Create Users and Assign Groups in OCI IAM

8.4 Create Users and Assign Groups in OCI IAM

Create users and groups in OCI IAM and assign users to the appropriate groups.

Group memberships appear in the token's group claim (configured in the previous section), which the Oracle AI Database reads to activate data roles. You can create as many users and groups as your organization requires.

Create groups representing application roles.
1. In your identity domain, click the Groups tab.
2. Click Create group and enter the following details:
  - Name: A name for the group; for example, MANAGER.
  - Description: Enter Managers group with full access.
  Click Create. Repeat this step for each additional group your organization requires (for example, EMPLOYEE).
Create users.
1. In the identity domain, click the User management tab, and go to the Users section.
2. Click Create and enter the following details:
  - In the First name and Last name fields, enter the user's name (for example, Marvin Anderson).
  - In the Username / Email field, enter the user's email address (for example, marvin@<yourdomain>.com).
  Click Create. Repeat this step for each additional user your organization requires.
Assign users to groups.
1. In the Users section, click a user's name, then click the Groups tab.
2. Click Assign user to groups, select the groups to assign, and click Assign user.
  Repeat this step for each user.
Assign users to the application (HCM APP).
1. In your identity domain, click the Integrated applications tab.
2. Click the application (for example, HCM APP).
3. Click the Users tab, and then click Assign users.
4. Select the users who need access. Alternatively, click the Groups tab, assign a group to the application, and then add users to that group.

You have now provisioned users and groups in OCI IAM and assigned them to the application. When these users authenticate and obtain end-user tokens, their group memberships appear in the group claim.