Administer your Identity Domain

The process to create an Identity Domain depends what you want to do with it.  For Aconex organizations, an Identity Domain is required to either configure SSO for your organization , or configure authentication policies (such as password expiry and 2Sv methods) without using SSO. 

As part of the process, you need an Oracle Cloud account. Your organization may already have an Oracle Cloud account and Identity Domain if you use other Oracle products, such as P6, OPC, Unifier, ERP etc. If so, please contact us to discuss your requirements. You may need to follow a different process.

What can I do with an Identity Domain?

Below is a list of resources to help you manage your organization's Identity Domain. These settings apply to all users.

Note: If your screens look different you may be using IDCS which will soon be upgraded to an Identity Domain. Both have the same features. See the difference here.

Single Sign-On 

• Enable Single Sign-On for your organization
• Update your Single Sign-On (SSO) certificate
• Make login with Single Sign-On optional

Two-step verification

• Add/remove two-step verification methods
• Make login with two-step verification optional
• Reset two-step verification for a user. You can do this from the Lobby or from your Identity Domain.

Login and passwords

• Change the password expiry for all users
• Reset a user's password. You can do this from the Lobby or from your Identity Domain.
• Increase or decrease the session timeout
• Add your organizations name to the sign in screen
• Resolve the login error 'A federated user can't perform local authentication'. Follow these steps if a user receives this message when trying to access Aconex or the Lobby.

Email notifications (sent from your Identity Domain)

• Change the contact email address shown on email notifications. This is useful when the person who created your Identity Domain has left the organization.
• Hide the 'Continue to Sign in' Button. We recommend hiding this button, as it directs users to the Identity Domain login screen instead of Aconex/Lobby and forces them to set up two-step verification.
• Configure which email notifications are sent from the Identity Domain. This is done as part of your SSO setup.

Manage your Identity Domain

• Change the name of your Oracle Cloud account. This is useful if you accidently created the account in your own name, instead of your organizations name. Also helpful if you've changed your organization name.
• Change a user's first or last name. This will update their name in the Lobby. Alternatively they can change their Lobby account name themselves.
• Manage admin users who can make changes to your Identity Domain
• Create another Identity Domain. Some organization's need to create a separate Identity Domain to manage a subsidiary or joint venture organization. If you already have an Identity Domain we'll let you know if you need a separate Identity Domain for Aconex.
• Upload a Trusted Issuer Public Certificate for a Non-Interactive Integration (OAuth Client).

Make login with Single Sign-On optional

Configure your Identity Provider Policy rule to support both Username-Passsword and SSO at login. This allows all users in your organization (including external users) to choose if they want to use their username and password or SSO to access Aconex.

Make login with two-step verification optional

You can decide if users are required to setup 2SV on their first login or if it should be optional.

Follow the process of configuring two-step verification methods and under the Enrollment option, choose Required or Optional.

Add your organizations name to the sign in screen

1. Click Branding from the Identity Domain menu.
2. Enter your organizations name in the Company name field.
3. Check the Hide ContinueToSignIn button checkbox. We recommend hiding this button, as it directs users to the Identity Domain login screen instead of Aconex/Lobby and forces them to set up two-step verification.
4. Click Save Changes.

Hide the Continue to Sign in Button

We recommend hiding this button, as it directs users to the Identity Domain login screen instead of Aconex/Lobby and forces them to set up two-step verification.

1. Click Branding from the Identity Domain menu.
2. Check the Hide ContinueToSignIn button checkbox.
3. Click Save Changes..

Resolve the login error 'A federated user can't perform local authentication'

Follow these steps if a user receives this message when trying to access Aconex or the Lobby.

1. Click Users from the Identity Domain menu.
2. Click the user that receives the error.
3. Click Edit user.
4. Disable the Federated option.
5. Click Save changes.