Logging in to the Portal

To log in, use your corporate single sign-on (SSO) if your administrator has enabled either SAML authentication or Windows authentication for users. Otherwise, if plain authentication via Active Directory is available, log in with your Windows credentials. Alternatively, if no external authentication mechanism is available, use the credentials of your own dedicated Nexthink account.

Multi-factor authentication overview

Multi-factor authentication (MFA) adds an extra layer of security to your Nexthink tenant by requiring local users to provide multiple forms of identification before granting access.

MFA includes the following components:

• Something the user knows, such as a password.

• A Time-Based One-Time Password (TOTP) that is generated by an application, such as Google Authenticator or Microsoft Authenticator.

The user must use both components during login.

Enable MFA to significantly enhance protection against unauthorized access, data breaches and identity theft. Use MFA to reduce the risk of credential theft, phishing attacks and brute force attacks, to safeguard user accounts and sensitive information on your platform. Overall, MFA is a crucial security feature that reinforces the integrity of your Nexthink tenant and ensures a safer user experience.

Configure MFA

Authenticator application is still available

Perform the following steps to reconfigure MFA when you still have access to the old authenticator application. For example, to transfer MFA from an existing mobile device to a new one.

1. Access the standard local login page using the FQDN including /login, as follows: ..nexthink.cloud/login

2. Enter your username and password in the relevant fields.

3. Optional step. Select the Remember me checkbox to automatically fill in your username during the next login.

4. Select Sign in.

5. Enter the code provided by your original authenticator application.

6. Select Edit existing MFA setup.

7. Scan the QR code with your new authenticator application.

8. Enter the code provided by your new authenticator application.

9. Select Continue.

10. Select Finish when the code is validated and the setup is complete.

Authenticator application is unavailable

You can reconfigure MFA when you do not have access to the old authenticator application, for example, the mobile device is lost. In this case, contact your Nexthink administrator to run the following script; replace with your actual username, for example, admin:

/var/nexthink/portal/rsquery/resetMFA.py --resetmfa <username>

Login process

1. Open your web browser. A list of all supported browsers is available in the Portal release notes.

2. Type the Portal fully qualified domain name (FQDN) or Internet Protocol address (IP) in the address bar. Example: https://nxportal.nexthink.localhttps://10.10.10.222

3. The Portal will redirect you to the corporate SSO authentication page or directly let you in if you are already authenticated. Access to the standard login page is still possible by adding /login at the end of the address. Examples: https://nxportal.nexthink.local/loginhttps://10.10.10.222/login

4. When no corporate SSO is available, the Portal will load the standard login page. From there you can choose any of the following methods to authenticate:

   • SSO

   Click use corporate single sign-on, to authenticate through SAML (only available if SAML authentication is enabled). If you have not logged in to your corporate SSO yet, the Portal will redirect your web browser to the corporate SSO authentication page.

   • Windows authentication

   Click use Windows authentication, to authenticate with your Windows credentials (only available if Windows authentication is enabled).

   • Local accounts

   Enter your credentials manually:

   1. Type in your user name under Username.

   2. Type in your Password.

   3. Optional: If MFA is enabled on your appliance, enter the code provided by your authenticator application (or configure MFA if not already done).

   4. Optional: Tick the box Remember me for the Portal to automatically fill in the Username field the next time that you log in.

   5. Click Sign in.

The logo and the background used for the login page can be customized.

Error pages

When the Portal is down for maintenance reasons or it is still restarting, a bad gateway error produces the following error page:

If a requested page is not found in the Portal (error 404) or access is forbidden (error 403), the following page is returned in both cases:

RELATED TASKS

• Branding the Portal

• Enabling Windows authentication of users

• Enabling SAML authentication of users

RELATED REFERENCE

• Active Directory authentication