Identity Domain Overview

An identity domain is a construct for managing users and roles, integration standards, external identities, secure application integration through Oracle Single Sign-On (SSO) configuration and OAuth administration. OAuth is an authorization protocol — or in other words, a set of rules — that allows a third-party website or application to access a user's data without the user needing to share login credentials. In short, an identity domain controls the authentication and authorization of the users who can sign in to a service in Oracle Cloud, and what features they can access in relation to the service.

An Oracle Cloud service account is a unique customer account that can have multiple cloud services of different service types. For example, you could have three different cloud services, such as Java Cloud Service, Database Cloud Service, and Infrastructure as a Service (IaaS) as part of a single Oracle Cloud service account.

Every Oracle Cloud service belongs to an identity domain. Multiple services can be associated with a single identity domain to share user definitions and authentication. Users in an identity domain can be granted different levels of access to each service associated with the domain.

When a customer first signs up for an Oracle Cloud service account, the following tasks are performed:
  • Oracle Cloud creates an identity domain specific to that customer.
  • As part of the service account setup process, Oracle sends an identifier (the identity domain string) in the onboarding email.
  • The customer creates an account and specifies an account name.
  • Oracle creates the identity domain using the customer-specified account name.
  • When the customer log in to an Oracle Cloud service through the service account, the identity domain controls the user authentication (all users are authenticated before accessing an application in Oracle Cloud) and controls what features of the service they can access.

Note:

The term Tenant is a synonym for identity domain. Oracle Cloud is a multitenant system, and each customer is a tenant in that system, much like the tenants of a building. So, an identity domain represents a slice of SIM, provisioned for a cloud tenant.