About Primary and Secondary Service Instances

Customers want to have separate Oracle Identity Cloud Service service instances to use with their cloud services and applications.

Multiple service instances can be used to match development and production environment segregation requirements or because you want to isolate your employees access from your customers.

Each Oracle Identity Cloud Service instance is completely different and isolated from other service instances. They have different users, groups, applications, and can have different identity and security requirements. Using separate service instances can help you maintain the isolation of administrative controls over each of them.

When multiple instances are utilized, you have a primary service instance and one or more secondary service instances. For example, a primary instance comes with your Oracle Cloud account and from within this instance console, the cloud account administrator can create one or more additional (secondary) service instances.

To create secondary service instances, you need to sign in as the cloud account administrator of a primary service instance or as the user specified during a primary service instance creation. Only this administrator can create secondary service instances and specify the identity domain administrators for them.

During the creation of a secondary service instance, you provide administrator credentials. This administrator becomes the identity domain administrator of the secondary service instance and has superuser privileges within the instance. Although the identity domain administrator of a secondary instance may have the same user name as a user in the primary instance, they are different users who might have different privileges in each instance, and will have separate passwords.

Regarding secondary instances, there are no new administrator or user processes to learn. The process to perform any administrative or user task in a secondary instance is identical to the process for performing it in the primary instance.

Important: The identity domain administrator of a secondary instance can't create secondary instances of Oracle Identity Cloud Service from their instance. The Instance Management feature is only available for the primary Oracle Identity Cloud Service instance within a cloud region.