Downloadable User Guides
FAQs
What FIDO protocols does Exostar support?
Exostar supports FIDO2 and U2F.
What is FIDO2?
FIDO2 is the latest evolution of the FIDO standards that enables secure, phishing-resistant, and password-less authentication using public key cryptography through authenticators such as biometrics, hardware security keys, or platform devices.
What is a passkey?
Passkeys are a user-friendly implementation of the FIDO2 standard — essentially FIDO credentials designed to sync across a user’s devices via cloud services (like iCloud Keychain or Google Password Manager).
What Are FIDO Authenticators?
FIDO authenticators are hardware or software-based devices that allow users to authenticate securely using cryptographic keys.
What if I’d like to use an authenticator not currently supported by Exostar?
When a new FIDO Authenticator is added to FIDO Alliance and is not included in the Exostar Approved FIDO Authenticator List, you can request to add the authenticator to the Exostar list by:
1. Create a Customer Support ticket with the Subject: Add new FIDO Authenticator.
2. Include the AAUID.
3. Include the following expected properties and the corresponding values to enforce on the new authenticator:
– NIST Assurance Level
– FIPS 140-2/3 Validation
– Passkey protection
– Passkey Storage location
– FIDO Alliance Certification Level
– Attestation
Exostar will evaluate and confirm compliance and proceed to add to the Exostar Assurance levels for FIDO Authenticators.
IMPORTANT! This process could take up to a week to complete.
1. Create a Customer Support ticket with the Subject: Add new FIDO Authenticator.
2. Include the AAUID.
3. Include the following expected properties and the corresponding values to enforce on the new authenticator:
– NIST Assurance Level
– FIPS 140-2/3 Validation
– Passkey protection
– Passkey Storage location
– FIDO Alliance Certification Level
– Attestation
Exostar will evaluate and confirm compliance and proceed to add to the Exostar Assurance levels for FIDO Authenticators.
IMPORTANT! This process could take up to a week to complete.
Can I purchase a hardware key directly from Exostar?
No, you cannot. Exostar does not currently offer hardware keys via the Web Store. Please see the Approved Authenticators article for acceptable vendors. Exostar is currently using a bring-your-own-device model.
IMPORTANT! You must still purchase the FIDO credential from Exostar’s web store, however, if you require a hardware key, that must be purchased separately.
IMPORTANT! You must still purchase the FIDO credential from Exostar’s web store, however, if you require a hardware key, that must be purchased separately.
Do I still need to login with my MAG User ID or Email Address and Password?
Yes, for the time being FIDO does not replace using your MAG password to access any applications. Once you successfully login to MAG with your User ID or Email Address and Password, you must elevate your credential strength via the Elevate button or once you click Launch on an application tile, the system will prompt for your FIDO login.
Why do I see an orange Get 2FA button instead of a green Launch button on my application tile?
This means you do not meet the authentication requirement and must complete a credential purchase and set-up.