Welcome to US Department of Defense page! On this page you will find:
– A list of services and applications Exostar provides for US DoD and their partners
– Accepted credentials for US DoD applications
– Links to learn more about the applications and how to access them
Exostar Services
Exostar provides the following services to DoD, click on an application below to learn more.
Get Started
Access Requirements: In order to access the DoD system, you must have an Exostar’s Managed Access Gateway (MAG), as well as purchase and set-up a Medium Level of Assurance (MLOA) Hardware Token. Please see the complete application access instructions below.
IMPORTANT NOTE: the name listed in your MAG user account MUST match the name listed on the identification documentation you use for the in-person proofing appointment.
Step 1. Register
In order to access the DOD system, you must receive an email invitation from your partner. Locate that email to begin the account registration process.
2. Your browser displays a Get started with Exostar dialogue box. Click the GET STARTED button.
3. On the Complete the following information page, review the data for accuracy and input any missing fields. Select your Organization Headquarters Location from the country drop-down menu. Click Next.
A confirmation message displays account registration details and further instructions to be on the look-out for an account activation email.
Step 2. Activate
Once Exostar approves your organization registration, you receive an account activation email. Please review all information provided in the email, paying special attention to your Account Details and User ID.
IMPORTANT: Since you received and accepted the invitation, you are automatically designated as the Organization Administrator for your company. For more information on your administrative responsibilities, please see the MAG Organization Administrator page.
Exostar offers a monthly MAG Administration Webinar that provides information and instructions on administrative responsibilities. Please see the MAG Webinars page for available dates and registration information.
2. Review the Password Policy. Input and confirm your permanent Password. Click Next.
NOTE: Your Email Address/User ID and Password are used for all subsequent MAG logins.
3. Review the information on the screen concerning your security questions. Select and answer your Security Questions. Click Next to open the MAG Dashboard.
Step 3. Terms and Conditions
Once you successfully activate your MAG account, you must accept and pending Terms and Conditions. To accept, you must have the Organization Administrator or applicable Application Administrator role. Access to applications are not possible for any users in your organization until Terms and Conditions are accepted.
NOTE: If the tile says Pending Terms, you do not have permissions to accept and must contact your Organization Administrator or Application Administration.
2. Click Continue to view the applicable Terms and Conditions.
3. Review the Terms and Conditions. Check the box for I have read and agree to these terms and conditions. Click Next to complete the process.
Step 4. Purchase
Now that you have successfully set-up your MAG organization and user account, you must complete a Medium Level of Assurance (MLOA) Hardware Token purchase via Exostar’s Web Store. Please note, you can purchase one-year or three-year token option.
Please note the start date for your MLOA Hardware token is the day you download your certificate, not the day you purchase the token.
2. Select View in the Billing and Support section, located at the bottom of the MAG Dashboard
3. Select the Exostar Web Store – Home Page tab.
4. In the FIS Medium Level of Assurance (MLOA) – Hardware section, select the purchase now link.
5. Locate the desired token option: PKI Certificate: MLOA One-Year with Hardware/Token or PKI Certificate: MLOA Three-Year with Hardware/Token. Select the applicable radio button: Buy PKI token For Yourself or Buy PKI token for Other(s).
6. Select from the Country drop down menu. Click the Add to Cart button.
7. Review your cart. Click the Proceed to Checkout button.
6. You are redirected to the Shipping Method page. Ship to end user is the only option available and is already selected. Click Continue.
7. On the Payment Information page, select to pay via credit card or invoice. Fill out all required information. Click Continue.
NOTE: The invoice option requires you complete payment before receiving any product.
8. On the Review and Submit Your Order page, click the Disclaimer link and review the information. Once you complete your review, select the checkbox next to I have read and acknowledged the following Disclaimer prior to purchase.
9. Click Submit Order.
NOTE: A confirmation page displays, providing your Sales Order Number (SO#####).
Step 5. Request Access & Complete Proofing
Once you successfully complete your purchase and payment, you must request Federated Identity Service (FIS) access via your MAG user account and complete your in-person proofing appointment.
NOTE: once you request access, an Exostar Trusted Agent will dispatch your proofing request, and a Certified Proofer will contact you to set-up an appointment. Once you complete a successful proofing appointment, the proofer provides a 16-digit passcode, required for the download process. This passcode cannot be retrieved if you lose it. For more information on the proofing process, please see the In-Person Proofing Resource page.
2. In the My 2FA Credentials section of the MAG Dashboard, click the Request Access link under Federated Identity Service. This is located in the bottom, right corner of My 2FA.
