Sign in & Security
Once you are onboarded into the Cross River system you need to register in our authentication server, Identity Server, to access all Cross River applications.
You need to create an account for both your Sandbox and Production environments. New user account creation is initiated by either Cross River Support or by your Organization’s Admin User on the Org Management application. Your user account is initiated with your name, organization email address, and your cell phone number, which is required for multi-factor authentication. You can use the same email/username for both Sandbox and Production environments. We recommend using a different password for the different environments.
Our Support team creates your sandbox account. Your Integration or Relationship Manager creates your Production account.
The Identity Server endpoints are:
Sandbox:
Production:
IMPORTANT IP allowlisting
Identity Server IP addresses are:
- 172.67.26.222
- 104.22.40.134
- 104.22.41.134
Organization management portal address:
- 66.206.202.116
The server is proxied via Cloudflare.
You can allow these FQDNs:
- idptest.crbcos.com
- idp.crbcos.com
You will received a welcome email from [email protected]. If you don't see it in your inbox, check your spam or blocked mail folders.
Click Create your Cross River Account to start the account registration process.
You are re-directed to the Terms and Conditions page to begin your registration process.
If you leave the wizard at any time, click the link in the original email to go back to where you left off.
Read through the terms and conditions, check Accept, and click Next.
We send you an SMS (text message) to your device with a 6-digit code to verify your identity. Enter the 6-digit code you receive in the login screen and click Verify Code.
Choose a password that meets the on-screen requirements and enter it into the Password field.
Confirm your password by entering it in the Confirm Password field.
Click Create Password.

IMPORTANT You must complete this step to continue the registration process and to be able to login in the future
To protect your identity and your account and information, we require you to use an authenticator app as part of the MFA (multi-factor authentication) process.
If you don't already have an authenticator app on your device, you need to download one before you continue.
For Android and iOS, we recommend using the follow authenticator app:
- Google Authenticator
- Microsoft Authenticator
Once you have your authenticator app installed, you need to either scan the QR code or manually enter the key into the authenticator app (see below).
You may have to create a new account in the authenticator app before you can continue
Scan the QR code in your authenticator app.
If requested, enter the 6-digit code in the Multi-Factor authentication page.
Click Continue.
Click Show key.
Copy the key as the Secret in your authenticator app.

Tap the account on the home page to generate a 6-digit code.
Enter the 6-digit code.
Click Continue.
If your MFA code is accepted, the browser automatically takes you to the next step in the registration process.
We suggest you rename your MFA connection in the app to make it easy to identify in the future.
Use recovery codes to authenticate in case you lose your device.
Download or copy your recovery codes and keep them in a secure place that you will remember
Confirm that you have stored your recovery codes.
Click Create account.
Your account is now active and you can use it to login to any of your CR apps.
IMPORTANT
The recovery codes page times out after 10 minutes.
You can only download the recovery codes once.
The Identity Server IP addresses are:
- 172.67.26.222
- 104.22.40.134
- 104.22.41.134
The server is proxied via Cloudflare.
You can allow these FQDNs:
- idptest.crbcos.com
- idp.crbcos.com.
Enter your email address on the application's Login page. The environment indication banner at the top of the screen shows you which environment you are working in.

Click Continue to go to the password screen.
In the password screen, enter your password and click Continue.

If you enter an invalid username and password combination the Invalid username or password message displays in red under the Password field.
Click Forgot password? and enter your email.

Enter the 6-digit authentication code from your authenticator app.

You need to reauthenticate with an MFA code from your authenticator app before the password reset email can be sent. After entering the code, click Login.
Here are some things to double check:
- Did the code timeout before you clicked Continue? Remaining time is indicated by the countdown circle to the right of the account name and MFA code.
- If you have the authenticator app set up for multiple environments or applications, double check that you entered the correct code.
- If it is not clear from the MFA connection names which is correct option, you might need to try different codes until finding the one that works.
- Once you find the correct connection, you can rename the MFA connection in the app. A pencil icon at the top of MFA app screen will bring you to edit mode. In some apps, you will need to first select (or press and hold) the connection that should be edited, and then the icon will appear.
- Once in edit mode, you can rename the connections as needed so that it will be clear which one applies to which environment.
- Save any changes, and next time it should be easier to understand which code to use.
If you already have MFA configured:
In Identity Server, go to Reset MFA and click Reset your MFA device.
The Multi-Factor Authentication page opens and you can reset your MFA.
You can also create new multi-factor authentication recovery codes.
Click Create new multi-factor authentication recovery codes.
The Recovery Codes page opens and you can copy or download your 10 new recovery codes.
If you have not yet configured your multi-factor authentication, you can enable MFA from Account Settings.
If your current MFA is SMS, you can enable MFA with your authenticator app, in Account Settings.
If you enter an invalid MFA code, a red message notifies you to try again.

If you try to log in to a Cross River application with the correct password but an invalid MFA code, a red message informs you that the code is invalid.
Enter valid MFA code from authenticator app and click Login.
After your MFA code is accepted, check your email for further instructions.
Click Reset Password.
Enter and confirm a password that meets the on-screen requirements. A checkmark will appear next to each fulfilled requirement.
Enter and confirm a new password that meets the security requirements.
Click Reset Password.
If the password is accepted you will be informed of the successful reset. Click Continue to the application to be automatically redirected to the Cross River application that you were trying to access.

If you do not have access to your multi-factor (2-factor) authenticator, you can log in using one of your recovery codes.
Log in as usual.
On the Multi-Factor Authentication page, you have the option to use a recovery code as your authentication option.
Enter one of your recovery codes in the text box. The recovery code is single-use and cannot be reused. To avoid future confusion, we recommend that you mark the recovery code as used.

If you enter the wrong password for your username 5 times, the system locks your account for approximately 5 minutes. If after 5 minutes, you are still unable to access your account, contact Cross River Support.