hand menu.
3. Click Elevate.
4. To approve with One Touch, click Approve from the push notification received via your mobile device.
5. If One Touch is not working or you want to enter the token ID manually, click X.
6. Enter the code that displays in the Authy™ app on your mobile device in the Soft OTP field. Click Submit.
7. You are now authenticated with your Exostar Mobile ID credential. The credential strength (upper, right corner) displays Mobile ID.
Manage OTP
After you activate your OTP credential type you can manage, elevate, or deactivate it under My Account tab, then select the Manage OTP sub-tab. Follow the steps below to make changes to your OTP:
Manage Button:
Use the Manage button to complete the following tasks:
– Register additional phone numbers
– Delete inactive phone numbers from your account
– Revoke credential
NOTES:
– Registering additional phone numbers allows you to have an alternative device in case you lose access to your primary phone. If you do not register an additional phone number and lose access to the initial phone number, you must complete identity proofing again and register a new phone.
– Revoking is a permanent and irreversible action. If you revoke your credential, you are required to register a new credential to your account. If your credential included the identity proofing upgrade, you must complete identity proofing again, if you are using Phone OTP and did not register additional phones, OTP Hardware, or Exostar Mobile ID.
– Register additional phone numbers
– Delete inactive phone numbers from your account
– Revoke credential
NOTES:
– Registering additional phone numbers allows you to have an alternative device in case you lose access to your primary phone. If you do not register an additional phone number and lose access to the initial phone number, you must complete identity proofing again and register a new phone.
– Revoking is a permanent and irreversible action. If you revoke your credential, you are required to register a new credential to your account. If your credential included the identity proofing upgrade, you must complete identity proofing again, if you are using Phone OTP and did not register additional phones, OTP Hardware, or Exostar Mobile ID.
Elevate Button:
Use the Elevate button to elevate your credential strength from User ID and Password to OTP. Use this option if you are logged into SAM and would like to access protected applications during the same session and without logging out. To elevate, click Elevate. Follow the prompts, and click Next. The credential strength in the upper right corner displays your credential (it should no longer say “username and password”).
Deactivate Button:
The Deactivate button removes the credential and devices from your account.
Please note Deactivate is a permanent and irreversible action. If you deactivate your credential, you are required to register a new credential to your account. If your credential included the identity proofing upgrade, you must complete identity proofing again.
Please note Deactivate is a permanent and irreversible action. If you deactivate your credential, you are required to register a new credential to your account. If your credential included the identity proofing upgrade, you must complete identity proofing again.
