Identity domain Concept in Oracle Cloud

What is identity domain

An identity domain is a construct for managing users and roles, integration standards, external identities, secure application integration through Oracle Single Sign-On (SSO) configuration and OAuth administration. OAuth is an authorization protocol — or in other words, a set of rules — that allows a third-party website or application to access a user’s data without the user needing to share login credentials. In short, an identity domain controls the authentication and authorization of the users who can sign in to a service in Oracle Cloud, and what features they can access in relation to the service.

An Oracle Cloud service account is a unique customer account that can have multiple cloud services of different service types. For example, you could have three different cloud services, such as Java Cloud Service, Database Cloud Service, and Infrastructure as a Service (IaaS) as part of a single Oracle Cloud service account.

Every Oracle Cloud service belongs to an identity domain. Multiple services can be associated with a single identity domain to share user definitions and authentication. Users in an identity domain can be granted different levels of access to each service associated with the domain.

The term Tenant is a synonym for identity domain. Oracle Cloud is a multitenant system, and each customer is a tenant in that system, much like the tenants of a building. So, an identity domain represents a slice of SIM, provisioned for a cloud tenant.

It is required when users login to the cloud service.

Procedure to Login to Cloud server

  1. Go to
  2. Choose the account type and Datacenter on the cloud account page and then press my services

Identity domain

3) Here you need to enter the identity domain

Identity domain

Once you enter the identity domain and press Go, it takes to login page and then you can put your username and password to login to cloud service

Various Roles defined in Oracle Cloud

Account administrator: The account administrator role is at the service instance level. It gives a user several responsibilities to manage one or more Oracle Cloud services. As account administrator, you’re responsible for managing an Oracle Cloud account through the cloud user Interface (UI) and you have business oversight responsibilities over service instances across one or more identity domains. You can nominate service administrators and identity domain administrators for services that you buy. You can view metrics for individual service instances.

An account administrator doesn’t have to be a user in SIM.

Identity domain administrator: As an identity domain administrator, you manage your own users and their roles. Your view is limited to the users and roles in the identity domains that you’ve been assigned to manage. You see all the roles at the domain and service levels. An identity domain administrator is a super administrator for an identity domain and for all the services within the domain. An identity domain administrator can delegate other identity domain administrators as well as manage roles assigned to service administrators. As an identity administrator you perform administrative responsibilities for the whole identity domain.

Service administrator: As a service administrator, your view is limited to the users and roles for the services that you’re assigned to manage. You see the roles only at the service level. In addition, you’re limited to mostly search, view, and read-only functions. For example, you can’t create roles or user accounts, but you can assign an existing role to an existing user account. A service administrator is a super administrator for a given service instance. As a service administrator, you can assign more service administrators to roles as well as manage other roles associated with the service. However, you can’t create users or roles.

Customer service representative administrator: As a customer service representatives administrator, you have administrative responsibilities for operations that perform in deployed cloud services. You’re the equivalent of an identity domain administrator for all of a customer’s identity domain.


Leave a Reply