Target
Customers (system admins) who have been using Access Control since before February 25, 2026
Customers who see a "Unauthenticated Domain" warning message on the User List screen in the Administration.
Description
To enhance security, a new status has been added to HENNGE One services to easily identify users who are using unregistered (unauthenticated) domains.
If this status is displayed, please update to an authenticated domain by the final deadline scheduled in 2028.
New status name: Enabled (Domain Not Authenticated)
Reference: [Access Control] What is an authenticated domain?
Details
To ensure safer use of the Access Control service, a new status is now displayed for users whose login ID uses an unauthenticated domain, and a feature has been added to list these users in the User List.
With this update, the following items have been added to the "Status" column in the User List.
- Existing statuses (no changes)
- "Enabled": The account is active and can log in as usual.
- "Disabled": The account is suspended and cannot log in.
-
Newly added status (this update)
- "Enabled (Domain Not Authenticated)": The account can log in as usual, but the domain used in the login ID is not registered/authenticated with HENNGE, so action is required.
In the future, users using unauthenticated domains will be subject to feature restrictions (see below for details).
If this applies to you, please update to an authenticated domain by the deadline.
Background
Previously, login IDs could be created using any domain, even if it was not registered with HENNGE One. However, to strengthen security and prevent impersonation, it has been decided that login IDs must use authenticated domains. To help admins identify affected users, a warning is displayed in the Administration.
Deadline
Final deadline: During 2028 (planned)
* When a specific deadline is determined, we will notify you again. Please subscribe to "Notice" and "Release Information" to ensure you do not miss any updates.
How to use the Help Center PUSH notification feature
* The deadline may be extended. We are providing ample preparation time for adjustments, but we appreciate your cooperation in starting the process as soon as possible.
Effect if Not Addressed
Restricted Features
If you do not update by the final deadline, actions such as "Admin password reset" and "Editing user information such as family name and given name" will no longer be available for users using unauthenticated domains.
* Restrictions will be lifted immediately once the login ID is changed to an authenticated domain, and user updates will be possible.
* We will provide a detailed notice regarding these restrictions at a later date.
Please subscribe to "Notice" and "Release Information" to ensure you do not miss any updates.
How to use the Help Center PUSH notification feature
Features Not Affected
This specification change does not affect existing SSO (such as SAML).
How to Address
The appropriate action depends on the reason the status is displayed. Please refer to the following article.
[Access Control] How to address unauthenticated domains
If you have any questions, please contact the support desk provided at the time of implementation.
By changing the login ID to an authenticated domain, the reliability of user identity will be improved, and you will be able to use advanced integration features with external services more safely and smoothly in the future.
Thank you for your understanding and cooperation in ensuring secure ID management.
Other Notes
In the future, user creation and editing will be restricted to users whose login ID uses an "authenticated domain" only.
Therefore, in the future, "editing or password reset for users with unauthenticated login IDs may not be possible," so please take the necessary actions.