BACK TO CLOUD BASICS : IAM WITH IDENTITY DOMAINS

17 Apr BACK TO CLOUD BASICS : IAM WITH IDENTITY DOMAINS

Posted at 13:10h in Posts in English by
0 Likes

In this next installment of the Back To Cloud Basics series, I will show how to do the same exercise as my previous post via GUI with Identity Domains

The first thing we will do is create a compartment.

  1. Click on the hamburger menu, and click Identity & Security.
  2. Under Identity, click Compartments and click Create Compartment called reneaceiamblog
    1. I will do this under the root compartment.

Unlike my previous post, I will now create an Identity Domain in the reneaceiamblog compartment.

  1. Open the navigation menu and click Identity & Security.
  2. Click Domains, click Policies.
  3. Under List Scope, ensure that you are in the correct compartment, in my case, reneaceiamblog
  4. Click Create Domain.

There are four types (Free, Oracle Apps Premium ,Premium and External User) of domains, which you can see in this link which best suit your needs. In this exercise, I chose free. I also created the domain administrator, this can be different from the tenancy administrator. I created a domain called reneacedomain.

Now I will be creating a user in our in our domain. The name for the user must be unique across all users in your domain and cannot be changed.

  1. Click the hamburger menu and click Identity & Security.
  2. Under Identity, click Domains. and click on the domain where you will be creating the user, in this example it will be under reneacedomain.
  3. Under the Identity domain resources on the left, click Users
  4. Click Create user

Once the user is created, I will create the group to where this user will be assigned to, which I will call ocibasics.

  1. Click the hamburger menu and click Identity & Security.
  2. Under Identity, click Domains. Click reneacedomain to open the identity domain.
  3. Under the Identity domain resources on the left, click Groups
  4. Click Create group

As the last step, I will now create a policy for the group ocibasics to be able to manage all resources in the reneaceiamblog compartment. The name you assign to the policy during creation. The name must be unique across all policies in the tenancy and cannot be changed. 

  1. Click the hamburger menu and click Identity & Security. Under Identity, click Policies.
  2. Under List Scope, ensure that you are in your root compartment.
  3. Click Create Policy.
  4. The policy will be the following :
    Allow group ocibasics to manage all-resources in compartment reneaceiamblog

 I will use the same sentence as my previous post, I will hope that you follow the CIS OCI Foundations Benchmark, and create the compartments and groups below, you can have all these 4 compartments in an enclosing compartment, so this can be per application or line of business, 

Hope this blog post helps you get started with IAM in OCI and I will see you in my next post of this starting series.

Tags:
,
Rene Antunez
[email protected]
No Comments

Sorry, the comment form is closed at this time.