Logging in

1. To log into Rex go to https://app.rexsoftware.com/login
2. Enter your email address and password you setup when accepting your email invitation
3. Click Log In
4. You'll now go to the next screen to enter your password
5. Click Log In
   

Note: Logins will be remembered for 2 weeks. If you're logging in on someone else's computer, we recommend using your browser's Guest/Incognito mode, and closing the browser when you've finished your session.

Multi-factor Authentication (MFA)

You can now set up authenticator-based multi-factor authentication. Multi-factor authentication (MFA) is a security method that'll require you to provide multiple forms of identification, such as a password and a one-time code generated via an app, before accessing the application. MFA provides enhanced protection against unauthorised access.

Setting up multi-factor authentication

To setup multi-factor authentication, visit the Profile app. You can also access the Profile app by going to edit your profile via the top-right menu in Rex.

You'll first be prompted to download an authenticator app on your phone. Any QR-code based authenticator will work, though we recommend Google Authenticator or Twilio Authy.

You'll then be presented with instructions (via the selected app) on how to get set up with MFA.

Notes:

• Once MFA is enabled, you'll be prompted to provide a 6-digit code, generated by your selected MFA app every time you login.
• Enabling multi-factor authentication will require you to re-enter your password.
• Disabling multi-factor authentication will require you to enter a multi-factor code

FAQ

Am I able to enforce MFA usage across my agency?

Yes - MFA is enforceable across your Agency and any child accounts linked to it. This setting can be found and toggled by following the below steps;

1. Open the main menu on the left side of the screen
2. Click 'Settings'
3. Select 'Users & Security' > 'Security'
4. Tick the checkbox to 'Require multi-factor authentication for all users'
5. 'Save'
   
   Note: the ability to take this action requires the 'manage users' privilege.

Admins who enable this feature will also be prompted to ask if they want to automatically enable it for all child accounts. This can still be overridden per child account if needed, but it's a great time saver for large organisations.

Do you plan on supporting other multi-factor methods in the future?

We don’t have any immediate plans to support other multi factor methods . Authenticator-based MFA (a.k.a TOTP MFA) is one of the most secure methods available and boasts several advantages over email/SMS-based MFA.

What impact does multi-factor authentication have on the API?

Multi-factor authentication do not currently impact API usage and there are no breaking changes being made to the API at this stage. Note that we will eventually update the API to be compatible with multi-factor verification checks at a later date.

What happens if users with MFA setup get locked out of their account?

We anticipate that users will occasionally get locked out due to lost phones/uninstalled apps or similar scenarios. Affected users can reach out to our customer care team, who can unlock the user’s account after the user has gone through an identity verification process.