Sign in and security

once you are onboarded into the cross river system you need to register in our authentication server, identity server, to access all cross river applications you need to create an account for both your sandbox and production environments new user account creation is initiated by either cross river support or your organization’s admin user on the user permissions application your user account is initiated with your name, organization email address, and your cell phone number, which is required for multi factor authentication you can use the same email/username for both sandbox and production environments we recommend using a different password for the different environments our support team creates your sandbox account your relationship manager creates your production account welcome email after your account has been created you will receive a welcome email from crossriver do not reply\@crossriver com if you don't see it in your inbox, check your spam or blocked mail folders click create your cross river account to start the account registration process you are re directed to the terms and conditions page to begin your registration process if you leave the wizard at any time, click the link in the original email to go back to where you left off terms and conditions read through the terms and conditions, check accept , and click next verification select verification code method if you are using a domestic (us) phone number, choose how you will received your verification code phone call or whatsapp message if you use an international (non us domestic) phone number, you receive the verification code by sms enter verification code you receive a 6 digit code through your chosen method, used to verify your identity on the login screen, enter the 6 digit code you received and click verify code if you don't receive a code, restart the registration process from the sign in and security docid\ bpxgs4xke r5 xqvyrumt create your password choose a password that meets the on screen requirements and enter it into the password field confirm your password by entering it in the confirm password field click create password authenticator app setup important you must complete this step to continue the registration process and to be able to login in the future to protect your identity and your account and information, we require you to use an authenticator app as part of the mfa (multi factor authentication) process if you don't already have an authenticator app on your device, you need to download one before you continue for android and ios, we recommend using the follow authenticator app google authenticator microsoft authenticator once you have your authenticator app installed, you need to either scan the qr code or manually enter the key into the authenticator app (see below) you may have to create a new account in the authenticator app before you can continue qr code scan the qr code in your authenticator app if requested, enter the 6 digit code in the multi factor authentication page click continue manual click show key copy the key as the secret in your authenticator app tap the account on the home page to generate a 6 digit code enter the 6 digit code click continue if your mfa code is accepted, the browser automatically takes you to the next step in the registration process we suggest you rename your mfa connection in the app to make it easy to identify in the future recovery codes use recovery codes to authenticate in case you change or lose your device these recovery codes are very critical to retaining access to your account download or copy your recovery codes and keep them in a secure place that you will remember confirm that you have stored your recovery codes click create account your account is now active and you can use it to login to any of your cr apps important the recovery codes page times out after 10 minutes you can only download the recovery codes once login to cross river applications enter your email address on the application's login page the environment indication banner at the top of the screen shows you which environment you are working in click continue to go to the password screen in the password screen, enter your password and click continue important ip allowlisting identity server ip addresses are 172 67 26 222 104 22 40 134 104 22 41 134 organization management portal address 66 206 202 116 the server is proxied via cloudflare you can allow these fqdns idptest crbcos com idp crbcos com oauthtest crbnj net oauth crbnj net troubleshooting forgot password if you enter an invalid username and password combination the invalid username or password message displays in red under the password field click forgot password? and enter your email enter the 6 digit authentication code from your authenticator app you need to reauthenticate with an mfa code from your authenticator app before the password reset email can be sent after entering the code, click login here are some things to double check did the code timeout before you clicked continue ? remaining time is indicated by the countdown circle to the right of the account name and mfa code if you have the authenticator app set up for multiple environments or applications, double check that you entered the correct code if it is not clear from the mfa connection names which is correct option, you might need to try different codes until finding the one that works once you find the correct connection, you can rename the mfa connection in the app a pencil icon at the top of mfa app screen will bring you to edit mode in some apps, you will need to first select (or press and hold) the connection that should be edited, and then the icon will appear once in edit mode, you can rename the connections as needed so that it will be clear which one applies to which environment save any changes, and next time it should be easier to understand which code to use reset multi factor authentication if you already have mfa configured in identity server, go to reset mfa and click reset your mfa device the multi factor authentication page opens and you can reset your mfa you can also create new multi factor authentication recovery codes click create new multi factor authentication recovery codes the recovery codes page opens and you can copy or download your 10 new recovery codes if you have not yet configured your multi factor authentication, you can enable mfa from account settings click reset mfa method click configure mfa follow the instruction in sign in and security docid\ bpxgs4xke r5 xqvyrumt if your current mfa is sms, you can enable mfa with your authenticator app, in account settings click reset mfa method click configure mfa follow the instruction in sign in and security docid\ bpxgs4xke r5 xqvyrumt invalid mfa code if you enter an invalid mfa code, a red message notifies you to try again here are some things to double check did the code timeout before you clicked continue ? remaining time is indicated by the countdown circle to the right of the account name and mfa code if you have the authenticator app set up for multiple environments or applications, double check that you entered the correct code if it is not clear from the mfa connection names which is correct option, you might need to try different codes until finding the one that works once you find the correct connection, you can rename the mfa connection in the app a pencil icon at the top of mfa app screen will bring you to edit mode in some apps, you will need to first select (or press and hold) the connection that should be edited, and then the icon will appear once in edit mode, you can rename the connections as needed so that it will be clear which one applies to which environment save any changes, and next time it should be easier to understand which code to use correct password, invalid mfa if you try to log in to a cross river application with the correct password but an invalid mfa code, a red message informs you that the code is invalid here are some things to double check did the code timeout before you clicked continue ? remaining time is indicated by the countdown circle to the right of the account name and mfa code if you have the authenticator app set up for multiple environments or applications, double check that you entered the correct code if it is not clear from the mfa connection names which is correct option, you might need to try different codes until finding the one that works once you find the correct connection, you can rename the mfa connection in the app a pencil icon at the top of mfa app screen will bring you to edit mode in some apps, you will need to first select (or press and hold) the connection that should be edited, and then the icon will appear once in edit mode, you can rename the connections as needed so that it will be clear which one applies to which environment save any changes, and next time it should be easier to understand which code to use valid mfa code (forgot password flow) enter valid mfa code from authenticator app and click login after your mfa code is accepted, check your email for further instructions click reset password enter and confirm a password that meets the on screen requirements a checkmark will appear next to each fulfilled requirement enter and confirm a new password that meets the security requirements click reset password if the password is accepted you will be informed of the successful reset click continue to the application to be automatically redirected to the cross river application that you were trying to access using recovery codes if you do not have access to your multi factor (2 factor) authenticator, you can log in using one of your recovery codes log in as usual on the multi factor authentication page, you have the option to use a recovery code as your authentication option enter one of your recovery codes in the text box the recovery code is single use and cannot be reused to avoid future confusion, we recommend that you mark the recovery code as used account lockout if you enter the wrong password for your username 5 times, the system locks your account for approximately 5 minutes if after 5 minutes, you are still unable to access your account, contact cross river support browser error firewall you log in to cos explorer and get following error screen you are blocked by a firewall contact your internal it department to see if your organization enforces firewall rules for outbound traffic if there are no firewall rules for outbound traffic, then contact your internal it department to make sure you're connecting to the cross river cos explorer portal from an approved ip address if you need to register more ip addresses, send an email to cos support