Create an Identity Provider Policy in your Identity Domain

Identity Domain or IDCS?

There are two ways to complete this setup. It depends on what your screen looks like when you start the process. Most of you will be using an Identity Domain in Oracle Cloud (this article), while others will use IDCS.

If your Identity Domain screen looks different you may be using the Redwood preview look and feel. You can switch this off at the bottom right of the screen.

How to use this guide

1. You should have read the steps to enable Single Sign-On (SSO) for either the paying or non-paying organization and configured your Identity Domain.
2. Once Oracle confirms the Lobby is configured to use your Identity Domain, you can then complete the steps below to create an Identity Provider Policy. 
3. Follow the remaining steps for either the paying or non-paying organization.

Create an Identity Provider Policy

Note: Only complete this step after you have provided the ID for your Identity Domain to Oracle and we confirm the Lobby is configured to use your Identity Domain.

1. Choose Security > IdP Policies in the menu to access the Identity Provider Policies.
2. Click Create IdP policy to create a new Identity Provider Policy. 

3. Enter a policy name such as “[company name] policy” and then click Add policy.

4. Then choose Add IdP rule.
5. Give the rule a name, select the Identity Provider you created and then click Add IdP rule.
   
   Note: Make sure you only add your SSO identity provider to ensure your users are directed to your company's SSO login page. If you have created external users in your organization, you can also add the provider named Username-Password. This allows all users in your organization (including external users) to choose if they want to use their username and password or SSO to access Aconex.

6. Click Next to move to the next step.
7. Choose Add app to indicate that you want this IDP Policy to apply to users accessing the Lobby.
8. Search for each of the following apps and click Add app.
   Note: The apps you need to add depend on which Aconex instance you are using. 
   
   For all instances except AU2, add the following apps:
   
   • Lobby-US-IAD_cegbu_lobby_wtss
   • Oracle SCP Aconex Mobile to Aconex integration_client
   • Oracle SCP Outlook to Aconex integration_client
   • Oracle SCP Aconex Sales Automation to Aconex integration_client
   • Oracle SCP Aconex Archives to Aconex integration_client
   • Oracle SCP Navisworks to Aconex integration_client
   • Oracle SCP Revit to Aconex integration_client
   • Oracle SCP Primavera Cloud to Aconex integration_client (Only available to your organization if you have access to Primavera Cloud)
   
   For the AU2 instance, add the following apps instead of the above:
   • Oracle_CE_Lobby_AU2_WTSS
   • Oracle SCP Aconex Mobile to Aconex integration_client
   • Oracle SCP Outlook to Aconex integration_client
   • Oracle SCP Aconex Archives to Aconex integration_client
   • Oracle SCP Navisworks to Aconex integration_client
   • Oracle SCP Revit to Aconex integration_client
9. Once all the above listed apps are added you can continue to the next step.

10. Click Close to complete the setup of the Identity Provider Policy.
11. The Identity Provider Policy is now created. Your users will be automatically redirected to your chosen identity provider when they sign in to the Lobby or Aconex. Note: They will need to click the change email address icon on the sign in screen. They need to re-enter their email address and click Sign In. This ensures they will be taken to your organization's Single Sign-On screen.
12. Complete the remaining steps to enable Single Sign-On (SSO) for either the paying or non-paying organization.