Administrator Settings


The tenant provisioning process initially creates a single administrator, known as the tenant administrator. A tenant administrator is authorized to configure realm and tenant settings, and to invite others to become administrators. All administrator identities get the same realm permissions, and these are not configurable.

You can invite, view or edit administrators by opening the account menu in the top right of the Identity Cloud Admin UI, then navigating to Tenant Settings > Admins.

Administrator sign-in

Administrators access their sign-in page using a URL that specifies the realm as a forward slash:

  • https://<tenant-name>

Upon successful authentication, an administrator is automatically switched to the Alpha realm.

Edit your own administrator profile

In the Identity Cloud Admin UI, open the Tenant menu (upper right), then click your username.


On your administrator profile page:

  • To edit your name or email address, click Edit Personal Info.
    Provide information, then click Save.

  • In the Account Security card:

    • To change your username, click Update.

      • Enter your current password, then click Next.

      • Enter your new username, then click Next.
        You’ll receive an email confirming your username has been changed.

    • To change your password, click Reset.

      • Enter your current password, then click Next.

      • Enter your new password, then click Next.
        You’ll receive an email confirming your password has been changed.

  • By default, 2-Step Verification is enabled.
    For more information, see Manage administrator 2-step verification.

Manage administrator 2-step verification

2-Step verification, also known as multifactor authentication (MFA), prevents unauthorized actors from signing in as an administrator by asking for another factor at authentication.

Identity Cloud provides two ways admins can sign in with a second factor:

When you sign in as an administrator for the first time, Identity Cloud offers you choices, and guides you through the device registration process.

During registration, Identity Cloud displays 10 verification codes. Be sure to copy the codes and store them in a secure location.

  • You’ll use the verfication codes as recovery codes if you cannot use your registered device to sign in.

  • You can use each verification code only once. Then, the code expires.

  • If, for some reason, you need to re-register a device, first delete your previously registered device.

Change 2-Step verification options

  1. Open your administrator user profile.
    In the Identity Cloud Admin UI, open the Tenant menu and choose your administrator username.

  2. On your administrator user profile page, find 2-Step Verification and click Change.

    The 2-Step/Push Authentication page lists devices you’ve registered for MFA.

    To delete a device, click its More () menu, and choose Delete.

    • When you delete a device from the list, 2-step or push authentication is disabled. You cannot undo the delete operation.

    • Once you sign out and attempt to sign back in again, you will be asked if you want to set up a second factor.

Invite other administrators

Send invitations to people when you want to authorize them to manage settings for your tenant.

  1. In the Identity Cloud Admin UI (upper right), open the Tenant menu.

  2. Click Invite admins.

  3. In the Invite Admins dialog box, enter a comma-separated list of email addresses for the people you want to authorize.

  4. Click Send Invitations.
    Identity Cloud sends an email to each addressee. The invitation will contain instructions for the addressee to set up their administrator account.

After the invitee completes the instructions in the invitation email, the invitee becomes an administrator.

By default, new administrators are authorized with the same permissions as the tenant administrator.

View the administrators list

From the administrators list you can invite new administrators, view an administrator’s profile, deactivate, or delete an administrator.

  1. In the Identity Cloud Admin UI, click the tenant name to expand the settings menu.

  2. Click Tenant Settings > Admins.

    • To invite a new administrator, click Invite Admins.

    • To deactivate an administrator, click Active, then click Deactivate.
      When you deactivate an administrator, their status changes, but the administrator remains on the administrators list.

    • To view an administrator’s details, click More (). Administrator details are not configurable on this page. You can edit an administrator’s user profile on the Manage Identities page.

    • To delete an admin, click Delete admin.

      When you delete an administrator, their username is removed from the administrators list, and administrator permissions are removed from their user profile. This operation cannot be undone!