Oracle Cloud Infrastructure Documentation

Create Additional Identity Domains and Compartments

Every tenancy comes with a default identity domain and a root (default) compartment. You might need to create additional identity domains to hold different user populations, and you might want to store each identity domain in its own compartment.

Why Create Additional Identity Domains

An identity domain is a container for users, groups, and other access-related information. Although you can work exclusively in the default identity domain, you might need to create additional identity domains for compliance reasons, when you want to maintain isolation among users, policies, and roles. For example, you might create multiple identity domains to maintain the following types of isolation:
  • Between geographies, such as one domain for users in India and another domain for users in the United States.
  • Between services, such as one domain for Oracle Integration and another domain for another service.
  • Between instances of a service, such as one domain for each Oracle Integration instance.

For more information about IAM identity domains, see Managing Identity Domains in the Oracle Cloud Infrastructure documentation.

How to Create an Identity Domain

In the Oracle Cloud Console, on the Domains page, click Create domain. See Creating an Identity Domain in the Oracle Cloud Infrastructure documentation.

Manage Multiple Instances from a Single Domain

When you create an Oracle Integration instance, it's associated with an identity domain. By default, it's associated with the domain you're signed into during creation, and you must sign into that domain to manage the instance. If you have multiple instances associated with different identity domains, you have to sign into each domain separately to manage the instances. To simplify management, choose one domain from which to create and manage your instances. Then, during instance creation, associate each instance with a secondary domain that will be used for user population purposes.

Why Create Additional Compartments

The default identity domain is in your tenancy's root compartment. Although you can create additional domains in that compartment or in another compartment, you might want to create each identity domain in a separate compartment. For example:
  • In the root (default) compartment, use the default domain for administrators only.
  • In another compartment (for example, named Dev), create a domain for users and groups in a development environment.
  • In another compartment (for example, named Prod), create a domain for users and groups in a production environment.

When creating compartments, you should also consider these compartment tips for IAM policies.

For other tenancy best practices, see Learn Best Practices for Setting Up Your Tenancy in the Oracle Cloud Infrastructure documentation.

How to Create a Compartment

In the Oracle Cloud Console, on the Compartments page, click Create Compartment. See Create a compartment in the Oracle Cloud Infrastructure documentation.

You might also want to set quotas on the number of instances that can be created in a compartment. See Set Instance Quotas on Compartments.