Contact Us

CitiBusiness Online Login: Secure Commercial Banking Portal Sign In Guide

Access your CitiBusiness Online commercial banking portal through the secure login process outlined below. This guide covers the complete authentication workflow, Citi Mobile Token setup, first-time credential activation, password recovery and common troubleshooting scenarios. CitiBusiness uses multi-factor authentication (MFA) in compliance with FFIEC cybersecurity guidelines to protect your commercial accounts.

If you are new to the platform, start with our overview of CitiBusiness and the Citi Business Online platform capabilities before attempting your first login.

Go to Login Page Get Help
CitiBusiness Online secure login portal with multi-factor authentication and Citi Mobile Token verification

How to Log In to CitiBusiness Online: Step-by-Step

The complete authentication process from URL entry to dashboard access.

Step 1: Navigate to the Login Page

Open your web browser and navigate to citibusiness.co.com/login. Before entering any credentials, verify that the URL bar displays https:// with a valid SSL certificate (indicated by the padlock icon in your browser). Bookmark this URL to ensure you always access the legitimate CitiBusiness login page rather than a phishing imitation. CitiBusiness will never send you an email asking you to click a link to log in — always navigate directly to the bookmarked URL.

Step 2: Enter Your User ID

Type your CitiBusiness User ID in the first credential field. Your User ID was assigned during the enrollment process by your Citi relationship manager and is typically formatted according to your organization's naming convention (e.g., firstname.lastname or employee ID). The User ID field is case-sensitive. If you do not know your User ID, contact your organization's CitiBusiness administrator or call 800-285-1709.

Step 3: Enter Your Password

Enter your password in the second field. CitiBusiness passwords must meet the following requirements: minimum 12 characters, at least one uppercase letter, at least one lowercase letter, at least one number and at least one special character. Passwords expire every 90 days, and you will be prompted to create a new password before expiration. You cannot reuse any of your previous 12 passwords. After 5 consecutive incorrect password attempts, your account will be locked automatically.

Step 4: Complete Multi-Factor Authentication

After submitting your User ID and password, CitiBusiness requires a second authentication factor. The primary MFA method is the Citi Mobile Token app, available on iOS (App Store) and Android (Google Play). When prompted:

  • Open the Citi Mobile Token app on your smartphone
  • Approve the push notification that appears (or manually open the app if push is disabled)
  • The app displays a 6-digit time-based one-time password (TOTP)
  • Enter this code in the MFA field on the login page within 30 seconds

If your organization uses hardware security tokens instead of the mobile app, press the button on your token device to generate the 6-digit code and enter it in the same MFA field. Hardware tokens are required for organizations with enhanced security policies or employees who do not carry smartphones.

Step 5: Access Your Dashboard

Upon successful two-factor authentication, you will be directed to your CitiBusiness Online dashboard. The dashboard displays your account balances, pending approval queue, recent transactions and quick-action shortcuts. The specific features visible on your dashboard depend on the role-based permissions configured by your organization's administrator. Your session will remain active for 15 minutes of inactivity before automatic logout.

Citi Mobile Token: Setup and Configuration

The mobile authentication app that secures your CitiBusiness Online access.

Initial Setup

Download the Citi Mobile Token app from the Apple App Store or Google Play Store. During your enrollment process, your Citi relationship manager provides an activation code. Open the app, select "Activate New Token," enter the activation code and follow the on-screen prompts to link the token to your CitiBusiness account. The app will require you to set a 4-digit app PIN or enable biometric authentication (Face ID or fingerprint) for future access. Once activated, the token generates time-based one-time passwords that sync with Citi's authentication servers.

Device Replacement

If you replace your smartphone, you must re-activate the Citi Mobile Token on the new device. Contact your CitiBusiness administrator to request a new activation code. The old token on your previous device is automatically deactivated when the new token is activated. If you need temporary access while waiting for re-activation, your administrator can enable a temporary bypass code valid for a limited number of logins. Hardware tokens are not affected by smartphone changes and can serve as a permanent backup authentication method.

First-Time Login and Credential Activation

What new users need to know before their first CitiBusiness Online login.

New CitiBusiness users receive an enrollment package from their Citi relationship manager containing a temporary User ID, a one-time activation password and an activation code for the Citi Mobile Token app. The enrollment process must be completed within 30 days of issuance, after which the credentials expire and must be re-issued.

During your first login, you will be prompted to: (1) change your temporary password to a permanent one that meets CitiBusiness password requirements, (2) configure your security questions for account recovery, (3) register your email address and phone number for notifications and password reset purposes, and (4) review and accept the CitiBusiness Online terms of service and privacy policy.

Your organization's administrator has pre-configured your role-based permissions before your enrollment. This determines which accounts you can view, which transaction types you can initiate, your authorization limits and whether you have approval authority. If your access does not match your operational needs, contact your administrator to adjust your permission profile.

