Multi Factor Authentication (MFA) for TRAQS
Multi Factor Authentication (MFA) enhances the security of accounts by adding an additional layer of security beyond the Username and password. MFA is one of the most effective security controls currently available to protect against remote security hacks. Passwords are increasingly easy to compromise and are often stolen, guessed or hacked. MFA helps the account stay secure even if the password is compromised. The second factor of authentication is separate and independent from a Username and password.
FINRA will replace digital certificates with Multi Factor Authentication (MFA) for access to the TRAQS website and will also institute system infrastructure changes for TRAQS and the API reference data software.
Beginning April 19, 2021, all users of the TRAQS website for trade reporting are required to enroll in MFA using their mobile device or landline. At this time, users who download API files will continue to use the NWSF certificate and password to access API reference data.
Users are encouraged to test TRAQS (MFA) and the API (using NWSF certificates) during the following date ranges.
|Start Date||End Date|
|NTF Beta using new infrastructure||11/12/2020||4/16/2021|
|Production using new infrastructure||3/8/2021||4/16/2021|
NOTE: Users will have to enroll in each TRAQS environment (NTF and Production) separately.
Users of the TRAQS website must enroll in one or more additional authentication methods. The available authentication methods include:
- SMS Authentication
- Okta Verify
- Google Authenticator
- Voice Call Authentication
Instructions for enrolling in an additional factor can be found in the Multi Factor Authentication Enrollment Guide.
Click here for the MFA Enrollment Guide
FINRA recommends enrolling in more than one additional authentication method. Enrolling in more than one authentication method allows redundancy in case your mobile device is unavailable. We suggest using your land line phone number or a phone number that differs from your mobile number to enroll in Voice Call Authentication.
NOTE: Beta represents the new platform; NTF only represents the current platform
NOTE: Production (Parallel) represents the new platform; Production represents the current platform
|NTF||MFA Profile: https://mpp-test.nasdaq.com|
|FINRA TRAQS NTF (Beta): https://beta-ntf.finratraqs.org|
|FINRA TRAQS NTF: https://www-ntf.finratraqs.org|
|API Download NTF (Beta): https://download-ntf2.finratraqs.org|
|API Download NTF: https://download-ntf.finratraqs.org|
|Production||MFA Profile: https://mpp.nasdaq.com|
|FINRA TRAQS Production (Parallel): https://beta.finratraqs.org|
|FINRA TRAQS Production: https://finratraqs.org|
|API Download Production (Parallel): download2.finratraqs.org|
|API Download Production: download.finratraqs.org|
|Questions about your account access? Need the MFA Enrollment Email?||FINRA Market Operations
|Having Trouble Enrolling in MFA||FINRA Product Management
|Lost Access to your MFA enrolled Device?||NASDAQ Tech Support
Common Questions About Enrolling in MFA
The following frequently asked questions provide information about using MFA for accessing the TRAQS website via the web.
What is Multi Factor Authentication (MFA) and why is it being used for TRAQS?
Passwords are increasingly easy to compromise. Passwords can often be stolen, guessed or hacked; often without the user knowing. MFA adds a second layer of security by helping the account stay secure even if the password is compromised.
Is enrollment in MFA mandatory?
Yes, users are required to enroll in MFA to access the FINRA TRAQS website for trade reporting. Any user that attempts to login to the TRAQS website without enrolling in MFA will be prompted to enroll in MFA.
My SAA completed an order form to add a TRAQS Username for me, I haven’t received an enrollment email. How do I get a new email?
If you need a new enrollment email please contact FINRA Operations or 1-866-776-0800 option 2.
Why did I receive two MFA enrollment emails from Okta?
Users who have access to both the NTF and production environment will be required to enroll in MFA to access each environment (NTF and Production). If you have access to more than one environment, you will receive a total of two enrollment emails and each enrollment email will represent an environment. Please review the user guide for instructions.
Does the enrollment email expire?
Yes. Users have 30 days from the date it was sent to take action to set up your Okta account for TRAQS Access Username (email address). If your enrollment email expired, please contact FINRA Operations at 1-866-776-0800 option 2 or by email.
Why do I have 2 Okta verify or 2 Google Authentication accounts?
The NTF and production environment for MPP are completely separate. The account mpp-test.nasdaq.com is associated with NTF access. The account mpp.nasdaq.com is associated with production access.
What do I do if I lost my mobile device?
It is strongly recommended that you remove the lost device from your MFA settings. Visit the Okta profile page and login using your credentials. Go to the Account page and edit your profile to remove the authentication method(s) associated with the device. Please see the MFA Enrollment User Guide for instructions.
If your enrolled device is lost and you have not enrolled in any additional methods of authentication using alternative devices, please contact NASDAQ Tech support at 212-231-5180.
How can I edit my personal profile data?
Your profile data can be edited at any time. Please see Section 2 of the MFA enrollment User Guide for instructions. Please note, the personal information section of the Account page cannot be edited. Please have your SAA contact FINRA Operations at 1-866-776-0800 option 2 or by email to update this data.
Can I set up a push notification when using Okta Verify?
Yes, users can select the “send push automatically” at any time after enrolling in Okta verify. Be sure to turn on notifications on your device. Your device will receive a notification asking to approve the login. Once you select approve you will be directed to the TRAQS website as normal.
Why am I also receiving an email for a TRAQS certificate if I have enrolled in MFA?
During the transition period from January until April all users will receive an email for MFA enrollment and a TRAQS NWSF certificate. Users who have access to API will use the NWSF certificate and password to access API files. Only users with API privileges will be able to access the API files using the TRAQS certificate. Please see the API specification document for the product you are accessing for instructions on downloading the API files using the NWSF certificate.
I’ve forgotten my password or entered my authentication method inaccurately several times and locked my account. How can I unlock it?
Your account will automatically unlock after 15 minutes. There are two ways to unlock your account.
- You will receive an email notifying you that your account is locked. Follow the instructions in the email to unlock your account.
- Click the “Need Help signing in” link at the bottom of the TRAQS Sign In screen. Select the “Forgot password” or “Unlock account” option. Enter your email address in the provided box to generate a reset email. Click on the Reset Password or Unlock Account link in the email within the 8-hour expiration and answer your forgotten password questions.
If you do not know the answers to any of your forgotten password options, need assistance with unlocking your account or any other password issues, you may call NASDAQ tech support at 212-231-5180 option 4.
Report Suspicious Activity
To report unrecognized activity from an account activity email notification. Contact FINRA Operations at 1-866-776-0800 option 2 or by email.
Okta Account Token Expiration Error
If your Account Activation Token is no longer valid. Contact FINRA Operations at 1-866-776-0800 option 2 by email.
If you receive the 403 App Not Assigned or 404 Page Not Found errors. Contact NASDAQ tech support at 212-231-5180 option 4.
How do I access the new API?
At this time users will continue to use NWSF certificates to access API. Please use the links outlined above and follow the instructions outlined in the API user guide of the product you are accessing.