[OCI] How to create new Identity Domain in Oracle Cloud Infrastructure (OCI)?

on

 

Oracle Cloud Infrastructure Identity and Access Management (IAM) provides identity and access management features such as authentication, single sign-on (SSO), and identity lifecycle management for Oracle Cloud as well as Oracle and non-Oracle applications, whether SaaS, cloud-hosted, or on-premises. Employees, business partners, and customers can access applications at any time, from anywhere, and on any device in a secure manner.

 

An Identity Domain is a component of IAM and it's a container for managing users and roles, federating and provisioning of users, secure application integration through Oracle Single Sign-On (SSO) configuration, and OAuth administration. It represents a user population in Oracle Cloud Infrastructure and its associated configurations and security settings (such as MFA).

 

In this post we will see how to create a new Identity Domain:

 

  • Open https://cloud.oracle.com and provide Cloud Account Name and click Next Button. Cloud Account Name is also known as Tenancy Name.


  • When you sign up for Oracle Cloud, Identity Domain with name Default will be created. Since, this tenancy does not have any other Identity Domain, so Default Identity Domain Default will be selected automatically. Now you will have to use your User Name and Password to sign in.

  • After successful login you will be navigated to the Oracle Cloud Console

 

 

  • To create new identity domain, Open Navigation Menu and select Identity & Security and then click Domains




  • You will be navigated to Domains screen. Each tenancy comes with root compartment with same name as Tenancy Name. Like in our case is singhgurpreet and Default identity domain is present in root compartment. So, select your root compartment to view the Default identity domain.




  • Default domain will be listed which shows Domain Type, Status, total number of Users and total number of groups.








    User:     An individual employee or system that needs to manage or use your company's Oracle Cloud Infrastructure resources.

    Group: A collection of users who share a similar set of access privileges. Administrators can grant access policies that authorize a group to consume or manage resources within a tenancy. All users in a group inherit the same set of privileges.

    Types of Identity Domains

  • Free identity domains: Each OCI tenancy includes a free tier default OCI IAM identity domain for managing access to OCI resources (network, compute, storage, etc.) If you're only looking to manage access to OCI resources, you can use the included default domain. It provides a robust set of IAM functionality for managing access to Oracle Cloud resources. Depending on the security model and team, customers may choose to reserve this domain for OCI Administrators.
  • Oracle Apps identity domains: Numerous Oracle Cloud applications (HCM, CRM, ERP, industry apps, etc.) may include use of OCI IAM via an Oracle Apps domain. These domains are included for use with subscribed Oracle applications and provide robust IAM functionality for managing access to Oracle Cloud and SaaS services. Customers may choose to add all employees to this domain to enable SSO to an Oracle Cloud application service, and may use this domain to manage access to some or all of their OCI resources.
  • Oracle Apps Premium identity domains: If you want to extend an Oracle Apps domain with full enterprise features to manage access for Oracle applications that may not be SaaS-delivered (e.g., Oracle E-Business Suite or Oracle Databases, whether on-premises or hosted in OCI), Oracle Apps Premium domains offer the full set of OCI IAM features and capabilities for use with Oracle targets that may be deployed across hybrid cloud environments. This is a low-cost service that is full featured but is limited to use with Oracle targets.
  • External identity domains: External identity domains offer a full set of OCI IAM features and capabilities for nonemployees such as consumers accessing a retail site, governments enabling access for citizens, or businesses allowing access to business partners. There are no restrictions on which applications can be targeted. However, certain enterprise features which are generally not useful in nonemployee scenarios, such as the App Gateway and Provisioning Bridge, are not included. External domains include support for social logon, self-registration, terms-of-use consent, and profile/password management.
  • Premium identity domains: Premium identity domains offer the full set of OCI IAM features and capabilities with no restrictions on which applications can be targeted. Premium domains can be used as an enterprise IAM service managing employee or workforce access across cloud and on-premises applications enabling secure authentication, easy management of entitlements, and seamless SSO for end users.



  • Click on Create Domain button to create new domain




  • Provide Display Name, Description and select the domain type as Free. Description for each domain type will also be provided.



  • You can also add domain administrator for this new domain by providing the details at same screen. After providing these details click on Create Domain button.



  • Domain will be start creating and you can check the status on Domains screen






  •  Once done DemoDomain will be listed with 1 user (this is same administrator user which we mentioned while creating the domain) and 2 groups




  •  Click on Users link and Groups link in which total number is mentioned to open Users and Groups screen

     On clicking users link you will be navigated to Users screen. To create new user in this Identity Domain click on the Create User button





     On clicking groups link you will be navigated to Groups screen. To create new group in this Identity Domain click on the Create Group button





    Click on group name to view users assigned





    Since, currently there is only one user which we mentioned while creating domain so this page lists only that user. In case you have others users in this Identity Domain all those users will be listed here.

  •  Click on Overview to view details about the Identity Domain





  • Now sign out and try to login again and you will now get option to select the Identity Domain






    Source: https://docs.oracle.com/

Comments

Post a Comment

All Categories

Account Hierarchy1 Accounting Flexfields1 AP Invoices3 API2 ASCII1 Autonomous Database1 BIP7 BIP Refresh Time1 BIP Report1 Business Unit1
Call Fusion BIP Report2 Change Password1 Code Combinations2 Compute Instance2 CTE1 Customer1 Data Aggregation2 Database5 Date Conversion1 DB Adapter2 Decryption1 Development1 EBS4 Encryption1 ESS Jobs3 Examine1 FBDI3 Fusion APIs1 Fusion BIP7 GIT2 GL3 GL Journals1 GL_DAILY_CONVERSION_TYPES1 GL_DAILY_RATES1 ICS1 Identity Domain1 Integrations1 Java1 Journal Import1 Keys1 Legal Entity1 LookupTypeLOV1 LOV1 LOVs1 MultiPartAPIs1 Networking1 NVL2 NVL in OIC2 OCI11 OCI Billing1 OCI Compute5 OCI Cost Management1 OCI Events Service1 OCI Free Tier3 OCI Notifification Service1 OCI Security3 OIC4 OIC Mapper2 Oracle26 Oracle ADF17 Oracle APEX1 Oracle Apps59 Oracle Apps R126 Oracle ATP1 Oracle BIP8 Oracle Cloud12 Oracle Cloud Free Tier1 Oracle cloud Infrastructure9 Oracle Cloud Security2 Oracle Cloud VM1 Oracle DB4 oracle ebs5 Oracle ERP4 Oracle ERP Adapter2 Oracle ERP Cloud7 Oracle financials2 Oracle Forms1 Oracle Fusion57 Oracle Fusion BIP4 Oracle Fusion ERP17 Oracle Fusion Financials18 Oracle Integration Cloud3 Oracle OAF17 Oracle OCI14 Oracle OIC22 Oracle SOA 12c10 Oracle SQL17 Oracle VBCS1 Oracle VBS2 Oracle Visual Builder Cloud Service1 Oracle Visual Builder Studio2 Oracle Workflow Notifications1 Others10 Payables2 Payables Import1 Properties1 R121 Register BIP as ESS Job1 Reset Password1 Responsibility1 REST4 Security List1 Site Map1 SOAP2 SOAP API2 SOAP UI3 SQL16 SQL Functions3 SQL Queries14 SQL Query8 SQL Tips3 SSH1 TCA1 Value Sets1 VBCS1 Virtual Machine2 Virtual Machines1 XML1 XSLT1
Show more