# Logging in to the web interface This page provides a step-by-step guide on how to access the Nexthink web interface with your: * Corporate [single sign-on](/platform/user-guide/administration/account-management/single-sign-on.md) (SSO) if your administrator has enabled the Security Assertion Markup Language (SAML) authentication or Windows for users. * Nexthink account if an external authentication mechanism is not available. ## Prerequisites You must have a Nexthink account to access the web interface. ## Log in with corporate SSO 1. Open your web browser. 2. In the address bar, type the Nexthink instance Fully Qualified Domain Name (FQDN), as follows: * `..nexthink.cloud` * `.data..nexthink.cloud`\ FQDN description: * `` - Name of the Nexthink instance * `` - Name of the instance localization: * `us` - United States * `eu` - European Union * `pac` - Asia-Pacific region * `meta` - Middle East, Turkey, and Africa * **Example:**\ `https://kanopy.eu.nexthink.cloud` 3. The web interface redirects you to your corporate SSO login page. ## Log in with local Nexthink account {% hint style="info" %} Nexthink is progressively deploying Multi-factor authentication (MFA) for local Nexthink accounts. MFA may not yet be available on your tenant. {% endhint %}

1. Access the standard local login page using the FQDN including `/login` at the end, as follows: * `..nexthink.cloud/`\ FQDN description: * `` - Name of the Nexthink instance * `` - Name of the localization of the instance: * `us` - United States * `eu` - European Union * `pac` - Asia-Pacific region * `meta` - Middle East, Turkey, and Africa * **Example:**\ `https://kanopy.eu.nexthink.cloud/login` 2. Enter the following in the relevant fields: * Username * Password * MFA code 3. Optionally, check **Remember this device** to automatically log in next time. 4. Select **Sign in**. ### Multi-factor authentication overview Multi-factor authentication (MFA) adds an extra layer of security to your Nexthink tenant by requiring local users to provide multiple forms of identification before granting access. MFA includes the following components: * Something the user knows, such as a password. * A Time-Based One-Time Password (TOTP) that is generated by an application, such as Google Authenticator, Microsoft Authenticator, Authy, Duo, 1Password, or Bitwarden. The user must use both components during the login process. Enable MFA to significantly enhance protection against unauthorized access, data breaches and identity theft. Use MFA to reduce the risk of credential theft, phishing attacks, and brute force attacks, safeguarding user accounts and sensitive information on your platform. Overall, MFA is a crucial security feature that reinforces the integrity of your Nexthink tenant and ensures a safer user experience. If multiple employees need access to the admin (backup) account, Nexthink recommends either creating separate local backup admin accounts for each administrator or keeping a single shared account protected by a credential management solution that allows secure sharing of MFA secrets (such as 1Password or Bitwarden). {% hint style="info" %} When selecting “Remember this device”, the system creates a device cookie. As long as the device cookie remains valid, users will not be prompted for MFA again, unless additional risk factors apply. {% endhint %} ### Use MFA for local accounts If MFA is enabled for local accounts on your tenant, you may also have to perform one of the following procedures. #### MFA is not set up for the currently active account 1. Install an authenticator application on your mobile device or on a computer that supports TOTPs, for example, Google Authenticator, Microsoft Authenticator, 1Password and so on. 2. Select **Multi-factor authentication (MFA)**.

3. Scan the QR code with your authenticator application.

4. Enter the code provided by your authenticator application.

5. Select **Continue**. 6. Select **Finish** when the code is validated and the setup is complete. #### MFA is already set up for the currently active account 1. Enter the code provided by your authenticator application. 2. Select **Sign in**. ### Configure MFA #### Authenticator application is still available Perform the following steps to reconfigure MFA when you still have access to the old authenticator application. For example, to transfer MFA from an existing mobile device to a new one. 1. Access the standard local login page using the FQDN as follows:\ `..nexthink.cloud` 2. Enter your username and select **Continue**. 3. Enter your password and select **Continue**. 4. Select **Sign in**. 5. Enter the code provided by your original authenticator application. 6. Select **Verify**. 7. Go to the **My Account** page. 8. Select **Reset multi-factor authentication (MFA)**. 9. Select **Yes**. 10. Select **Sign out** from the **My Account** menu. 11. Enter your username and select **Continue**. 12. Enter your password and select **Continue**. 13. Scan the QRCode with your authenticator application. 14. Enter the code provided by your authenticator application and select **Continue**. #### Authenticator application is unavailable If you need to reconfigure MFA but do not have access to the mobile device, for example, the mobile device is lost, contact your Nexthink Administrator to request an MFA reset. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.nexthink.com/platform/getting-started/logging-in-to-the-web-interface.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.