The following steps describe how to create groups of users and configure password policies for your domain.

1. In the Oracle Cloud console navigation menu, select Identity & Security, and then under Identity, click Domains.
2. From the list of Domains, select your identity domain.
3. On your domain details page, select User Management, then under Groups, click Create group.
4. Create the following groups to map to GoldenGate roles:
   • GGS_Administrator
   • GGS_Security
   • GGS_Operator
   • GGS_User

   Note
   
   GoldenGate roles are as follows:

   • Administrator: Grants full access to the user, including the ability to alter general, non-security related operational parameters and profiles of the OCI GoldenGate deployment service.
   • Security: Grants administration of security related objects and invoke security related service requests. This role has full privileges.
   • Operator: Allows users to perform only operational actions, such as creating, starting and stopping resources. Operators cannot alter the operational parameters or profiles of the OCI GoldenGate deployment services.
   • User: Allows information-only service requests, which do not alter or effect the operation of either the OCI GoldenGate deployment services.
5. Select the users to add to the group, and then click Create.
   Note
   
   Each group must be assigned at least one user. Learn more about groups.
6. Set the Access signing certificate option.
   1. On the domain details page, select Settings.
   2. For Domain settings - Access signing certificate, select Configure client access to allow clients to access the tenant signing certificate and the SAML metadata without logging in to the identity domain.
   3. Click Save changes.
7. Specify the password policy for your Identity domain:
   1. On the domain details page, select Domain policies.
   2. Under Password policy, click Add.
   3. On the Add password policy page, you can edit the default password policy or add a new one.