As part of our commitment to deliver high-quality and highly available services to our customers, we are updating the technology infrastructure used to login to/authenticate yourself on LSEG Workspace. The new identity and access management service will:

• Improve performance
• Enhance resilience
• Bolster security allowing us to:
• Provide new authentication options such as Enhanced Multi-Factor Authentication (MFA)
• Make improvements to the password policy and login options in the future

This update lays the groundwork for us soon to enable:

• You to enjoy a truly flexible cross-platform experience with unbroken access between devices
• Users of our Refinitiv 365 Office add-in to log into LSEG Workspace on their desktop at the same time and on the same machine
• Users of Workspace Web will no longer require the LSEG Workspace Chrome Extension to share a session with Workspace for desktop and Workspace Microsoft Office add-ins

The update will be phased and will begin in Q1 2023. The following table provides more specific advice for users of different LSEG Workspace products.

Note: Single Sign-On (SSO) and SDK customers, please see the instructions included in this pack.

Remember your username and password.

Usernames will remain the same, and you can log in with your existing credentials after the update. When logging into Workspace through the new authentication platform for the first time, you will be asked to enter both your username and password.

Note: It is important to make sure you remember your current password or reset it in advance.

As part of the new password authentication policy, you’ll need to enter your password every time you sign into the product. The ‘Remember me’ option for password retention will no longer be available.

Required actions for users of specific products and services

The new identity and authentication service is cloud-hosted and does not use static IP addresses.

Internet & Delivery Direct

You need to permit the following list of Fully Qualified Domain Names (FQDNs) according to your network delivery method.

Note: You may have already allowed some of these domains as part of the rebranding changes made in 2021. Any existing whitelisted domains Refinitiv has previously communicated should not be removed.

* Domains listed in the table are wildcard values, where a subdomain may prepend and/or append the listed domain

**Login authentication is currently via the internet. Delivery Direct as a connectivity option will be introduced by Q2 2023.

Delivery Direct

To access new AWS service endpoints, customers using a private network must whitelist the following new IP addresses, which will impact Delivery Direct, FCN and CMC users.

• 159.43.192.0/23 [AMERS]
• 159.43.200.0/23 [EMEA]
• 159.43.208.0/23 [APAC]

Currently the Single Sign - On (SSO) service is hosted by ForgeRock, but in the future a new system hosted by Ping Identity® will act as the SSO solution for secure access to London Stock Exchange (LSEG) systems for customers.

The current SSO set-up supports the Identity Provider (IDP) initiated login flow. In the future we will support, by default, the Service Provider (SDP) initiated flow.

Please use the following testing tools.

1. To run a comprehensive check of your network readiness for CIAM platform you can use the standalone system test (for both Windows and Mac) click on this link: https://emea1-apps.platform.refinitiv.com/Apps/ProductSystemTest/

2. Click on the url: Validation tool (refinitiv.com) enter you valid Workspace login credentials. This simple test checks if your login credentials are correctly reflected in the CIAM authentication platform and if your network can access the basic CIAM login domain. PLEASE NOTE TO USE IT FOR INTERNET ONLY CONNECTION

We’ll communicate details on password requirements separately. We’ll also provide on-screen prompts when you’re logging in for the first time with the new hyperlink.

Yes, you’ll be able to change your password using the same options available today. These include:

• Using the ‘Forgotten password’ link on the login page
• Going to the LSEG Workspace Password settings, available here: LSEG Workspace > Profile Menu > Password Settings
• Contacting the Help Desk via the My.Refinitiv.com help portal

1) We’ve removed the ‘Cancel’ button. To provide our users with an up to date user experience, we have moved the Cancel button as it does not perform any relevant function. For example, a user that is logging in via a desktop browser can either end their actions by closing their browser or navigate back using their browser back button.

2) We’ve removed the ‘Sign me in automatically’ functionality and replaced it with ‘Remember my username’ functionality. This is to keep our users and company safe from bad actors, by incorporating the latest security standards into our platforms.

3) We’ve implemented a ‘Remember my username’ functionality, which saves time when logging in. The user simply needs to click the check box and their username will be prepopulated on subsequent logins.

4) We’ve implemented an ‘x’ button in the top right hand corner for installed applications where the browser back button is not available. When a user opens an installed application then decides to discontinue their login journey, the ‘x’ button closes the login screen.

Note: Remember to update your bookmarks with the new hyperlink. The new login page will look like this:

Yes, other products will eventually be impacted. You’ll receive instructions about what to do at the appropriate time.

All my conversations, chat groups, and contacts going to be preserved.

There is no impact on Refinitiv Messenger Compliance.

Only customers signing into Eikon Messenger Standalone installed software are in scope for 1.20 upgrade. Users who access via web only are not impacted as long as they sign in via web browser URL only.

Yes, the password will remain the same for both products.