As part of our efforts to continue to deliver high-quality and highly available services to our customers, we’ll be upgrading the technology infrastructure you use to log into/authenticate yourself on the FX Trading and FXall® graphical user interface (GUI) and supporting websites.

This upgrade won’t require any actions by users of FX Trading or FXall GUI who currently authenticate via the LSEG/Refinitiv AAA system (accessing the service via a corporate email address). FXall users who currently use the legacy SiteMinder system (accessing the system using an FXall ID) also need take no action at this time. SiteMinder users will be contacted later with further migration instructions.

The new identity and access management services will improve performance and resilience while bolstering security, allowing us to provide enhanced authentication options and improvements to password policies.

The migration to the new CIAM system is scheduled to commence in November continuing into Q1 2025.

We recommend that you review the frequently asked questions below to ensure that you are familiar with any changes required for this upgrade.

Please forward this communication to your IT department for further review.

If you have any questions, please see the contact information at the end of this document.

Customers should have already ensured that they are technically ready for this upgrade.

FXT/FXall GUI USERS

Please follow the obsolescence policy to ensure that you are running a supported version of the GUI. Obsolescence policy FXT and FXall.

LOGIN USING USERNAME AND PASSWORD

Remember your username & password

Your username will remain the same, so you’ll be able to login with your current credentials after the upgrade. When logging into FXT/FXall via the new authentication platform for the first time, you’ll will be asked to enter both your username and password. It’s important to make sure you remember your passwords or reset them in advance.

As part of the continuing password authentication policy, you’ll need to enter your password each time you sign into the product.

The new identity and authentication service is cloud-hosted and does not use static IP addresses. Customers who restrict access to external services will now need to manage this using the DNS names from the table below.

Delivery Direct has been renamed to Refinitiv Managed Connection.

Internet & Refinitiv Managed Connection (Delivery Direct)

You need to permit the following list of Fully Qualified Domain Names (FQDNs) according to your network delivery method.

Note: You may have already allowed some of these domains as part of the rebranding changes made in 2021. Any existing whitelisted domains LSEG/Refinitiv has previously communicated should not be removed.

* Domains listed in the table are wildcard values, where a subdomain may prepend and/or append the listed domain

Refinitiv Managed Connection (Delivery Direct)

To access new AWS service endpoints, customers using a private network must whitelist the following new IP addresses, which will impact Refinitiv Managed Connection, FCN and CMC users.

• 159.43.192.0/23 [AMERS]
• 159.43.200.0/23 [EMEA]
• 159.43.208.0/23 [APAC]

BOOKMARKS

The bookmarks/standard links for webservices remain the same. If these are going to change we’ll update you when the time comes.

ASIA: https://apac1-fxt.trading.refinitiv.com

EMEA: https://emea1-fxt.trading.refinitiv.com

AMERS: https://amers1-fxt.trading.refinitiv.com and https://amers2-fxt.trading.refinitiv.com

PASSWORD POLICY RULES

We’ll communicate the new password policy in January 2023. If you need to change your password after the upgrade, you’ll be given instructions on how to update it and any special password requirements. Your existing passwords are compliant with the new password policy and can be kept as they are.

You’ll be able to change your password using the same options available today. These include:

1. Forgotten password link on the login page
2. By using Password Assistance

MULTIFACTOR AUTHENTICATION (MFA)

As part of the upgrade, customers that currently use Multi-Factor Authentication (MFA) will continue to be supported. Users that access the service via the Internet and have MFA enabled will receive a onetime passcode via an email, SMS text message. In the future and as an enhancement we will be introducing a Push notification Ping app. This can be configured for each user separately. Users that access the service via Refinitiv Managed Connection and have MFA enabled, will receive a onetime passcode via email only.

SINGLE SIGN ON (SSO)

Federated Single sign-on (SSO) customers won’t be affected by this migration. Federated SSO customers will remain on the current AAA system for the time being.

On the assumption customers have made all the required changes listed above, the upgrade to the new service should be completely transparent and should not impact your access to FXT and FXall.

The migration is scheduled to commence in November continuing into Q1 2025. Users will be migrated in batches. Affected users will be emailed in advance notifying them of the exact date of their migration.

Customers should already be technically ready for additional network flows per earlier communications.

You will have a variety of testing options available:

Testing technical readiness:

Network system test for Windows: click here

Network system test for Mac click here

Ping to HTML test here

Validation tool (refinitiv.com) enter you valid Workspace login credentials. This simple test checks if your login credentials are correctly reflected in the CIAM authentication platform and if your network can access the basic CIAM login domain. PLEASE NOTE TO USE IT FOR INTERNET ONLY CONNECTION

There are minor changes to the new login screen.

1. New CIAM username/ password capture screen:

2. New CIAM MFA capture screen for Internet customers:

3. New CIAM MFA capture screen for Refinitiv Managed Connection customers:

If you access TPR and business objects via FXT and FXall GUI you may need to reauthenticate again. Please note that in due course all the services accessed from within the GUI will be moved to the new authentication platform and no additional authentication will be required. 

LSEG’s implementation management (for FXT changes) and sales success (for FXall changes) teams will support our customers in completing the required tasks to make sure you’re technically ready for the new CIAM platform.

Multiple LSEG/Refinitiv products will undergo the platform change independently and the fact that customers have moved to the new identity and access management platform with FXT or FXall won’t impact other products. The implementation management team will inform customers about any changes needed across all the products they consume. If they have not informed you, please be sure to ask.

Yes, you can continue to use EAS to administer your product. If there are any future changes to the administration service portal, we’ll inform you separately.

If customers access Web services via FXT and FXall GUI, they may need to reauthenticate, please note that in due course all the services accessed from within the GUI will be moved to the new authentication platform and no additional authentication will be required.

If you don’t perform the necessary network changes, you’ll no longer be able to access the service after you have been migrated to the new CIAM system.

Yes, for a fixed timeframe customers may experience additional authentication requirement when accessing MyAccount or resetting passwords.

There are minor changes to the new login screen. Product functionality remains unchanged, these changes relate only to login/authentication process.

Yes.

Where can I get more help?

Click here to contact our customer service team for further assistance.