Creating an Identity Domain

To create an identity domain, administrators only need to know which identity domain type they want to create, in which compartment to create it, and the new identity domain administrator’s sign-in credentials, if needed. The domain types you’re allowed to create are based on your subscription. The user interface guides you through the identity domain creation process.

The default groups created in a new identity domain are All Domain Users, and Domain Administrators. During identity domain creation, if you choose to create an administrative user for the identity domain, that administrator is placed in the Domain Administrators group. The Domain Administrators group may not be deleted and there must be at least one user in the group. Unlike the Default identity domain, administrators can hide any identity domain they create from the sign-in page.

When creating additional domains, the selected region in the Console becomes the additional identity domain's home region. For example, if the selected region in the Console is Germany Central (Frankfurt) and you create an additional domain, the additional domain is created in the Frankfurt region as the home region.

    1. Open the navigation menu and click Identity & Security. Under Identity, click Domains.
    2. Click Create domain.
    3. On the Create domain page, enter the following:
      • Display name: Give the identity domain a name. Use only letters, numerals, hyphens, periods, or underscores. The name can contain up to 100 characters.

        Choose your Display name carefully. Changing the identity domain Display name has consequences, for example, bookmarked URLs need updated to use the new Display name.
      • Description Enter a description.
      • Domain type: Choose from one of the available Domain types. For information to help you decide which domain type is appropriate for what you want to do, see IAM Identity Domain Types.
      • Domain administrator: If you want to use your administrative user account for this identity domain, then uncheck Create an administrative user for this account. Otherwise, enter the details of the user you want to administer this identity domain.

        Granting a user or a group the identity domain administrator role in the default domain is equivalent to granting them full administrator permissions for the tenancy. This behavior applies to the default domain only. Granting users or groups the identity domain administrator role for domains other than the default domain, grants them full administrator permissions to only that domain. At least one administrator for the identity domain must be granted the identity domain administrator role directly. This is in addition to any identity domain administrator roles granted by group membership.
        See Understanding Administrator Roles for a more information about administrator roles.
      • Optionally, choose a different compartment. See Managing Compartments
      • To add tagging, click Show Advanced Options and enter the tagging details.
    4. Click Create Domain.
    Ensure that the identity domain status is Creating.
  • Use the oci iam domain create command and required parameters to create an identity domain:

     oci iam domain create --compartment-id compartment_ocid --description description --display-name display_name --home-region home_region --license-type license_type [OPTIONS]

    For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

  • Run the CreateDomain operation to create an identity domain.