Eclipsys Blog

Back to Cloud Basics: IAM with Identity Domains – Eclipsys

Written by Gustavo Rene Antunez | Apr 24, 2023 1:30:00 PM

In this next installment of the Back To Cloud Basics series, I will show how to do the same exercise as my previous post via GUI with Identity Domains

The first thing we will do is create a compartment

  1. Click on the hamburger menu, and click Identity & Security
  2. Under Identity, click Compartments and click Create Compartment called reneaceiamblog
    1. I will do this under the root compartment

 

Unlike my previous post, I will now create an Identity Domain in the reneaceiamblog compartment.

  1. Open the navigation menu and click Identity & Security
  2. Click Domains, click Policies
  3. Under List Scope, ensure that you are in the correct compartment, in my case, reneaceiamblog
  4. Click Create Domain

There are four types (Free, Oracle Apps Premium, Premium, and External User) of domains, which you can see in this link that best suit your needs. In this exercise, I chose free. I also created the domain administrator, which can be different from the tenancy administrator. I created a domain called reneacedomain

 

Now I will be creating a user in our domain. The name for the user must be unique across all users in your domain and cannot be changed.

  1. Click the hamburger menu and click Identity & Security
  2. Under Identity, click Domains. and click on the domain where you will be creating the user, in this example, it will be under reneacedomain
  3. Under the Identity domain resources on the left, click Users
  4. Click Create user

 

Once the user is created, I will create the group to which this user will be assigned, which I will call ocibasics

  1. Click the hamburger menu and click Identity & Security
  2. Under Identity, click Domains. Click reneacedomain to open the identity domain
  3. Under the Identity domain resources on the left, click Groups
  4. Click Create Group

 

As the last step, I will now create a policy for the group ocibasics to be able to manage all resources in the reneaceiamblog compartment. The name you assign to the policy during creation. The name must be unique across all policies in the tenancy and cannot be changed. 

  1. Click the hamburger menu and click Identity & Security. Under Identity, click Policies.
  2. Under List Scope, ensure that you are in your root compartment
  3. Click Create Policy
  4. The policy will be the following:
    Allow group ocibasics to manage all resources in compartment reneaceiamblog

 

 I will use the same sentence as my previous post, I hope that you follow the CIS OCI Foundations Benchmark, and create the compartments and groups below, you can have all these 4 compartments in an enclosing compartment, so this can be per application or line of business, 

 

Hope this blog post helps you get started with IAM in OCI and I will see you in my next post of this starting series.