Oracle Cloud Infrastructure Identity and Access Management (IAM) provides identity and access management features such as authentication, single sign-on (SSO), and identity lifecycle management for Oracle Cloud as well as Oracle and non-Oracle applications, whether SaaS, cloud-hosted, or on-premises. Employees, business partners, and customers can access applications at any time, from anywhere, and on any device in a secure manner.
An Identity Domain is a component of IAM and it's a container for managing users and roles, federating and provisioning of users, secure application integration through Oracle Single Sign-On (SSO) configuration, and OAuth administration. It represents a user population in Oracle Cloud Infrastructure and its associated configurations and security settings (such as MFA).
In this post we will see how to create a new Identity Domain:
- Open https://cloud.oracle.com and provide Cloud Account Name and click Next Button. Cloud Account Name is also known as Tenancy Name.
- When you sign up for Oracle Cloud, Identity Domain with name Default will be created. Since, this tenancy does not have any other Identity Domain, so Default Identity Domain Default will be selected automatically. Now you will have to use your User Name and Password to sign in.
- After successful login you will be navigated to the Oracle Cloud Console
- To create new identity domain, Open Navigation Menu and select Identity & Security and then click Domains
- You will be navigated to Domains screen. Each tenancy comes with root compartment with same name as Tenancy Name. Like in our case is singhgurpreet and Default identity domain is present in root compartment. So, select your root compartment to view the Default identity domain.
- Default domain will be listed which shows Domain Type, Status, total number of Users and total number of groups.
User: An individual employee or system that needs to manage or use your company's Oracle Cloud Infrastructure resources.
Group: A collection of users who share a similar set of access privileges. Administrators can grant access policies that authorize a group to consume or manage resources within a tenancy. All users in a group inherit the same set of privileges.
Types of Identity Domains - Free identity domains: Each OCI tenancy includes a free tier default OCI IAM identity domain for managing access to OCI resources (network, compute, storage, etc.) If you're only looking to manage access to OCI resources, you can use the included default domain. It provides a robust set of IAM functionality for managing access to Oracle Cloud resources. Depending on the security model and team, customers may choose to reserve this domain for OCI Administrators.
- Oracle Apps identity domains: Numerous Oracle Cloud applications (HCM, CRM, ERP, industry apps, etc.) may include use of OCI IAM via an Oracle Apps domain. These domains are included for use with subscribed Oracle applications and provide robust IAM functionality for managing access to Oracle Cloud and SaaS services. Customers may choose to add all employees to this domain to enable SSO to an Oracle Cloud application service, and may use this domain to manage access to some or all of their OCI resources.
- Oracle Apps Premium identity domains: If you want to extend an Oracle Apps domain with full enterprise features to manage access for Oracle applications that may not be SaaS-delivered (e.g., Oracle E-Business Suite or Oracle Databases, whether on-premises or hosted in OCI), Oracle Apps Premium domains offer the full set of OCI IAM features and capabilities for use with Oracle targets that may be deployed across hybrid cloud environments. This is a low-cost service that is full featured but is limited to use with Oracle targets.
- External identity domains: External identity domains offer a full set of OCI IAM features and capabilities for nonemployees such as consumers accessing a retail site, governments enabling access for citizens, or businesses allowing access to business partners. There are no restrictions on which applications can be targeted. However, certain enterprise features which are generally not useful in nonemployee scenarios, such as the App Gateway and Provisioning Bridge, are not included. External domains include support for social logon, self-registration, terms-of-use consent, and profile/password management.
- Premium identity domains: Premium identity domains offer the full set of OCI IAM features and capabilities with no restrictions on which applications can be targeted. Premium domains can be used as an enterprise IAM service managing employee or workforce access across cloud and on-premises applications enabling secure authentication, easy management of entitlements, and seamless SSO for end users.
- Click on Create Domain button to create new domain
- Provide Display Name, Description and select the domain type as Free. Description for each domain type will also be provided.
- You can also add domain administrator for this new domain by providing the details at same screen. After providing these details click on Create Domain button.
- Domain will be start creating and you can check the status on Domains screen
- Once done DemoDomain will be listed with 1 user (this is same administrator user which we mentioned while creating the domain) and 2 groups
- Click on Users link and Groups link in which total number is mentioned to open Users and Groups screen
On clicking users link you will be navigated to Users screen. To create new user in this Identity Domain click on the Create User button
On clicking groups link you will be navigated to Groups screen. To create new group in this Identity Domain click on the Create Group button
Click on group name to view users assigned
Since, currently there is only one user which we mentioned while creating domain so this page lists only that user. In case you have others users in this Identity Domain all those users will be listed here. - Click on Overview to view details about the Identity Domain
- Now sign out and try to login again and you will now get option to select the Identity Domain
Source: https://docs.oracle.com/
Comments
Post a Comment