Oracle Cloud Infrastructure Documentation

Create Additional Identity Domains

Every tenancy comes with a default identity domain. An identity domain is a container for users, groups, and other access-related information. You can work exclusively in the default identity domain or create additional identity domains in Oracle Cloud Infrastructure Identity and Access Management (IAM), as needed, to hold different user populations.

You typically create additional identity domains for compliance reasons, when you want to maintain isolation among users, policies, and roles. For example, you might create multiple identity domains to maintain the following types of isolation:
  • Between geographies, such as one domain for users in India and another domain for users in the United States.
  • Between services, such as one domain for Oracle Integration and another domain for another service.
  • Between instances of a service, such as one domain for each Oracle Integration instance.

For more information about IAM identity domains, see Managing Identity Domains in the Oracle Cloud Infrastructure documentation.

To create an identity domain in IAM, see Creating an Identity Domain in the Oracle Cloud Infrastructure documentation.

Consider creating multiple compartments

The default identity domain is in your tenancy's root (default) compartment. Although you can create additional domains in that compartment or in another compartment, as a best practice, you might want to create each identity domain in a separate compartment. For example:
  • In the root (default) compartment, use the default domain for administrators only.
  • In another compartment (for example, named Dev), create a domain for users and groups in a development environment.
  • In another compartment (for example, named Prod), create a domain for users and groups in a production environment.

To create a compartment, see Create a compartment in the Oracle Cloud Infrastructure documentation.