Creating a security policy for your domain impacts all users who log in to Access Evo with an email address for that domain. If you have users actively logging in to Access Evo already, plan for this as part of your setup, testing, and rollout of the SSO login flow.
📌Note: Your organisation's identity provider must support OpenID Connect and be publicly available via HTTPS.
Before you begin, gather the following information from your identity provider:
Authority URL: The base web address for your authentication server.
⚠️Important: Do not include extra paths such as "/auth" or ".well-know/openid-configuration".
Client ID: Your unique Client ID generated on your identity provider when you register Access Identity as an authorised application.
Register Access Identity as an authorised provider with your identity provider
Before you can configure Access Identity, you need to register Access Identity as an authorised application with your identity provider. This tells your identity provider that Access Identity is an application you trust to connect with.
Contact your IT team to complete this registration. Once complete, they can provide you with the Authority URL and Client ID you need for the Access Identity configuration.
Create your Access Identity account
Your Access Identity account gives you access to the administration panel, where you manage domain verification and security policies. This is separate from your regular PeopleXD access.
⚠️ Important: At least two administrators from your organisation need to complete this process. If you only have one administrator and they leave the organisation or loses account access, you won't be able to manage authentication settings or security policies.
To do this, follow the steps below.
Open the Access Identity link relevant to your hosting location:
UK customer: https://identity.accessacloud.com/
EU customer: https://identity.eu.access-evo.com/
Click Create a new account then enter your work email address.
Complete the reCAPTCHA verification then click Sign up.
Open the verification email then click the link to verify your email address.
Create a password for your account and complete your login.
Create and test your security policy
You can create a security policy and apply it to the domain. This applies the policy to all users with email addresses from that domain.
Sign into your Access Identity account:
UK customer: https://identity.accessacloud.com/
EU customer: https://identity.eu.access-evo.com/
From the menu, click Security Policies then click Add Security Policy.
Enter a name for your policy then enter the owners' email addresses.
Select your verified domain.
In the Federation section, provide the settings that connect Access Identity to your single sign-on provider:
From the Identity provider list, select OpenID Connect.
Enter an Identity provider name. This is for display purposes in Access Identity only.
From the Grant type list, select the method that your OIDC compliant identity provider uses to return information to Access Identity.
If you select Authorisation Code, fill in the Client secret.
Fill in the Authority URL. This is the base web address for your authentication server provided by your identity provider.
Fill in the Client ID. This is your unique Client ID generated on your identity provider when you register Access Identity as an authorised application.
Click Test these settings.
📌Note: If your OIDC identity provider has been correctly configured, you are directed to your provider's sign-in screen.
Set up and verify your domain
Domain verification ensures that only your organisation can create security policies for your email domain.
Add your domain
Sign into your Access Identity account:
UK customer: https://identity.accessacloud.com/
EU customer: https://identity.eu.access-evo.com/
From the menu, click Domains then click Add Domain.
Enter your organisation's domain name. For example, yourcompany.com.
To save changes, click Save.
Add domain owners
We recommend you add at least two domain owners per domain to avoid any risk of losing access to your configuration. This gives them full access to manage a domain.
From the menu, click Domains then click the relevant domain name.
In the Owners field, fill in the relevant email addresses.
Click Save Changes.
Verify your domain
You need to add a Domain Name System (DNS) record to your domain hosting provider or DNS management system to prove you own the domain. Your domain's DNS management system is typically managed by your IT department's DNS management portal, your domain registrar, or your hosting provider.
From the menu, click Domains then copy the verification code.
Open your DNS management system then fill in the TXT record information:
Host: @
Type: TXT
Value: The verification code you copied from Access Identity.
Return to the Domains screen in Access Identity then click Verify Domain.
📌Note: DNS changes can take up to 24 hours to propagate, though they often complete within an hour. You may need to wait before verification succeeds.
Assign the security policy to your domain
Once you have the configuration in place and have confirmed that this works by performing a test, you can add it to your domain. This setting applies to all users who log in with an email address for that domain. Once enabled, this updates their login flow.
🤓Tip: Take care to plan for this and communicate changes to existing users if required.
From the menu, click Domains then In the Verified Domains section, click the relevant name.
Select a Security Policy from the list then select the Enable federation checkbox.
Click Save Changes.
Enable your domain
Once you're ready, you can enable your domain; this applies the configuration to all impacted users.
From the menu, click Domains then In the Verified Domains section, click the relevant name.
Select the Enable checkbox then click Save Changes.
Complete SSO setup
⚠️Important: This step is only required if you are moving from standalone PeopleXD to PeopleXD Evo using Access Identity for the first time.
Let your contact in Access Group know that you are ready to apply changes to your environment. This is as a standard step in a PeopleXD Evo update project and your project team guides you on when this occurs and engages the required team in Access to update your system configuration.