Replicating an Identity Domain to Multiple Regions

You can replicate an identity domain in IAM to additional regions to enable users in that domain to interact with OCI resources in those regions.

Replication is always enabled for the Default identity domain. The Default identity domain always replicates to all regions to which the tenant is subscribed. When an administrator subscribes to another region, the Default identity domain automatically replicates to that region. Additional identity domains are created in a home region that's specified at creation time. They don't replicate to other regions unless replication is specifically enabled.

You should enable replication if users in an identity domain need to interact with OCI resources in regions beyond that domain's home region. For example, if the domain was created with Germany Central (Frankfurt) as its home region, replication to France Central (Paris) lets users in the domain interact with OCI resources in Frankfurt or Paris, but not US East (Ashburn), even if the tenancy is subscribed to that region.

Note

Enabling or disabling replication doesn't affect disaster recovery.

Before you begin: Ensure that the tenancy is subscribed to the regions to which you want to replicate the identity domain. For more information about the home regions and the basics of managing your region subscriptions, see Managing Regions.

  • Ensure that the tenancy is subscribed to the regions to which you want to replicate the identity domain. For more information about the home regions and the basics of managing your region subscriptions, see Managing Regions.
    1. Open the navigation menu and click Identity & Security. Under Identity, click Domains.
    2. Click the name of the identity domain you want to deactivate. You might need to change the compartment to find the domain that you want.
    3. Click More actions, and then select Manage regions.
      The Manage regions window displays a list of regions that the tenancy is subscribed to.
    4. For the region you want to replicate to, click Enable replication.
    5. Confirm the replication.
  • Use the oci iam domain enable-replication-to-region command and required parameters to replicate an identity domain to multiple regions:

    oci iam domain enable-replication-to-region --domain-id domain_ocid [OPTIONS]

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the EnableReplicationToRegion operation to replicate an identity domain to multiple regions.