Back to Cloud Basics: IAM with Identity Domains

By: Gustavo Rene Antunez
Topic: Cloud | Posted: Apr 24, 2023 at 11:00 AM EST
Share on:

In this next installment of the Back To Cloud Basics series, I will show how to do the same exercise as my previous post via GUI with Identity Domains

The first thing we will do is create a compartment

  1. Click on the hamburger menu, and click Identity & Security
  2. Under Identity, click Compartments and click Create Compartment called reneaceiamblog
    1. I will do this under the root compartment

cloud 1

 

Unlike my previous post, I will now create an Identity Domain in the reneaceiamblog compartment.

  1. Open the navigation menu and click Identity & Security
  2. Click Domains, click Policies
  3. Under List Scope, ensure that you are in the correct compartment, in my case, reneaceiamblog
  4. Click Create Domain

There are four types (Free, Oracle Apps Premium, Premium, and External User) of domains, which you can see in this link that best suit your needs. In this exercise, I chose free. I also created the domain administrator, this can be different from the tenancy administrator. I created a domain called reneacedomain

cloud2

cloud3

 

Now I will be creating a user in our domain. The name for the user must be unique across all users in your domain and cannot be changed.

  1. Click the hamburger menu and click Identity & Security
  2. Under Identity, click Domains. and click on the domain where you will be creating the user, in this example, it will be under reneacedomain
  3. Under the Identity domain resources on the left, click Users
  4. Click Create user

cloud4

 

Once the user is created, I will create the group to which this user will be assigned to, which I will call ocibasics

  1. Click the hamburger menu and click Identity & Security
  2. Under Identity, click Domains. Click reneacedomain to open the identity domain
  3. Under the Identity domain resources on the left, click Groups
  4. Click Create Group

cloud5

 

As the last step, I will now create a policy for the group ocibasics to be able to manage all resources in the reneaceiamblog compartment. The name you assign to the policy during creation. The name must be unique across all policies in the tenancy and cannot be changed. 

  1. Click the hamburger menu and click Identity & Security. Under Identity, click Policies.
  2. Under List Scope, ensure that you are in your root compartment
  3. Click Create Policy
  4. The policy will be the following:
    Allow group ocibasics to manage all resources in compartment reneaceiamblog

cloud6

 

 I will use the same sentence as my previous post, I will hope that you follow the CIS OCI Foundations Benchmark, and create the compartments and groups below, you can have all these 4 compartments in an enclosing compartment, so this can be per application or line of business, 

cloud7

 

Hope this blog post helps you get started with IAM in OCI and I will see you in my next post of this starting series.

Share on:

More from this Author

By: Gustavo Rene Antunez
Topic: Cloud | Posted: Mar 06, 2024

OCI, Terraform & IaC: Creating Compartments for CIS Foundation Architecture

In this third blog post series, we will be creating four main compartments Security Compartment Network Compartment App/Dev Compartment Database ... Read More

By: Gustavo Rene Antunez
Topic: Cloud | Posted: Feb 29, 2024

OCI, Terraform & IaC: Creating a Compartment

In my previous post, I talked about the setup of Terraform and a primer on what it is. In this blog post, I will create a simple resource in OCI. One ... Read More

Back to Top