Login authenticators (password policies) establish the parameters and rules for passwords that your users can create to access Tenant Management (TM). In addition to the default login authenticator, you can create custom login authenticators for your organization (tenant) and apply them to different user roles.
The default login authenticator for CXone requires that passwords:
- Have a minimum of six characters
- Include at least one lowercase letter
- Include at least one uppercase letter
- Include at least one number
Under the default login authenticator, special characters may be used in a password but aren't required.
Key Facts About Login Authenticators
- Every tenant must have a login authenticator. If you don't use a custom login authenticator, the default login authenticator automatically applies.
- When the login authenticator is modified, changes become effective as soon as they're saved. Users who are logged in at the time of the change are not affected but are redirected to change their password upon their next login if their password doesn't meet the requirements of the new login authenticator.
For custom login authenticators, you can specify the number of days the password is valid. After the specified number of days, users in the relevant role are prompted to change their passwords.
For custom login authenticators, you can specify the number of previous passwords that users in the relevant role can't reuse.
If a user enters the wrong password six times, the account is locked out for 30 minutes. As an administrator, however, you can unlock such a user's account sooner than 30 minutes.
If a user forgets the password, the user can request a password reset link to be sent by email.
Configure a Login Authenticator
Click Login Authenticator > New Login Authenticator.
Enter the Name, Description , and other details of the login authenticator.Learn more about the fields in this step
Select the checkboxes for the Password Complexity parameters you want to apply. You can choose one or all of the following:
- Require Lower Case (a-z)
- Require Upper Case (A-Z)
- Require Numeric (0-9)
- Require Non-Alphanumeric (!, @, #, etc.)
Require Multi-Factor Authentication
You can select the Require Multi-Factor Authentication checkbox. For more information, see Multi-Factor Authentication in Tenant Management.
Minimum Password Length Select the minimum numbers of characters needed using the Minimum Password Length drop-down. The minimum value is 6 and the maximum value is 20. Enable Password Age Select the checkbox and select the number of days a password is valid in the Enable Password Age drop-down. The minimum value is 10 and the maximum value is 365.
Enable Password History
Select the checkbox and then select the number of previous passwords that are disallowed using the Enable Password History drop-down. The minimum value is 1 and the maximum value is 50.
- Click the Assigned Roles tab and then click Add Roles.
- Click roles in the list to move them to the Selected section. If you don't see the roles you need, use the search feature at the top of the Add Roles table. To select all roles, click Select All.
- When you're finished adding roles to the login authenticator, click Confirm.
- Click Save & Activate.
After you have configured a login authenticator for a role, the password field displays the configured login authenticator rules when a user tries to set or change a password:
As the user types in the password, CXone evaluates it based on the login authenticator rules and color-codes the rules in real time. Login authenticator rules that the password meets appear in green and are marked with a checkmark, while login authenticator rules that are not met appear in red and are marked with an X.