Bchex uses an OAuth-based authentication system called ChexAuth to manage user logins for Aegis.

OAuth (Open Authorization) is a modern authentication standard that allows users to securely access applications without needing to store or repeatedly enter passwords. Instead of relying on traditional passwords, OAuth verifies your identity through secure tokens and authentication methods such as magic links or one-time verification codes.

Why OAuth is Used

Using OAuth provides several security and usability benefits:

• Improved Security – Passwords are not stored or transmitted during login.

• One-Time Verification Codes – Each login uses a temporary authentication code.

• Protection Against Credential Theft – Reduces risk from phishing or password reuse.

• Simplified Login Management – Allows you to securely access multiple accounts using one verified email.

For these reasons, OAuth authentication is considered a preferred and more secure login method for modern applications.

Navigate to Aegis

To access your account, go to https://aegis.bib.com. You can also visit our homepage at www.bib.com and click Login in the upper-right corner to be redirected to the Aegis login page.  Enter your Email Address and click "Authenticate" to get started.

ChexAuth Verification

After clicking Authenticate, the page will redirect to the ChexAuth verification screen, where you will complete authentication:

You will receive an email from: noreply@auth.chexauth.com

The email will include two login options:

• Magic Link

• Verification Code

Signing In

You may choose either option:

Option 1 — Magic Link

• Click Sign in with Magic Link in the email.
• A new browser window will open and continue the login process automatically.
• ⚠ Important:  The Magic Link must be opened in the same browser where the login process was started. If the link opens in a different default browser, authentication may fail.

Option 2 — Verification Code

Alternatively, copy the verification code from the email and paste it into the ChexAuth authentication page.

First-Time Login: Linking Your Account

If this is your first time logging in, you will be asked to link your OAuth email to your existing Aegis user account.

You will need to enter: Your User ID Your Email Address

If the information matches an existing account, the account will be successfully linked!

Linking Additional Accounts

If you have access to multiple accounts, they can all be linked to the same ChexAuth email.

To link another account: Click Link New Account Enter the User ID and Email Address associated with the account Click Link You may skip this step and link additional accounts later if needed.

If the email and User ID match an account, the new account will appear in the account list:

Choosing a Default Account

Once accounts are linked, you can select which account will be your Default Account.

The Default Account is the account that will open automatically when you log in.

To set your default: Select the preferred account Check the option: "Don't show this page again – Always log in with my default account" This allows you to skip the account selection screen during future logins. You can change this setting later if needed.

OAuth Session Duration

Once you successfully log in using ChexAuth, your authenticated session will remain active for 24 hours.

During this time, you will not need to log in again as long as:

• You continue using the same browser, and

• Your browser cookies and cache are not cleared.
  

If you clear your browser data, switch browsers, or the 24-hour session expires, you will be prompted to authenticate again using the ChexAuth verification process.

This session window helps balance security and convenience, allowing users to work in Aegis without repeatedly signing in while still ensuring regular authentication.

You can also end your OAuth session at any time by choosing the Log Out option from the menu.

Managing Linked Accounts

After logging in, you can manage linked accounts by selecting Switch Account from the user menu.

To access this option: Click your name in the upper-right corner Select Switch Account

From here you can:

• Link additional accounts

• Remove linked accounts

• Change your default account

Email Domain Restrictions (Optional)

Administrators may configure Email Domain Restrictions to control which email domains can be used with ChexAuth logins.

To configure this setting:

1. Enter the allowed email domains

2. Place one domain per line

Only email addresses from the listed domains will be able to link to accounts within your organization.

This helps organizations ensure users log in with approved company email addresses.

Trouble Logging In?

If you’re having trouble logging in, uur Client Services team is happy to help:

• clientservices@bchex.io
• 704-439-3900

How to Get a User ID

• If you need login credentials, please contact your organization’s administrator.
• An administrative user can request credentials on your behalf by emailing clientservices@bchex.io or by adding a new user through Aegis.  See this guide for more details.
• If you’re unsure who your administrator is, reach out to a member of your organization for assistance.