Understand Groups

As an identity domain administrator or user administrator, you use Oracle Identity Cloud Service groups to manage the accounts of users to whom you want to grant access to Oracle applications or application roles.

In Oracle Identity Cloud Service, groups are the links between user accounts and applications. They contain privileges that you grant to users. Groups ease the administration of user privileges.

Using groups, you can:
  • Designate the applications and application roles that users can access through the Identity Cloud Service console

  • Assign users to the groups

  • Designate other Oracle Identity Cloud Service administrators to perform actions on groups:

    • Assigning or removing members to or from the current group

    • Modifying other characteristics of the group, such as the group description


The All Tenant Users group is a group that's created by Oracle Identity Cloud Service. All Oracle Identity Cloud Service users are assigned to this group, by default. If you assign this group to any of your applications, then all users are assigned to these applications indirectly.

For a user, the All Tenant Users group doesn't appear in the Groups tab because this group is assigned automatically when a new user is created. Also, because this group is created by Oracle Identity Cloud Service, and not by an administrator, you can't delete this group.