How authentication in Calabrio WFM works
Users of Calabrio WFM are authenticated through either identity authentication or application authentication. Choose to make one of the options available to the users or make both options available for the users to select which one to use when they log in.
With identity authentication, the user can log in by reusing a previous third-party authentication, for example Windows authentication or Okta or with a login set up within Calabrio ONE. With third-party authentication, the users don’t have to enter their credentials to log in to Calabrio WFM. The identity logon must always be unique for each user.
Calabrio WFM is switching to a new Identity & Access Management (IAM) solution. This requires a working email address to be entered as the user ID in the Logon field. Therefore, we ask all cloud customers to change the current username to a user email address for all active users (including agents) currently in Calabrio WFM. See communication from Calabrio for more details on how this is done.
As an on premise customer, you can use for example Windows authentication as your identity authentication. Enter each user’s Windows domain and username in the People tool in WFM. When the user logs in, WFM compares the Windows credentials that are stored for the current user on the local PC with the Windows credentials defined for the user.
Application authentication is when the user enters a logon and password when they access Calabrio WFM. The application logon and password are defined for the user in Calabrio WFM.
The logon can be defined in either the People module in the Windows client or the People tool on web. The password is defined in the People module in the Windows client. When the user logs in, the credentials they enter are compared with the application logon defined for the user.
The application logon must be unique for each user. The password must follow the defined password policy, if there is one.
Users who have logged in using application authentication can change their password themselves. Users who have forgotten their password can click the Forgot your password? link on the login page, enter their username and click send. An email with instructions on how to reset the password is sent to the user. The user’s email address must be defined in Calabrio WFM for the password reset to work.
Session timeout for Calabrio Teleopti WFM
Users are automatically logged out when they have been inactive for a certain time. When that time is exceeded, they are prompted to log in again. This is called session timeout. The duration of the session timeout depends on how the user logged in.
- Application logon without Remember me selected—30 minutes
- Application logon with Remember me selected—30 days
- Third-party logon (for example Windows, Okta or ADFS)—30 days
NOTE The session timeout values above are only valid for Calabrio Teleopti WFM and they are the default values. If needed, a maximum session timeout can be defined. If a maximum session timeout is defined, the users are logged out after the defined time, regardless of if they are active or not.