Manage Authentication Options

Set Up Single Sign On (SSO) for Your CRM Integration

You can set up single sign-on (SSO) with an external identity provider such as Okta, Google, or Azure. Setup requires configuration in both the CXone Console and the external provider. The following instructions provide the necessary information for configuring your external provider and explain setup steps within the CXone Console. For step-by-step instructions to configure the external identity provider, contact your CXone Account Representative or review your external provider's documentation.

  1. Create a SAML application in your identity provider of choice. You likely need administrator permissions or access to an administrator dashboard to do so. Part of the creation process includes generating an XML file which you must upload to the CXone Console.
    To create the SAML application, use the following information for the relevant fields:
    • Single Sign-on URL / ACS URL / Reply URL: https://console-crm.niceincontact.com/corporate-login/callback
    • Audience URL / Entity ID: sso.tenfold.com
    • Name ID Format: EmailAddress or user.mail
    • Attributes: (name/value pairings to maintain consistency between your users' CXone agent account and the identity provider account)
      • firstName, user.firstName
      • lastName, user.lastName
  2. Download the XML metadata from your newly-created SAML application.
  3. In the CXone Console, navigate to the Features tab.
  4. Select Single Sign-on from the features list. If you haven't already, click the red Disabled button to enable single sign-on.
  5. Enter a Domain name that is unique to your organization, such as your organization name.
  6. Click +Upload File and select the metadata XML file you generated and downloaded when creating the SAML application.
  7. Click Save.

Configure OpenID Connect for Your CRM Integration

OpenID Connect allows you to use CXone or Microsoft Active Directory as your authentication identity provider for the agent application.

Set Up OpenID Connect with CXone

Using this method, when agents log in to the agent application, they are redirected to a CXone login page. Contact your CXone Account Representative before performing the following steps, as you must acquire the following information to complete the setup process:

  • Client ID
  • Client Secret
  • Issuer domain for discovery

  1. Navigate to the Features tab of the CXone Console.
  2. Select OpenID Connect in the features list. If you have not already enabled this feature, click the red Disabled button to enable it.
  3. Select OpenID Connect as your Provider Type.
  4. Enter openid as the Scope.
  5. Enter the field values provided by your CXone Account Representative: Client ID, Client Secret, and Issuer domain for discovery. After entering these values, the Authorize Endpoint, Token Endpoint, and JWK Document URLs will auto-fill.
  6. Click Save.
  7. Click the Company Settings tab.
  8. Click Phone System.
  9. Expand the Authentication Type drop-down and select OpenID.
  10. Click Save.

Set Up OpenID Connect with Microsoft Active Directory

  1. Navigate to the Features tab of the CXone Console.
  2. Select OpenID Connect in the features list. If you have not already enabled this feature, click the red Disabled button to enable it.
  3. Select Microsoft AAD as your Provider Type.
  4. Click Save.
  5. Click the Company Settings tab.
  6. Click Phone System.
  7. Expand the Authentication Type drop-down and select OpenID.
  8. Click Save.
  9. Set up Single Sign-On with Microsoft Active Directory as your identity provider.