NiCE CXone Login Process

This page is for any NiCE CXone user. Information for administrators is clearly identified.

The NiCE CXone login process is how the system verifies that you are a valid user of the platform.  Authentication uses credentials such as a user name and password.

There are two ways you can log in to gain access to NiCE CXone.

  • You can log in on the NiCE CXone global authentication page with a user name and password. If the system is configured for multi-factor authentication, you may also be required to enter an MFA token. Additionally, your system may be configured to only allow logins from specific locations, such as when logged in to your office network or VPN.

  • You can log in through an external identity provider (IdP) such as Entra ID (Azure), Auth0, Active Directory Federation Services (ADFS), Okta, and Ping.

For security purposes, when you activate your account as a new user, you must log in to access NiCE CXone after your account is activated.

If you are unable to log in, your employee profile may be locked or deactivated.  If it is locked, you can unlock it or an administrator can do it. If it is deactivated, an administrator must be reactivate it so you can log in.

Single Sign-On and Single Sign-Out

Single sign-on (SSO) allows seamless access across supported applications after logging in. Single sign-out means that you are logged out of all applications in the system when you log out of one of them.

NiCE CXone may have partial SSO support across some applications. This means that you may occasionally be required to reauthenticate depending on the application you're accessing.

NiCE CXone does not support single sign-out. This allows you to log out of one application and stay logged in to another application. For example, you can log out of the platform but stay logged in to an agent application. If you want to log out of all applications, you must log out of each one separately.

SSO Example

For example, if your organization uses Okta as the identity provider (IdP), you log in to Okta, such as by using the Okta dashboard. Then you launch NiCE CXone and are automatically logged into the platform without having to enter additional credentials. After launching NiCE CXone, you can launch other platform applications, such as Agent Workspace (Agent) or Admin.

The this example, Okta handles the authentication. NiCE CXone trusts the authentication that Okta provides. Your user session remains active across NiCE CXone applications as long as the Okta session is valid. SSO sessions are terminated in two scenarios: 

  • Security control: The Okta or NiCE CXone session expire based on configured session policies, such as a certain amount of time passing.

  • User action: If you log out of Okta or NiCE CXone, your SSO session ends.

Applications that Launch Other Applications

You can launch other applications from within the NiCE CXone platform. For example:

  • You can launch applications such as MAX, Supervisor Workspace (Supervisor), Agent Workspace (Agent) from the NiCE CXone platform.

  • You can open a WFO tab in MAX or Salesforce Agent, which launches an embedded view of NiCE CXone.

These cases cannot use the SSO functionality provided by the authentication system. This is because NiCE CXone doesn't ensure consistency of user between the SSO system and a running application. Instead, the new application inherits the login information of the application that is launching it. For example, when you launch the NiCE CXone suite and then launch MAX. MAX doesn't need to go to the SSO system to determine the current user. That information can be passed directly to it by NiCE CXone. The same applies to the WFO tab inside MAX. In any case where the application is launching another application, it passes user information along which ensures consistency.

Jay Gatsby launches NiCE CXone and logs in. He then launches MAX, which is automatically logged in as Jay Gatsby. Back in NiCE CXone, Jay logs out and back in as Nick Carraway. Now there is one window (MAX) logged in as Jay Gatsby and another window (NiCE CXone) logged in as Nick Carraway. Jay then uses MAX to expand the WFO tab. If that tab used SSO information, it would show information for Nick Carraway, which would be problematic. Instead, MAX passes its log in information for Jay Gatsby to the WFO application. In this way, consistency is assured with the benefit of not having to log in again.

Browser Requirements Associated with SSO

Most NiCE CXone applications are web-based and must operate within the constraints of different browsers. They must meet user-expected behavior that is common for web applications. The supported web browsers for NiCE CXone is described on the Platform Requirements page.

Federated Identity Management

The concept of Federated Identity Management (FIM) overlaps with Single Sign-On (SSO). FIM is a set of technologies that can provide SSO. For example, many websites allow you to sign up for an account using an account from a different site such as Facebook or Google. In this case, the website is using FIM and gets SSO for free. If you are logged in to Facebook already, then you might be prompted to allow the new website to integrate. After that integration, you are not asked to log in to Facebook each time you access that website.

