Skip to main content
Sign in

Exostar - Manage Your One-Time Passcode Devices

Alex Vaughan
  • Updated

In order to transmit controlled substances, you must use a One Time Passcode (OTP) device to obtain a One Time Passcode. There are two device options: 

  1. Hardware Token – push the button on the device for the OTP. You will request a hardware token during Exostar registration.
  2. Authy App – manually enter the OTP or use Push Notification to approve request on your phone.
    While you are required to have only one passcode device, we strongly recommend that you have both passcode devices available for usage. You can manage your devices by accessing your account. Once accessed you have the option to add, remove or resync a device. This can be done independently of your EHR and NewCrop.

Your account is located on the Admin Tab of the NewCrop Screens under the link “Manage Your EPCS Account”:

  1. Log into your EHR and access the NewCrop screens.
  2. Once in NewCrop, go to the Admin Tab:
    1.png
  3. Click on the Manage Your EPCS Account:
    2.png
    OR click this link on the Exostar Registration Page:
    3.png

AUTHENTICATION INTO YOUR ACCOUNT

You will first need to authenticate into your account to access functions.  Click Authenticate and use the OTP method that you’ve chosen to authenticate. If the Authenticate buttons are grayed out, skip to the next step.

4.png

 

Hardware Token: To authenticate using the Hardware Token go to Manage Token and click Authenticate:

5.png

Enter the OTP from the Hardware Token and click Authenticate:

6.png

 

Authy App: To authenticate using the Authy app go to Manage Mobile Credential and click Authenticate. THE APP MUST BE INSTALLED ON A PHONE, NOT A TABLET OR DESKTOP.

7.png

Click the Red X to indicate that you’re ready to enter the OTP or approve via the Push Notification:

8.png

Enter the OTP from the App:

9.png

OR approve the Push Notification:

10.png

 

Text Message or Voice Call: To authenticate using either the text or voice call option go to Manage Phones and click Authenticate:

11.png

To receive a text message click Send:
(Change the dropdowns as appropriate for voice call or to use another number.)

12.png

Enter the OTP and click Submit:

13.png

 

MANAGING YOUR OTP DEVICES

Once you have authenticated into your account, you have access to all your OTP and authentication devices. You can add, remove or resync as necessary.

14.png

 

Hardware token

To add a Hardware Token to your account, click Add Token:

15.png

Enter the serial number from the back of the Hardware Token, click the button on the front and enter the first passcode you see. Wait 30 seconds and click again to enter the second passcode you see. Click Submit:

16.png

A Hardware Token can be deactivated (if lost or broken) by clicking Deactivate Token. You will be asked to confirm this action. Once confirmed, the Hardware Token cannot be used again. Only one Hardware Token can be active on an account at one time.

17.png

A Hardware Token can get out of sync if the button is inadvertently pushed too many times. To Resync a Hardware Token, click Resync:

18.png

Click the button on the Hardware Token, enter the first code for Password 1 and enter the OTP. Repeat for Password 2. Click Resync:

19.png

 

Authy App

To add the Authy App to your account click Add Credential:

IF THE PHONE NUMBER HAS A PUERTO RICAN AREA CODE, PLEASE CHOOSE THE US AS THE COUNTRY CODE ON THE COMPUTER SCREEN AND ON THE PHONE. THE PHONE NUMBER SHOULD BE ENTERED IN THIS FORMAT: 7871112222. If the country code and phone number format are entered in this way there should be no issues when binding the Authy app. For questions or if there are issues, contact your EHR or NewCrop Customer Support for assistance.

20.png

Enter your phone number and click Register Phone:

21.png

Download and install the Authy app. Click the Red X to indicate that you’re ready to enter the OTP or approve via the Push Notification:

22.png

Enter the OTP from the app and click Submit:

23.png

OR approve the Push Notification:

24.png

There is an Authy app for Apple Watch.  At this time, it is limited to “OTP” mode only, so Push/OneTouch approval is not supported.  However, the watch can work independently of the phone to which it is paired.  The user just opens the Authy app on the watch, taps the token they want, and the code is displayed on the screen.  The Authy watch app should automatically install when the Authy app is installed on the paired phone.

 

The Authy app can be deactivated by clicking Deactivate. You will be asked to confirm this action. Once confirmed, the Authy app can be activated again, using the steps above.

25.png

 

Text Message or Voice Call - FOR AUTHENTICATION INTO ACCOUNT

It is STRONGLY RECOMMENDED that you register a phone so in the event you lose your OTP device(s), you will be able to authenticate to your account. You must authenticate to your account to deactivate a lost device and bind a spare or replacement device without having to go through the full identity proofing process again.

TEXT MESSAGING OR VOICE CALLS ARE NOT VALID OTP METHODS FOR TRANSMISSION OF CONTROLLED SUBSTANCES.

To register a phone for either text message or voice call, click Add Phone:

26.png

Use the drop down to select the desired OTP delivery method. Choose your Country. Add your phone number and retype to confirm. Click Send Code:

27.png

You will receive a text message or voice call with the Validation Code. Enter the Validation Code and click Submit:

28.png

More than one phone can be added. It is STRONGLY RECOMMENDED that you add a voice call to a land line in the event a cell phone is lost or broken so you have a way to authenticate to your account. Repeat steps above to register multiple phones to your account.

 

You can change the Delivery Method for a phone number by clicking Change:

29.png

Confirm you want to make a change:

30.png

Delivery Method is now changed from Text Message to Voice Call:

31.png

To set a different number as the default phone click Set as Default:

32.png

Confirm the change:

33.png

To Delete a phone from your account, click Delete:

34.png

Use the drop down to indicate the reason for the deletion and type in comments. Click Delete Phone:

35.png

 

REVOKE ACCOUNT

A Revoke should only be done if you are unable to authenticate to your account because you have no active OTP devices and no phones registered.

REVOKING YOUR ACCOUNT IS A PERMANENT ACTION AND CANNOT BE UNDONE. IF YOUR ACCOUNT IS REVOKED, YOU MUST GO THROUGH THE IDENTITY PROOFING PROCESS AGAIN.

36.png

If a provider has a new phone or new phone number but has tied the Authy app to their cloud-based store (iTunes or Google Play Store), often a copy of the Authy app (including the NewCrop account) can be downloaded and used without any issues or removing and adding a new instance in the Exostar account.


The two best ways to avoid revoking an account:

  1. Always make sure the Hardware Token has been bound to the account. Many providers choose to use the Authy app but adding the hardware token not only allows a backup method to transmit Rxs, it is also a backup method to access the Exostar account. ALWAYS ADD THE HARDWARE TOKEN EVEN IF THE PROVIDER CHOOSES NOT USE IT FOR TRANSMISSION OF CONTROLLED RXS.
  2. Always add an Authentication phone number that is different than the provider’s cell phone number. A provider can add a land line or a different cell phone as well as their own, but the best practice is to have a different phone number for the Authentication phone number. A provider should not tie all authentication methods to one device only.

ONCE A PROVIDER HAS REVOKED THEIR ACCOUNT, THEY MUST PAY FOR ANTOHER LICENSE AND START FROM THE BEGINNING IN THE EVENT THE PROVIDER NEEDS TO TRANSMIT CONTROLLED RXS VIA NEWCROP.

 

RETURNING TO NEWCROP

Once all tasks are completed and to return to NewCrop, click Cancel:

37.png

Questions? Contact your EHR for assistance.

Related articles

Powered by Zendesk