Skip to content

Oracle Cloud Identity Domain – Concepts

Identity domain is synonymous to  tenant concept in Oracle Cloud. Oracle Cloud is a multitenant system, and each client is a tenant in the big Oracle Cloud system. It is just like the tenants of a building. So, an identity domain represents a slice of the Oracle Cloud, provisioned for a cloud tenant according to Client’s demand.

An Oracle Cloud service account is a unique customer account that can have multiple cloud services of different service types. Also an account can contain multiple Identity Domains, and each Identity Domain can contain multiple Database Cloud Services.  For example, you could have three different cloud services, such as Java Cloud Service, Database Cloud Service, and Infrastructure as a Service (IaaS) as part of a single Oracle Cloud service account.

Although an account can have one or more Identity Domains, but each Domain is separate and distinct.   Users in an identity domain can be granted different levels of access to each service associated with the domain.

 

 

An identity domain is specific to the customer. Customer can add users to the identity domain with different kind of roles attached to the users. The identity domain controls the user authentication to Oracle Cloud and controls what features of the service they can access.

When you login to Oracle Cloud, first thing that you need to enter is the identity domain

 

 

When we took the trial version of Oracle Cloud, we were granted an “Identity Domain Administrator”‘ predefined role when our identity domain was set up. There were many more roles given to our userid  like “Account administrator”, “Service administrator”, “Customer service representative administrator”.

 

 

Remember that “Identity (ID) domain administrator” is the super administrator for the Oracle Cloud Services. Identity Domain Administrators can use the Cloud Identity Manager to access all users defined within their Identity Domain and their roles. Service Administrators only get access to the users defined for their Service, and users of a service can only use the Cloud Identity Manager to modify their own user profile and reset their account password.

We can create additional identity domain administrators by following simple navigation. Additional identity domain administrators for a service are useful and act as backup administrators when a designated domain administrator is not available or has quit the company. You can also promote an existing user as “Identity Domain Administrator”‘. The role can be given for one selected services, multiple services or for complete identity domain.

 

Brijesh Gogia
Leave a Reply