Frequently asked questions

Create an account via the sign-up process of one of the supported IRIS Cloud products. If someone else in your organisation has already signed up on your company’s behalf, you may receive an invite from them. Once you’ve created an account with one IRIS product, you can use the same account for other IRIS Identity-compatible products.

It is likely your account was migrated from another IRIS Cloud product. As we move our products over to IRIS Identity, we migrate accounts where it is safe and practical to do so.

IRIS Identity only needs your name, email address, and a password, with an optional password recovery question and answer. For more information, view the IRIS Privacy Policy.

You can change your name and password via the Account Management screen of one of the supported IRIS Cloud products. F or more information, refer to the specific product Help Centre.

To protect our customers’ details, accounts become locked if a password is entered incorrectly several times in a row. There are additional factors that can lead to a lock, such as unsuccessful login attempts from suspicious devices or IP addresses. You can manually unlock your account by selecting the link in your email and entering the correct password.

If you receive an email telling you your account is locked and you haven’t been trying to log in, it's possible that someone else is attempting to gain access to your account by guessing your password. Use the link in the received email to immediately report this as suspicious activity.

At the time of writing, IRIS does not offer social sign-in via IRIS Identity. However, this functionality is under constant review. If this is something you would like to use, contact your IRIS account manager.

Yes, you can. If you want your employees to log into IRIS using their corporate account (Active Directory, Google, and so on), also called federated sign-in, contact your IRIS account manager.

Select the Need Help Signing In? link under the sign in box and then select Forgot Password?. Enter your email address in the box and select Reset via Email. A reset link is emailed to the registered email address on your account. You'll receive an email with a link. Select the link and enter a new password.

Not all IRIS products support IRIS Identity but we're gradually rolling it out across our product portfolio. For more information, contact your IRIS account manager.

IRIS Identity accounts require a secure password that meets the criteria displayed when creating an account or resetting your password.

When activating your account, you can set a preferred picture, displayed at the login screen. This gives extra assurance that you’re attempting to access the correct account. If you see an unfamiliar picture or the picture does not appear, you might have entered the wrong email address or attempting to log into a non-IRIS product. If the account was created on your behalf, this option is not available.

You should always log in via one of our supporting products. You are redirected to IRIS Identity and then redirected back to the application after successfully logging in. If you’ve bookmarked or directly navigated to identity.iris.co.uk, you can still log in, but as it isn't clear which application you want, you are directed to the IRIS home page instead.

It's possible that someone has managed to maliciously gain access to your account. IRIS always sends verification emails whenever key account information changes. These emails contain a link that allows you to report suspicious activity direct to IRIS. Select the link to submit a report. You should attempt to log in to your account and change your password as soon as possible. If you are unable to log in, contact IRIS Support.

IRIS works with Okta, a market-leading Identity Management specialist, to securely manage your details. View the Okta compliance status.

IRIS employs a wide range of tools to help protect your account, including password policies, multi-factor authentication, and the use of machine learning to detect unusual behaviour during log in. We also co-ordinate with industry specialists to maintain a blacklist of suspicious IP addresses. Users must be vigilant still and protect their credentials. Be mindful of phishing attacks, malware, and other attempts to circumvent our protections. We always email you as soon as we detect anything unusual and whenever anyone attempts to change your email address or password. You must inform us immediately if you believe your account has been compromised.

Yes. You can do this via the account management screen on one of our supporting applications.

By default, IRIS allow users to enable multi-factor authentication (MFA) at their own discretion. But some of the sensitive user roles in our products require the enforcement of MFA. If your is assigned to one of these roles, must enable at least one factor the first time you attempt to log in. It’s recommended to set two factors, so you have a backup in case you’re unable to access your primary factor.

IRIS supports authenticator apps such as Google Authenticator and Okta Verify, email verification and secure hardware keys such as Yubikey. We are constantly reviewing the factors we support — contact your IRIS account manager to discuss adding new factors.

Text message verfication is considered an insecure means of enforcing additional factors on user accounts. Following guidance from security specialists, IRIS has made the decision not to implement it on the IRIS Identity platform.

Yes, you can do this via the Account Management screen in a supported product. You can remove authentication factors and include additional factors as many times as you want. However, if your role mandates that MFA is required for you to log into one of our products, make sure you always have at least one enabled.

Make a request via IRIS Support to have your MFA factors reset.