Manage users in your organization who will not use SSO

Option 1

Find out if the user has a separately registered Aconex organization. Raise a service request and ask Oracle to change the user's home organization to the separately registered Aconex organization.

You'll need to provide:

• The user's email address (that they use to access Aconex).
• The Aconex Organization ID of the organization that the user needs to be moved to. 

Note: The user doesn't necessarily need an account in the separate organization, but it's important that their home organization is set correctly to ensure they use the appropriate login flow.

Option 2

Configure your Identity Provider Policy rule to support both Username-Passsword and SSO at login. This allows all users in your organization (including external users) to choose if they want to use their username and password or SSO to access Aconex.

Option 3

Register a separate Aconex organization to manage the home organization for your non-SSO users.

Note: The organization will not have any user accounts (except for the Org Admins). The new organization is created to manage the login process for your non-SSO users. The person who registers the new organization should be an Org Admin from the main organization. This ensures they have permission to change the home organization.

1. Register the new organization and give it a meaningful name. For example Majestic Builders for External Use
2. By registering a new organization, you'll be the Org Admin for it. Link this new Aconex account to your Lobby account.
3. In the Lobby Organization menu, you'll now see your main organization and the one you just registered for external use.
4. Find the users who will not use SSO and change their home organization to the new external organization.
5. When they next login they should be asked to enter their username and password, instead of being taken through your organization's SSO login flow.
6. Invite the new Org Admin account to at least one project, otherwise it will be identified as an inactive organization to be removed.

Frequently Asked Questions

How do I create a Lobby account for non-SSO users?

1. Open the batch onboarding tool and select the non-SSO users.
2. Select the option Users will sign in through their corporate network (SSO). Note: While these users won't use SSO, you must select this option so they don't get an email telling them to set a password. We'll need them to set a password after changing their home organization.

3. Once created, select the new lobby accounts and click Change Home Organization. 
4. Select the correct external home organization for these users.
5. Check the box to Send users an email to set password when identity domain changes. 

6. The user(s) will receive an email and must click Set Password.

7. After setting their password, when they next login, these users will need to click the change email address icon on the sign in screen. Alternatively they can use this link. They need to re-enter their email address and click Sign In. This ensures they will be taken to the correct login flow.

Do I need to create new Aconex accounts in the new external organization?
No, only Org Admin users need to be created so they have access to set the home organization.

Do I need to send documents to the new accounts for the non-SSO users?
No. Your existing processes in Aconex will stay the same. The external organization will not have any user accounts (except for the Org Admins). The new organization is only created to set the home organization and ensure the non-SSO users are logging into Aconex with their username and password and not SSO.