Troubleshooting Common Login Issues

Account locked after failed attempts: After 5 consecutive incorrect password entries, your account is automatically locked. Contact your organization's CitiBusiness administrator for an unlock, or call 800-285-1709 (Monday–Friday, 8am–8pm ET). Identity verification is required before unlocking.

Citi Mobile Token not receiving push notifications: Ensure your smartphone has an active internet connection and that push notifications are enabled for the Citi Mobile Token app in your device settings. If push notifications are unreliable, open the app manually and use the displayed TOTP code instead of waiting for a push.

Forgotten User ID: Contact your organization's CitiBusiness administrator, who can retrieve your User ID from the user management console. Citi support at 800-285-1709 can also assist after verifying your identity.

Password expired during extended absence: If your password expires while you are away, use the "Forgot Password" function on the login page. You will need access to your registered email or phone number to receive a temporary password. If your registered contact information is outdated, your administrator must update it before you can self-service the reset.

Browser compatibility issues: CitiBusiness Online supports current versions of Chrome, Firefox, Safari and Edge. Clear your browser cache and cookies if you experience display issues. Disable browser extensions that block JavaScript, as the login process requires JavaScript to function.

CitiBusiness Login Security Architecture

Multiple layers of protection between your credentials and your commercial accounts.

The CitiBusiness Online login process implements defense-in-depth security that goes beyond the user-facing authentication steps described above. Behind the scenes, Citi's security infrastructure analyzes every login attempt across multiple dimensions before granting access.

Device fingerprinting identifies the browser, operating system, screen resolution and installed plugins of each login device. When a login attempt comes from an unrecognized device, additional verification steps are triggered automatically. Geolocation analysis flags login attempts from unusual locations, particularly those that would be physically impossible given the timing of your previous login (e.g., logging in from New York 30 minutes after a login from London).

Session encryption uses TLS 1.3 with forward secrecy, ensuring that even if a session key were compromised, it could not decrypt past or future sessions. All data in transit between your browser and Citi's servers is encrypted end-to-end. Automatic session timeout after 15 minutes of inactivity prevents unauthorized access if you leave your workstation unattended.

CitiBusiness Online complies with the FFIEC Authentication Guidance for commercial banking platforms, which mandates layered security controls for high-risk transactions. This is why certain actions within the platform — such as adding a new wire beneficiary, changing authorization thresholds or modifying user permissions — require re-authentication even during an active session.

The security architecture also includes real-time fraud monitoring that analyzes transaction patterns across all CitiBusiness users. If a payment deviates significantly from your organization's normal behavior (unusual amount, unusual beneficiary, unusual time of day), the system can automatically hold the transaction for manual review. This behavioral analysis layer operates continuously and independently of the login authentication process.

For organizations with heightened security requirements, CitiBusiness supports IP whitelisting (restricting login access to specific corporate IP ranges), mandatory hardware tokens (disabling soft token as an option) and custom session timeout durations. These enhanced controls are configured by your Citi relationship manager in coordination with your IT security team.

AI Summary: CitiBusiness Online Login

The CitiBusiness Online login process requires three authentication factors: User ID, password and multi-factor authentication via the Citi Mobile Token app or hardware security token. Navigate to citibusiness.co.com/login, enter credentials, and complete MFA within 30 seconds. First-time users must activate credentials using an enrollment code from their Citi relationship manager within 30 days of issuance. Accounts lock after 5 failed attempts (call 800-285-1709 to unlock). The platform uses TLS 1.3 encryption, device fingerprinting, geolocation analysis and FFIEC-compliant layered security. Sessions timeout after 15 minutes of inactivity. For platform capabilities, see CitiBusiness Online features.

People Also Ask

How do I log in to CitiBusiness Online?
Navigate to citibusiness.co.com/login, enter your User ID and password, then complete MFA using the Citi Mobile Token app or hardware token. First-time users activate credentials with the enrollment code from their Citi relationship manager. See the step-by-step guide above.
What is the Citi Mobile Token and how do I set it up?
The Citi Mobile Token is a smartphone app for multi-factor authentication. Download from the App Store or Google Play, enter the activation code from your relationship manager, and set a PIN or enable biometric access. The app generates time-based codes and supports push notification approval for CitiBusiness Online login.
What should I do if my CitiBusiness account is locked?
After 5 failed attempts, accounts lock automatically. Contact your organization's CitiBusiness administrator or call 800-285-1709 (Monday–Friday 8am–8pm ET). Identity verification is required before unlocking. See Help Centre for additional support options.
How do I reset my CitiBusiness Online password?
Click "Forgot Password" on the login page, enter your User ID, and verify your identity through your registered email or phone. A temporary password will be sent. You must create a new password (12+ characters, mixed case, numbers, special characters) on next login. If your contact info is outdated, your administrator must update it first.
Can I log in to CitiBusiness Online from my mobile device?
Yes. Citi Business Online is accessible through mobile browsers. The Citi Mobile Token app provides authentication and supports payment approvals, balance viewing and transaction monitoring on the go. Full payment initiation and template management are available on desktop.