As part of our efforts to continue to deliver high-quality and highly available services to our customers, we’ll be upgrading the technology infrastructure you use to log into/authenticate yourself on the FX Trading and FXall® graphical user interface (GUI) and supporting websites.

This upgrade won’t require any actions by users of FX Trading or FXall GUI who currently authenticate via the Refinitiv AAA system (accessing the service via a corporate email address). FXall users who currently use the legacy SiteMinder system (accessing the system using an FXall ID) also need take no action at this time. SiteMinder users will be contacted later with further migration instructions.

The new identity and access management services will improve performance and resilience while bolstering security, allowing us to provide enhanced authentication options and improvements to password policies.

We’ll provide further details regarding the exact date of the upgrade in Q4 2023; however, we do recommend that you review the frequently asked questions below to ensure that you are familiar with any changes required for this upgrade.

Please forward this communication to your IT department for further review.

If you have any questions, please see the contact information at the end of this document.

Customers should ensure that they are technically ready for this upgrade by the end of Q3 2023.

FXT/FXALL GUI USERS

Please follow the obsolescence policy to ensure that you are running a supported version of the GUI. Obsolescence policy FXT and FXall.

LOGIN USING USERNAME AND PASSWORD

Remember your username & password

Your username will remain the same, so you’ll be able to login with your current credentials after the upgrade. When logging into FXT/FXall via the new authentication platform for the first time, you’ll will be asked to enter both your username and password. It’s important to make sure you remember your passwords or reset them in advance.

As part of the continuing password authentication policy, you’ll need to enter your password each time you sign into the product.

The new identity and authentication service is cloud-hosted and does not use static IP addresses. Customers who restrict access to external services will now need to manage this using the DNS names from the table below.

Internet & Delivery Direct

You need to permit the following list of Fully Qualified Domain Names (FQDNs) according to your network delivery method.

Note: You may have already allowed some of these domains as part of the rebranding changes made in 2021. Any existing whitelisted domains Refinitiv has previously communicated should not be removed.

FQDN	Delivery	Protocol/Port	Description	New domain?
*.refinitiv.com *.refinitiv.net *.refinitiv.biz	Internet Internet or Delivery Direct Delivery Direct	HTTPS/443	Login Authentication Password Reset	No
https://authenticator.pingone.com/	Internet	HTTPS/443	Multi-Factor Ping Authenticator app	Yes
https://idpxnyl3m.pingidentity.com/	Internet	HTTPS/443	Multi-Factor Ping Authenticator app	Yes

* Domains listed in the table are wildcard values, where a subdomain may prepend and/or append the listed domain

Delivery Direct

To access new AWS service endpoints, customers using a private network must whitelist the following new IP addresses, which will impact Delivery Direct, FCN and CMC users.

• 159.43.192.0/23 [AMERS]
• 159.43.200.0/23 [EMEA]
• 159.43.208.0/23 [APAC]

DNS Suffix	Authoritative DNS	FQDN Status	PING Migration Test tool line number (see section Test tool 1 – Ping to HTML)
login.ciam.refinitiv.com	Internet	New and live	1
login.ciam.refinitiv.biz	Private	New and live	2
authenticator.pingone.com	Internet	New and live	3
idpxnyl3m.pingidentity.com	Internet	New and live	4
identity.ciam.refinitiv.net	Internet / Private	New and live	5
mydetails.identity.ciam.refinitiv.net	Internet / Private	New and live	6
emea1.mydetails.identity.ciam.refinitiv.net	Internet / Private	New and live	7
apac1.mydetails.identity.ciam.refinitiv.net	Internet / Private	New and live	8
amers1.mydetails.identity.ciam.refinitiv.net	Internet / Private	New and live	9
amers2.mydetails.identity.ciam.refinitiv.net	Internet / Private	New and live	10
sso.platform.refinitiv.com	Internet	New and live	11
sso.platform.refinitiv.net	Internet / Private	New and live	12
amers-sso.platform.refinitiv.net	Internet / Private	New and not live	13
emea-sso.platform.refinitiv.net	Internet / Private	New and not live	14
apac-sso.platform.refinitiv.net	Internet / Private	New and not live	15
amers-passage.extranet.refinitiv.biz	Private	New and not live	16
apac-passage.extranet.refinitiv.biz	Private	New and not live	17
amers1.identity.ciam.refinitiv.net	Internet / Private	Current	18
amers2.identity.ciam.refinitiv.net	Internet / Private	Current	19
emea1.identity.ciam.refinitiv.net	Internet / Private	Current	20
apac1.identity.ciam.refinitiv.net	Internet / Private	Current	21
sts.identity.ciam.refinitiv.net	Internet / Private	Current	22
amers1.heartbeat.ciam.refinitiv.net	Internet / Private	Current	23
amers2.heartbeat.ciam.refinitiv.net	Internet / Private	Current	24
emea1.heartbeat.ciam.refinitiv.net	Internet / Private	Current	25
apac1.heartbeat.ciam.refinitiv.net	Internet / Private	Current	26
amers1.heartbeat.ciam.refinitiv.com	Internet	New and live	27
amers2.heartbeat.ciam.refinitiv.com	Internet	New and live	28
emea1.heartbeat.ciam.refinitiv.com	Internet	New and live	29
apac1.heartbeat.ciam.refinitiv.com	Internet	New and live	30
amers1.heartbeat.ciam.refinitiv.biz	Private	New and live	31
amers2.heartbeat.ciam.refinitiv.biz	Private	New and live	32
emea1.heartbeat.ciam.refinitiv.biz	Private	New and live	33
apac1.heartbeat.ciam.refinitiv.biz	Private	New and live	34
emea-passage.extranet.refinitiv.biz	Private	New and live	35
apac1-fxallweb.trading.refinitiv.com	Internet	New and not live (for future use)	N/A
emea1-fxallweb.trading.refinitiv.com	Internet	New and not live (for future use)	N/A
amers1-fxallweb.trading.refinitiv.com	Internet	New and not live (for future use)	N/A
amers2-fxallweb.trading.refinitiv.com	Internet	New and not live (for future use)	N/A
apac1-fxallweb.trading.refinitiv.biz	Private	New and not live (for future use)	N/A
amers1-fxallweb.trading.refinitiv.biz	Private	New and not live (for future use)	N/A
amers2-fxallweb.trading.refinitiv.biz	Private	New and not live (for future use)	N/A
amea1-fxallweb.trading.refinitiv.biz	Private	New and not live (for future use)	N/A