Multi-Factor Authentication

Multi-factor authentication (MFA) is an authentication technology that requires users to provide other credentials in addition to a user name and password to verify their identity. A common method of MFA is requiring users to enter a one-time code obtained from an authenticator app, email, or SMS message. Another common method is biometric verification, such as fingerprints or facial recognition.

Administrators can configureNiCE CXone to require MFA. The only supported MFA method is entering a one-time code from an authenticator app.

General NiCE CXone Login Process

If your administrator has instructed you to log in through a different system, IdP, or process, follow those steps. If you're required to enter a one-time MFA code to log in, follow the steps for MFA login. Otherwise, follow these steps to log in to NiCE CXone.

  1. In your browser, enter the login URL for the NiCE CXone application you're trying to access into your browser. You are redirected to the global authentication page. If you have an active authentication session from a previous login, the platform loads without requiring you to enter your credentials.

  2. Enter your NiCE CXone user name in the Username field and click NEXT. By default, your username matches the email listed on your account. An administrator can change your username to something other than your email, but it must still be in an email format.

  3. Enter your Password and click Sign In. One of the following happens: 

    • If your username and password are valid, the system grants you access to the application.

      If you enter an invalid password or username, you are prompted to enter your password again. To reenter your username, click Back.

    • If you have entered too many wrong passwords, you are locked out of your account for 30 minutes. Your administrator configures the number of password attempts the system allows.

  4. If you've forgotten your password, click Forgot your password?. You will receive an email with a link to reset your password. Your new password must meet the password policy your administrator has configured for you.

MFA Login Process

If NiCE CXone requires you to enter a one-time code when you log in, follow these steps. MFA token is another name for the one-time MFA code.

The platform login page showing the MFA Token field.

  1. Enter the URL for the NiCE CXone application you're trying to access into your browser. You are redirected to the global authentication page.

  2. Enter your NiCE CXoneUsername and click NEXT. By default, your username matches the email listed on your account. An administrator can change your username to something other than your email, but it must still be in an email format.

  3. Enter your Password and MFA Token, then click Sign In. One of the following happens: 

    • If your username and password are valid, the system grants you access to the application.

    • If you enter invalid credentials, you are prompted to enter the information again. To reenter your username, click Back.

    • If you have entered too many wrong passwords, you are locked out of your account for 30 minutes. Your administrator configures the number of password attempts the system allows.

  4. If you enter a valid username, password, and token, the system grants you access to the application. If you enter invalid credentials, the system prompts you to reenter your password and MFA token. To reenter your username, click Back.

  5. If you've forgotten your password, click Forgot your password?. You will receive an email with a link to reset your password. Your new password must meet the password requirements set in your assigned login authenticator. If you have questions about the requirements for your organization, contact your NiCE CXone administrator.

Login When Multi-Region Business Continuity Plan (Business Continuity Plan) is Enabled

Multi-Region Business Continuity Plan (Business Continuity Plan) (Multi-Region BCP) provides a secondary NiCE CXone system that can be used in the event of any disruption to the primary system's ability to run. This includes outages, planned maintenance, or regional failures.

When Multi-Region BCP is enabled, you are automatically redirected to the secondary system without disruption. The login process is unaffected unless you have more than one account in the system. If you have multiple accounts, the system prompts you to choose the account you want to use to log in. A separate URL is not required to log in to the Multi-Region BCP system.

Account Lockouts

NiCE CXone locks users out for two reasons:

  • Periods of inactivity: The number of days of inactivity is determined by an administrator. It can be anywhere between 7 and 90 days. The default is 90 days.
  • Failed login attempts: The number of allowed login attempts is determined by an administrator when they create the password policy. A warning appears when you have two login attempts left before you're locked out.

You can unlock your accounts by changing your password with the Forgot Password link.

Irene Adler is attempting to log in to Sherlock Holmes' account in NiCE CXone. After she enters his password incorrectly three times, a warning appears above the login window stating she has two login attempts left before she will be locked out. She enters two more incorrect passwords and is locked out of NiCE CXone for 30 minutes. After the 30 minutes are up, Irene enters another incorrect password. She is now locked out of NiCE CXone for an hour and is unable to steal Holmes' information.