Exostar's Federated Identity Service (FIS) issues digital certificates for the following levels of assurance in compliance with the CertiPath (the PKI cross-certification bridge) policies:
NOTE: If you select the invoice option during purchase, you must complete payment prior to issuance of MLOA certificates.
Please review the steps listed below and expand each section for additional details:
Step 1. Register with Exostar
To obtain an FIS certificate, you must have an Exostar’s Managed Access Gateway (MAG) account. For more information on MAG access and credentials, please see Exostar's Managed Access Gateway (MAG) page.
- Click here to complete organization registration.
Once you register your organization account and user account, an FIS Administrator for your organization must accept the FIS Terms and Conditions in MAG. For more information about FIS Administrator responsibilities, please see the FIS Administration page.
Step 2. Complete Purchase
You must complete a certificate purchase from Exostar's Webstore before proceeding with requesting FIS access. Please see the Purchase BLOA page for instructions on completing Basic Level of Assurance purchases. and the Purchase MLOA page for instructions on completing Medium Level of Assurance purchases.
Step 3. Request FIS Access
With FIS now active for your organization, you must request the necessary certificate access for your user account. It is important to note, your organization must be subscribed to FIS MLOA Software or Hardware for users to request these certificates, otherwise, these options do not display during access request. If your organization is not subscribed at the appropriate assurance level, your Organization Administrator must upgrade the account. Please refer to the Upgrade FIS BLOA to FIS MLOA section on the Organization Administrators page for instructions.
To complete the self-registration process:
- Once you successfully login to MAG from your Dashboard. scroll to Applications section and click the Request Applications sub-tab.
- Find the Federated Identity Service (FIS) application and click Request Access button.
- Fill out all necessary information under the FIS Certificate Information section.
- Fill out all necessary information under the User Information section.
- Click Next to submit your request.
NOTE: A submission confirmation screen displays and you must wait for your FIS Administrator to approve your request.
Using Sponsor Codes
A user may receive sponsor codes via:
- Email/other notification from project partner
- Organization administrator/application administrator
- Sales Order for FIS (Federated Identity Service) new purchases, certificate renewals or reapply requests
Sponsor Codes are used to indicate why a user needs access to an application. This is NOT required information. If you did not receive the sponsor code via any of the channels above, you are not required to enter this information. If you have additional questions regarding sponsor codes, contact Exostar Customer Support with the following information in the description field:
- Application you wish to subscribe
- Project partner information
Project Partner refers to the organization that requires you to get access to the application. This could be your own organization as well. For example, you may need access to FIS MLOA Hardware certificates for NGC OASIS or a Rolls-Royce Global Supplier Portal project. Please enter your Sales Order # to prevent approval delays.
Step 4. Complete In-Person Proofing
This step ONLY applies to users who requested Medium Level of Assurance (MLOA) Hardware or Software, otherwise, Basic Level of Assurance (BLOA) users can proceed with certificate download. Please see the In-Person Proofing page for additional information on the proofing process and required documentation.
Please see the steps below as an overview of the proofing process:
- FIS Administrator approves your MLOA request.
- Exostar representative reviews request for purchase information and validation.
- Exostar representative dispatches your proofing request according to your location.
- A Trusted Agent contacts you to schedule your in-person proofing appointment.
- Complete in-person proofing. Trusted Agent provides your 16-digit passcode required for certificate download, and you receive your token in the mail (if MLOA Hardware).
- Exostar representative approves your Proofing Packet.
IMPORTANT: The Trusted Agent fills out your proofing packet during the in-person proofing appointment, and faxes the packet back to Exostar for review. If any updates are required, Exostar reaches out to the Trusted Agent.
Step 5. Certificate Download
For users that requested Basic Level of Assurance access, once your FIS Application Administrator approves your BLOA certificate request, you can complete certificate download. Please see the Basic Certificate Download page for download instructions.
For users that requested Medium Level of Assurance access, once Exostar approves your proofing packet and FIS request, you can complete the MLOA certificate download process. Please see the Medium Certificate Download page for download instructions.
Step 6. Token Installation
If you were approved for Medium Level Hardware Certificates, you must download your certificates to the physical token Exostar shipped to you. Please see the Medium Certificate Download page for detailed token installation instructions.
The Certificate Passcode is issued during the proofing process and is used for download and installation of the digital certificate. It is a one-time passcode assigned to a specific individual. If lost or forgotten, reissuance of the Certificate Passcode requires reproofing, in order to maintain the high assurance established when the passcode is assigned during the proofing event.
The hardware token is issued with a generic Token Password. Upon first use of your token, you are prompted to create your own, unique Token Password. During all subsequent uses of your token, you are required to enter your Token Password. If lost or forgotten, your Token Password cannot be reset. As with the Certificate Passcode, a Token Password reissuance requires reproofing.
|Passwords||Frequency of Use||Resettable Online?||Impact of Reset|
One Time/As Required
Certificate Passcode (issued by proofer)
Requires in-person proofing to be completed again; charged at Exostar standard rates.
Requires in-person proofing to be completed again; and a new certificate to be issued.
Both will be charged at Exostar standard rates.