Page tree




One Time Password (OTP) - SAM

Process Overview

Exostar uses the One-Time Password (OTP) technology to ensure only authorized users can access applications hosted in Secure Access Manager (SAM). SAM supports three OTP types: Hardware Token, Phone OTP, and Exostar Mobile ID. After the OTP is activated, you start receiving text or voice messages with OTP codes to your mobile or landline phone, application, or hardware token. OTPs can be used for a single login only, and they expire within a minute or two. To set up and manage an OTP in your SAM account, complete the following steps:

  • Activate OTP: To activate and register OTP to your SAM account.
  • Log in with OTP: Log into SAM with your OTP. While you can log into SAM with User ID and Password, bypassing the OTP step yields some applications inaccessible.
  • Manage OTP: Manage OTP-related tasks from the OTP link, located under the My Account tab in SAM.


Activate OTP 

Activate OTP Hardware Token

How can I activate my Hardware Token?

 Click here to view the steps.

Step 1.  Log into the Exostar SAM Platform at https://secureaccess.exostar.com.

Step 2.  Click Register to register a new device to your account. Choose OTP Hardware, enter your address, and click Submit.

Step 3.  You receive a confirmation screen stating your registration request is pending approval. Once approved, you receive an email with instructions on how to register your OTP Hardware Token.


Activate Phone OTP

How can I activate my Phone OTP?

 Click here to view the steps.

Complete the steps below to activate Phone OTP:

Step 1.  Log into your SAM account at https://secureaccess.exostar.com using User ID and Password.

Step 2.  Navigate to My Account, and click the OTP link in the left-hand menu.

Step 3.  Click Register to register a new device to your account. Select Phone OTP, and click Submit.

Step 4.  Enter user information, select the Country, and click Next.

Step 5.  Select Delivery Method (text message or voice message) and Country. Enter the phone number in the Enter and Confirm Phone Number fields. 

Step 6.  Click Send Code. You receive a verification code via your selected delivery method.

Step 7.  Enter the received code in the Verification Code field.

Step 8.  Click Submit.

Step 9.  The successful registration message displays. Click Complete.


Activate Exostar Mobile ID (with or without Proofing)

How can I activate my Exostar Mobile ID (with or without proofing)?

 Click here to view the steps.

Complete the steps below to activate Exostar Mobile ID with proofing:

Step 1.  If you completed Experian Proofing and successfully answered questions, select country and mobile phone number. Click Register Phone. If you successfully completed Webcam Proofing, log into your SAM account.

Step 2.  Click My Account, then OTP. Enter the proofing activation code provided to you by the Proofing Agent. Click Continue. Do not discard your proofing activation code until you successfully registered your credential.

Step 3.  Install Authy™ on your mobile device. This can be found on the app store.

Step 4.  Select and complete required fields. Click Register Phone.

Step 5.  View the push notification on Authy app from your mobile device to approve or deny. If this is unsuccessful, obtain a token ID from the app. Click the X to cancel One Touch. Enter the token ID that displays in the Authy app in the Soft OTP field in SAM. 

Step 6.  Click Submit. Your Exostar Mobile ID is now active.


Complete the steps below to activate Exostar Mobile ID without proofing:

Step 1.  Log into the Exostar SAM Platform at https://secureaccess.exostar.com.  

Step 2.  Navigate to the My Account tab, and click OTP.

Step 3.  Click Register and select Mobile ID. Click Submit.

Step 4.  Confirm your profile. Ensure your name matches the legal name as displayed on your legal documentation. Select the country where you live. If you live in the USA but do not have a social security number, select your country of citizenship. Click Next.

Step 5.  Install Authy™ on your mobile device. This can be found on the app store.

Step 6.  Complete all required fields. Click Register Phone.

Step 7.  View the push notification on the Authy app from your mobile device to approve or deny. If this is unsuccessful, obtain a token ID from the app. Click the X to cancel One Touch. Enter the token ID that displays in the Authy app in the Soft OTP field in SAM. 