 

Initially the new identity and authentication service will be available only via the public internet, so users will need to have internet access.

We’ll be introducing Delivery Direct (DD) support in Q1 2023. Be sure to whitelist the following new private network IP addresses, which impact Delivery Direct, FCN and CMC users, to access new AWS service endpoints:

Private lines subsets/supersets

• 159.43.192.0/23 [AMERS]
• 159.43.200.0/23 [EMEA]
• 159.43.208.0/23 [APAC]

BOOKMARKS

The bookmarks/standard links for webservices remain the same. If these are going to change we’ll update you when the time comes.

ASIA: https://apac1-fxt.trading.refinitiv.com

EMEA: https://emea1-fxt.trading.refinitiv.com

AMERS: https://amers1-fxt.trading.refinitiv.com and https://amers2-fxt.trading.refinitiv.com

PASSWORD POLICY RULES

We’ll communicate the new password policy in January 2023. If you need to change your password after the upgrade, you’ll be given instructions on how to update it and any special password requirements. Your existing passwords are compliant with the new password policy and can be kept as they are.

You’ll be able to change your password using the same options available today. These include:

1. Forgotten password link on the login page
2. By using Password Assistance

MULTIFACTOR AUTHENTICATION (MFA)

As part of the upgrade, customers that currently use Multi-Factor Authentication (MFA) will continue to be supported. User that accesses the service via the Internet and have MFA enabled will receive a onetime passcode via an email, SMS text message. In the future and as an enhancement we will be introducing a Push notification Ping app. This can be configured for each user separately. User that accesses the service via the deliver Direct and have MFA enabled, will receive a onetime passcode via email only.

SINGLE SIGN ON (SSO)

We plan to release an updated SSO service using the new infrastructure in Q2 2023, so if you use SSO we will contact you separately.

Single sign-on (SSO) customers won’t be affected by the first phase of the update. We’ll communicate timelines, documentation and the onboarding process nearer to the time that the new SSO service is ready.

On the assumption customers have made all the required changes listed above, the upgrade to the new service should be completely transparent and should not impact your access to FXT and FXall.

We are currently planning to perform the upgrade during a maintenance window. Start dates are currently under view but will not be before Q4 2023.

Customers need to be technically ready for additional network flows by the end of Q3 2023.

You will have a variety of testing options available:

Testing technical readiness:

Network system test for Windows: click here

Network system test for Mac click here

Ping to HTML test here

Validation tool (refinitiv.com) enter you valid Workspace login credentials. This simple test checks if your login credentials are correctly reflected in the CIAM authentication platform and if your network can access the basic CIAM login domain. PLEASE NOTE TO USE IT FOR INTERNET ONLY CONNECTION

The implementation management team will ask customers to run the system test to confirm that they’ve made the necessary network updates successfully.

Scheduled test windows during a global low usage maintenance weekend when customers can check their services running on the new Platform – detailed schedule to follow.

There are minor changes to the new login screen.

Examples of the current login screens and new screens will be available in Q4 2023.

If you access TPR and business objects via FXT and FXall GUI you may need to reauthenticate again. Please note that in due course all the services accessed from within the GUI will be moved to the new authentication platform and no additional authentication will be required. 

LSEG’s implementation management (for FXT changes) and sales success (for FXall changes) teams will support our customers in completing the required tasks to make sure you’re technically ready for the new CIAM platform.

Multiple Refinitiv products will undergo the platform change independently and the fact that customers have moved to the new identity and access management platform with FXT or FXall won’t impact other products. The implementation management team will inform customers about any changes needed across all the products they consume. If they have not informed you, please be sure to ask.

Yes, you can continue to use EAS to administer your product. If there are any future changes to the administration service portal, we’ll inform you separately.

If customers access Web services via FXT and FXall GUI, they may need to reauthenticate, please note that in due course all the services accessed from within the GUI will be moved to the new authentication platform and no additional authentication will be required.

If you don’t perform the necessary network changes, once we move everyone to the new authentication platform, you’ll no longer be able to access the service.

Yes, for a fixed timeframe customers may experience additional authentication requirement when accessing my Refinitiv or resetting passwords.

There are minor changes to the new login screen. Product functionality remains unchanged, these changes relate only to login/authentication process.

Yes.

Where can I get more help?

Click here to contact our customer service team for further assistance.