Current situation

Where 2 Factor Authentication (2FA) is switched on for an Xplan site, integrations that have been built to older patterns by Third Parties may encounter difficulties with connectivity.

Who could this impact?

• Third Party Integrators and Xplan clients reliant on basic authentication to integrate outside of Xplan.
• This does not impact Third Party integrations that connect and authenticate using oAuth, i.e. for an adviser led journey.
• This does impact Third Party integrations who operate on machine to machine interaction but we have supplied some example information here that can be used by third parties to work around the issue

What should you do?

If you determine that your integration will be impacted, the current best course of action is to either refactor your code or to upgrade from basic authentication to the oAuth2 protocols.  As best practice we believe that the clock is ticking for basic authentication regardless as we see an underlying shift to move towards more secure methods of authentication such as oAuth2.

What are the timelines

This is not a change that Iress are enforcing on a set date but rather for basic authentication integrations we envisage a constriction of the Xplan user base available to them as 2FA adoption increases.

Further information

More information about oAuth can be seen here.