Oracle Cloud Infrastructure (OCI) provides a set of services for managing identity and access in the cloud. The Identity and Access Management (IAM) service in OCI is key to securing your cloud resources. Within IAM, the term “identity domain” can refer to the overarching framework for managing users, groups, and their respective permissions within your OCI environment.

Here are some core components associated with OCI Identity Domains:

Users

• Users: Represents an individual or system that interacts with OCI resources.

Groups

• Groups: Collections of users that share similar access permissions.

Policies

• Policies: Documents that define who can do what with which resources. You assign policies to groups or users to grant them particular permissions.

Dynamic Groups

• Dynamic Groups: Similar to groups, but membership is determined by matching rules rather than being statically defined.

Compartments

• Compartments: Used to isolate and organize resources within an OCI tenancy for the purposes of access control.

Federations

• Federations: Allows for integration with external identity providers such as Active Directory.

API Signing Keys

• API Signing Keys: Key pairs used to sign API requests for authentication.

Authentication Tokens

• Authentication Tokens: Tokens used to authenticate against OCI services that do not support API key-based authentication, like Object Storage.

OAuth Tokens

• OAuth Tokens: Tokens that grant permission for third-party services to interact with OCI resources on a user’s behalf.

Secret Keys

• Secret Keys: Used for programmatic access to OCI services.

Customer Managed Policies

• Customer Managed Policies: Custom policies created by the user to meet specific needs not covered by built-in policies.