Step 8.  Click Submit. Your Exostar Mobile ID is now active.



Log in with OTP 

Log in with OTP Hardware Token

How can I log in with my OTP Hardware Token?

 Click here to view the steps.

Follow the steps below to log in with your OTP Hardware Token:

Step 1.  Log into your SAM account at https://secureaccess.exostar.com using User ID and Password.

Step 2.  Navigate to My Account, and click the OTP link in the left-hand menu.

Step 3.  Click Elevate.

Step 4.  The OTP Authentication page displays. Enter the One-Time Password code displayed on your token in the One-Time Password field. Click Authenticate.

You are authenticated with your OTP Hardware token. The credential strength (upper, right corner) displays Hardware OTP.


Log in with Phone OTP

How can I log in with my Phone OTP?

 Click here to view the steps.

Follow the steps below to log in with your Phone OTP:

Step 1.  Log into your SAM account at https://secureaccess.exostar.com using User ID and Password.

Step 2.  Navigate to My Account, and click the OTP link in the left-hand menu.

Step 3.  Click Elevate.

Step 4.  The phone number and delivery method default. Click Send

Step 5.  Receive the authentication code via your selected delivery method, and enter the code you receive in the OTP Code field. Click Submit.

You are now logged in with your Phone OTP credential. The credential strength (upper, right corner) displays Phone OTP


Log in with Exostar Mobile ID

How can I log in with my Exostar Mobile ID? 

 Click here to view the steps.

Follow the steps below to log in with your Exostar Mobile ID:

Step 1.  Log into your SAM account at https://secureaccess.exostar.com using User ID and Password.

Step 2.  Navigate to My Account, and click the OTP link in the left-hand menu.

Step 3.  Click Elevate.

Step 4.  To approve with One Touch, click Approve from the push notification received via your mobile device.

Step 5.  If One Touch is not working or you want to enter the token ID manually, click X.

Step 6.  Enter the code that displays in the Authy app on your mobile device in the Soft OTP field. Click Submit.

You are authenticated with your Exostar Mobile ID credential. The credential strength (upper, right corner) displays Mobile ID.



Manage OTP 

After activation, you can manage, elevate, or deactivate your OTP credential from the OTP link, located under the My Account tab:



Manage Button

What actions are available under the Manage Button? 

 Click here to view the answer.

Use the Manage button to complete the following tasks:

  • Register additional phone numbers
  • Delete inactive phone numbers from your account
  • Revoke credential


  • Registering additional phone numbers allows you to have an alternative device in case you lose access to your primary phone.  If you do not register an additional phone number and lose access to the initial phone number, you must complete identity proofing again and register a new phone.
  • Please note revoking is a permanent and irreversible action.  If you revoke your credential, you are required to register a new credential to your account.  If your credential included the identity proofing upgrade, you must complete identity proofing again, if you are using Phone OTP and did not register additional phones, OTP Hardware, or Exostar Mobile ID.


Elevate Button

What actions are available under the Elevate Button?

 Click here to view the answer.

Use the Elevate button to elevate your credential strength from User ID and Password to OTP. Use this option if you are logged into SAM and would like to access protected applications during the same session and without logging out. To elevate, click Elevate. Follow the prompts, and click Next. The credential strength in the upper right corner displays your credential (it should no longer say “username and password”).


Deactivate Button

What actions are available under the Deactivate Button?

 Click here to view the answer.

The Deactivate button removes the credential and devices from your account. Please note Deactivate is a permanent and irreversible action.  If you deactivate your credential, you are required to register a new credential to your account.  If your credential included the identity proofing upgrade, you must complete identity proofing again.


Questions?
Check out our OTP FAQs page for tips and solutions.  

How useful was this content?

Your Rating: Results: 1 Star2 Star3 Star4 Star5 Star 12 rates