3. On the Request Access screen, complete the FIS Certificate Information section.
NOTE: This information MUST match the purchase you completed, so pay special attention to Certificate Type and Validity Period.
4. Review the User Information section. Click Next.
NOTE: Once you request access, your organization’s FIS Application Administrator must approve the request, which then routes to Exostar’s system. You can view the status of your request in your MAG account. Once Exostar reviews your request for accuracy from the purchase you completed, an Exostar Trusted Agent will dispatch your in-person proofing request.
5. Schedule the proofing appointment with a Certified Proofer and complete the appointment.
NOTE: The proofer provides the 16-digit passcode required to complete the certificate download process after you complete a successful proofing appointment. If you misplace this passcode, it cannot be retrieved, which could result in a reproofing cost.
Once the proofer faxes Exostar the complete proofing packet, an Exostar Trusted Agent reviews the packet for accuracy and requests any possible updates. Once your packet it approved, you receive an email notification prompting you to download your certificates.
Step 6. Download Certificates
To download the MLOA hardware certificates, complete the following tasks:
- Acquire the appropriate token. Exostar ships your token via FedEx once you schedule your proofing appointment. If you have not received your token, reach out to Customer Support.
- Install the token PKI Client middleware on your machine. Contact your token vendor for appropriate information, or your IT Support for organization specific information.
- Initialize the token in FIPS 140-2 mode. For more information on how to check for FIPS mode, refer to the Hardware Token FIPS Mode Review section below for details.
- Ensure you have been provided the initial token password to enable you to complete token installation. Contact your vendor to receive the initial password. You are required to enter a password for this token during the certificate download process.
- Complete the in-person proofing process and receive the 16-digit passcode from the proofing agent at the end of your appointment. If you lose this passcode, you are required to complete a reproofing purchase, and go through the in-person proofing process again.
1. If you completed the initial password change process for your token, plug the token into your USB drive. The eToken PKI Client Properties screen displays for the Aladdin eToken PRO (72K) Java. Click on View eToken Info to display the token details.
2. Scroll through the list, and search for FIPS Mode and Supported Key Size under the Name column. If the token does not display information on FIPS Mode, you must follow the steps below to initialize your token in the FIPS Mode.
NOTE: Make sure the Supported Key size is 2048. Any certificates on the token are invalid for FIPS 14-compliance. If you already have certificates installed on the tokens, re-initialize the token.
2. Select the Initialize eToken icon to display the initialize screen.
3. Click the Advance View icon on the PKI Client. If this button is unavailable, contact your IT Administrator or FISA (FIS Administrator) for additional information on how to set-up the token in the FIPS mode.
4. Check the box for FIPS mode, to set-up the FIS mode for the token. Click OK to complete.
5. On the Initialize eToken screen, click Start.
6. Select OK to start token initialization.
7. Once you successfully initialize your token, a confirmation screens displays. Click OK.
8. You are redirected to the PKI Client main screen. Select View eToken Info.
9. The FIPS Mode displays. Click OK.
2. Go to your My Account tab and then click the Manage Certificates sub-tab.
NOTE: The Download Certificates sub-tab is only visible under the Manage Certificates tab when you have an approved FIS request pending certificate download. If no certificates are available for download, this sub-tab does not display.
3. Enter your 16-digit passcode. At the time of in-person proofing appointment, the proofer provided you a passcode. This passcode is only valid after you receive a packet approval email from Exostar.
NOTES:
– The passcode is a 16-digit number separated by hyphens, for example: 1234-5678-1234-5678. You must enter all characters, including the hyphens, OR leave the hyphens out completely. The passcode is NOT the same as your Managed Access Gateway (MAG) log-in password.
– If you lose the passcode, you are required to complete a reproofing purchase and complete another in-person proofing appointment.
4. If your passcode is correct, a list of certificates to download displays. The system automatically selects all of them for download. Once selected, you are prompted to enter the hardware token password. Enter the token password and click OK.
5. Click OK. Certificates are created and archived.
NOTE: This activity allows Exostar to archive the encryption key for recovery at a later time. Refer to the Recover Encryption Keys section for details.
6. Once the archiving process is complete, click OK to complete the installation process.
7. You are prompted again for your token password. Enter your password, and click OK to import the certificates to your token.
8. Click OK to complete the process.
Step 7. Access
Once you successfully set-up your hardware token, you can now login using your credential to access the desired applications. To login:
1. Navigate to the MAG login page.
2. Select the Login Using Badge or Certificate link.
3. Input the token password you created during the download process.
4. Locate the desired application tile. Click Launch to open the application.