Two factor authentication (2FA) must first be enabled by IRESS then set up by your site administrator before you can proceed.

The below list shows the Xplan Integration that are either Supported or Not Supported if 2FA is turned on. Please consider this before turning on 2FA

• Outlook plugin - Supported
• Client Portal (for adviser) - Supported
• Client Portal (client) - Supported
• Imap - Not Supported
• Barcoding - Action Manager (WebDav) - Not Supported
• XWord - Not Supported
• IressOpen Integration - Can be supported if oAuth is used by the integration partner
• API - Automated data transfer (i.e. between Xplan and data warehouse where user interface is not appropriate) is supported.

There are 3 different 2FA methods available for you to use. Each user will first need to ensure their contact details are correct in XPLAN then they need to enable 2FA under their log in.

2FA Methods

  • Software Token
    • Requires the user to download an app that will accept a barcode eg: Google Authenticator.  It's free to download and use.
  • SMS
    • Each User will require a mobile phone, and the number entered into their contacts in XPLAN and flagged as SMS preferred
  • Email
    • Requires the user to have an email address captured in Xplan.


Each User then needs to enable 2FA under their User Preferences

1. Click on your name on the top right > My Preferences



2. Account > Two Factor Authentication

3. Click Activate.  You will be asked to login with your user password again.




4. Once logged in you are able to select one of the authentication methods, and click Next.


** Note: Ensure that the SMS and Email details captured are correct as you will be required to  enter a pin that is sent to these once you click Next. 


5. To use the software token method:

  • Download the Google Authenticator app or similar onto your phone.  
  • When selected in Xplan, you will be presented with a barcode to scan using the authenticator app in order to receive a code, Click Next.


6. On clicking Next, you will be asked to provide a code in order to complete the setup of 2FA, then click Done


7. If the code is correct, 2FA will be applied and the ‘Activate’ button will update to Deactivate




8. When you login in next you will be prompted for a ‘Security Code’. Enter the OTP Code from either your email / via SMS / via Authenticator App