Gemini Single Sign-On (SSO)

Information, documents, videos and support for this change which is part of XRN5368 – Implementation date 29 May 2022.

Page contents

    Single Sign-On simplifies access to Gemini

    Logging in to Gemini can be complex and this change is designed to simplify this process.

    SSO explained

    Watch this video to learn more about Gemini Single Sign-On.

    Currently, Gemini users follow a complex log in process that involves:

    • logging in twice to both Citrix and the Gemini applications and remembering two sets of credentials

    • using their Information Exchange (IX) Gemini contingency solution (XP1) in the event of an outage 

    • raising tickets to reset their password and unlock their account


    We're simplifying the log in process with the following solutions:

    • Gemini users will need matching Citrix and Gemini IDs for single sign-on functionality to work

    • those who access Gemini through Citrix will experience the single sign-on login process with their existing enabled IDs

    • single sign-on will be available over both online and IX routes through the Gemini Citrix gateway
    • you will need an Android or IOS based phone to support the Google or Microsoft authenticator

    • Gemini will be available online, providing an alternative route to the existing IX link through the Gemini Citrix gateway

    • MFA will simplify access to Gemini and ensure we continue to align to industry security standards

    • Citrix Receiver version 1809 or above will need to be installed on your device to use MFA
    • online self-serve password reset functionality will be introduced for all Gemini Citrix users who opt for MFA

    • Gemini users will be able to reset their passwords independently

    • self-serve password reset functionality will be available for both internet and IX access

    XP1 tokens will no longer be supported

    XP1 tokens are used to access the Gemini System as a contingency method for online screen users.

    At the end of June 2022, we will end the support for existing XP1 tokens. These will be replaced by the introduction of multi-factor authentication (MFA).

    Once the tokens expire, these will not be renewed and Gemini users will be free to dispose of them.

    What you need to do as a Gemini user

    As a Gemini user, the way you log in to Gemini online will change.

    To ensure you don’t experience any issues when we deliver these changes, we want to make you aware of some key aspects and actions that you will need to do:

    • contingency Gemini XP1 tokens will be replaced with multi-factor authentication (MFA)

    • you will need MFA enabled to use the self-serve password reset functionality

    • an Android or IOS based phone is required to support the Google or Microsoft authenticator

    • Citrix Receiver version 1809 or above will need to be installed on your device to use MFA

    As part of these changes, we’ll be mapping existing Citrix IDs against Gemini online IDs.

    Any Gemini online screen users who don’t have a Citrix ID will need to request one as soon as possible, via the Xoserve Service Desk.


    User testing

    User testing took place between 29 February and 25 March and has now finished. 

    Thank you to all those who participated.


    Contact us

    If you have any questions, please get in touch with us by emailing


    Supporting information

    You can access the detailed design of Gemini Single Sign-On in the December Change Pack


    SSO User Guide

    A user guide for accessing Gemini following the implementation of Single Sign-On.