Implementing CXone MAX Custom Workspaces with Embedded CRM Panels
What This Guide Covers
This masterclass details the configuration of NICE CXone MAX (Multi-Channel Agent Experience) custom workspaces to create a “Single Pane of Glass” for agents. You will learn how to embed external web applications (CRMs like Salesforce, Microsoft Dynamics, or custom internal tools) directly into the agent desktop and inject dynamic call variables to drive automated record lookups.
Prerequisites, Roles & Licensing
- Licensing: NICE CXone ACD license with MAX or VMAX.
- Permissions:
Security > Roles > NICE CXone Central > Custom Workspaces > View/EditAdmin > Points of Contact > View/Edit(to configure variable names)
- Technical Requirement: The CRM or web application MUST support being rendered in an
<iframe>and must allow the CXone domain in its Content Security Policy (CSP).
The Implementation Deep-Dive
1. Configuring the Custom Workspace in CXone Central
Custom workspaces allow you to define a persistent side panel or a dynamic tab that appears when an interaction is delivered.
The Implementation:
Navigate to ACD > Screen Pops > Custom Workspaces. Create a new workspace and define the “Base URL.”
The Trap:
Setting a static URL for a CRM panel provides zero technical value to the agent. If the agent has to manually search for the customer after the panel loads, you have failed to utilize the integration.
The Solution: Use Variable Injection. CXone allows you to append interaction variables (like {ANI}, {ContactID}, or {SkillName}) to the URL query string.
Base URL: https://yourcrm.com/search?phone={ANI}&external_id={Custom_GUID}
2. Resolving the “Refused to Connect” (CSP) Error
The most common point of failure when embedding CRMs is the browser blocking the frame for security reasons.
The Architectural Reasoning:
Modern web security prevents “Clickjacking” by using X-Frame-Options: SAMEORIGIN or Content-Security-Policy: frame-ancestors. If your CRM is configured with these headers, it will refuse to load inside the MAX desktop.
The Solution: You must coordinate with your CRM’s security administrator to add the NICE CXone cluster domain to the frame-ancestors allowlist.
- For US-East:
https://*.nice-incontact.com - For Europe:
https://*.niceincontact.com
3. Implementing Dynamic Panel Triggering in Studio
You can control when the workspace appears using the INDICATE or SCREENPOP actions in a CXone Studio script.
The Implementation:
Instead of a global workspace that is always visible, use a Studio script to determine if a customer record exists. If ContactFound == True, trigger the specific workspace ID for that CRM record.
// CXone Studio Snippet
ASSIGN WorkspaceURL = "https://crm.link/record/" + {ExternalID}
INDICATE WorkspaceURL
The Trap:
Triggering a screen pop before the agent leg is fully connected. This causes the agent’s browser to focus on the CRM tab while the voice path is still being established, leading to missed “Hello” greetings.
The Solution: Place the INDICATE or SCREENPOP action immediately after the ONANSWER event in your Studio script to ensure the agent is mentally ready to interact with the data.
Validation, Edge Cases & Troubleshooting
Edge Case 1: The “Mixed Content” White Screen
The Condition: The workspace panel appears but is completely blank or shows a “Not Secure” warning.
The Root Cause: Your CXone environment is HTTPS (secure), but the embedded URL is HTTP (insecure). Modern browsers strictly forbid loading insecure content within a secure frame.
The Solution: Every embedded panel MUST use a valid SSL/TLS certificate and be served over HTTPS. If your internal tool is legacy, you must wrap it in a reverse proxy (like NGINX or AWS CloudFront) to provide an HTTPS endpoint.
Edge Case 2: SSO Session “Looping”
The Condition: The CRM panel constantly asks the agent to log in, even though they are already logged into CXone.
The Root Cause: Third-party cookie blocking. Most browsers (Chrome, Safari) now block cookies from one domain (the CRM) when it is inside a frame of another domain (CXone).
The Solution: Enable SAML SSO for both CXone and the CRM using the same Identity Provider (IdP). Additionally, instruct agents to allow “Cross-site tracking” or add your CRM domain to the “Allow Third-Party Cookies” list in their browser settings.