Secure Login to SCP
As cyber threats against the Aerospace and Defense industry continue to intensify in frequency and sophistication, our industry is focused on increased protection of our infrastructures. To address security concerns head-on, Exostar and our customers are adding a 2-Factor Authentication (2FA) for more secure login to our online websites and applications. This secure login requirement applies to all users that log into Exostar for the Supply Chain Platform applications.
The secure login includes adding a second factor of authentication to your current login ID and password. This second factor (or access code) will be sent to your phone or presented to you on a token. The access code is sometimes referred to as a 'one time password' or 'OTP' because the code is used once and then you will use a different code the next time that you login.
To activate your secure login, you will receive an email from Exostar. The email will tell you which login process or upgrade you need and the pricing. The decision on which login process you need is based on the customers that you work with through Exostar. The instructions will be provided as a link from the email. You may receive an email that indicates you are already set up for the necessary level of security and that you have no actions.
We greatly appreciate your cooperation in making security a priority.
Most Supply Chain Products require Two-Factor Authentication for access. Each SCP Hub has minimum 2FA requirements for access. The following Two-Factor Authentication credentials are accepted by SCP applications:
|User ID and Password||1|
|Basic Level of Assurance (BLOA) Software||2|
|Basic Level of Assurance (BLOA) Secure Email||2|
|One Time Password Hardware Token||2|
|Phone One Time Password||2|
|One Time Password Hardware Token with Proofing||3|
|FIS Medium Level of Assurance (MLOA) Software||3|
|FIS Medium Level of Assurance (MLOA) Hardware||4|
|DoD CAC Card||4|
|NGC One Badge||2-4 (Dependent on Application Owner)|
|Enterprise Access Gateway (EAG)||1-4 (Dependent on Application Owner Proofing Process)|
*Please note that the higher the level, the stronger the credential strength.
The table below lists each SCP Hub, the minimum credential required for login and all levels of acceptable 2FA credentials.
Minimum Credential Required
All Acceptable Credentials
|SCP-BAE||User ID and Password||Level 1-4|
|BSCP/787 SCMP||One Time Password Hardware Token with Proofing||Level 3-4|
|Embraer SCP||User ID and Password||Level 1-4|
|SCP-NNS||FIS Medium Level of Assurance (MLOA) Hardware||Level 4 (Hardware)|
|Raytheon SCP||Phone One Time Password||Level 2-4|
|Rolls-Royce SCP||Basic Level of Assurance (BLOA) Software||Level 2-4|
With the Account Connections feature in Exostar’s IAM Platform (formerly known as MAG), users can connect multiple accounts in order to leverage credentials of one account to access applications associated with another account. Once connections are complete, you can use the parent account’s credentials to complete login.
Accounts are connected in a Parent-Child hierarchy. Child accounts may be connected to the parent account.
Account Connections Requirements
To connect a child account, your account must meet the following rules for eligibility:
- First Name, Last Name, and Email Address must be the same in all accounts.
- Child accounts cannot have any issued credentials (e.g. FIS Certificates, Third Party Credentials such as a CAC Card, NGC OneBadge, OTP Hardware Tokens, Phone OTP, Mobile ID, etc.) active on the account.
- Child accounts cannot have US Person Attestation.
NOTE: If you faxed Exostar a notarized US Person Attestation, please contact Exostar Customer Support to remove this attestation from the child account.
Step 1. Go to https://portal.exostar.com to complete login.
Step 2. Click the My Account tab, then Connect Accounts.
Step 3. Under the Connect Accounts section, accounts eligible for connection display.
Step 4. Click the account you want to connect. You are required to enter the password for that account. Click Connect Account.
Step 5. The account is successfully connected. You can log into your Exostar Identity and Access Management Platform (MAG) account with your parent account.
NOTE: You are unable to login with your connected child account once the accounts are connected.
Step 1. From the Connect Accounts sub-tab, locate the account you want to disconnect.
Step 2. Click Disconnect. You receive a pop-up notification to verify you want to continue. Click OK.
Step 3. The account is disconnected. You can login using the disconnected child account. You can no longer leverage the credential connected to the parent account.
Phone OTP allows you to register your mobile telephone or land-line telephone to receive one-time passwords via text or voice. Phone OTP is used in combination with your Exostar IAM Platform (MAG) user ID and password. Click here to purchase. For information on how to activate, click here.
One Time Password (OTP) Hardware Tokens generate random single-use password on a physical token each time you log into Exostar's IAM Platform (MAG) to access an application. The OTP Hardware Token is used in combination with your Exostar IAM Platform (MAG) user ID and password. Click here to purchase. For information on how to activate, click here.
Identity Proofing is the process of verifying your identity with Exostar by either answering credit bureau-based questions, or undergoing live video proofing with a proofing agent via webcam.
IMPORTANT! Before completing a purchase, ensure you are purchasing the correct OTP product with or without proofing. During the purchase process, you are required to select the partner that you are doing business with. Acceptable credentials will display for purchase. If you are doing business with multiple partners, we recommend purchasing FIS Medium Level of Assurance Hardware Digital Certificates. If you need to transfer proofing, click here. If you are unsure of the credential requirement for the application you are accessing, please contact Exostar Customer Support.