Manage Login Authenticators

Login authenticators (password policies) establish the parameters and rules for passwords that your users can create to access Tenant Management (TM). In addition to the default login authenticator, you can create custom login authenticators for your organization (tenant) and apply them to different user roles.

The default login authenticator for CXone requires that passwords:

  • Have a minimum of six characters
  • Include at least one lowercase letter
  • Include at least one uppercase letter
  • Include at least one number

Under the default login authenticator, special characters may be used in a password but aren't required.

Key Facts About Login Authenticators

  • Every tenant must have a login authenticator. If you don't use a custom login authenticator, the default login authenticator automatically applies.
  • When the login authenticator is modified, changes become effective as soon as they're saved. Users who are logged in at the time of the change are not affected but are redirected to change their password upon their next login if their password doesn't meet the requirements of the new login authenticator.
  • For custom login authenticators, you can specify the number of days the password is valid. After the specified number of days, users in the relevant role are prompted to change their passwords.

  • For custom login authenticators, you can specify the number of previous passwords that users in the relevant role can't reuse.

  • If a user enters the wrong password six times, the account is locked out for 30 minutes. As an administrator, however, you can unlock such a user's account sooner than 30 minutes.

  • If a user forgets the password, the user can request a password reset link to be sent by email.

Configure a Login Authenticator

  1. Click Login Authenticator  > New Login Authenticator.

  2. Enter the Name, Description , and other details of the login authenticator.

  3. Click the Assigned Roles tab and then click Add Roles.
  4. Click roles in the list to move them to the Selected section. If you don't see the roles you need, use the search feature at the top of the Add Roles table. To select all roles, click Select All.
  5. When you're finished adding roles to the login authenticator, click Confirm.
  6. Click Save & Activate.

After you have configured a login authenticator for a role, the password field displays the configured login authenticator rules when a user tries to set or change a password:

As the user types in the password, CXone evaluates it based on the login authenticator rules and color-codes the rules in real time. Login authenticator rules that the password meets appear in green and are marked with a checkmark, while login authenticator rules that are not met appear in red and are marked with an X.