Tech Group

A sleek, abstract design representing APIs, cloud, or DevOps

Understanding Identity Domains in Oracle Cloud Infrastructure (OCI)

By Shazia Zahoor

As organizations grow and diversify their cloud footprint, managing users, roles, and access policies becomes increasingly complex. Oracle Cloud Infrastructure (OCI) addresses this challenge with a robust identity model built around identity domains—a foundational concept in OCI’s Identity and Access Management (IAM) service.

This blog explores what identity domains are, why they matter, and the different types available to meet varied enterprise needs.

What is an Identity Domain?

An identity domain in OCI is a logical container that represents a user population, along with the associated configuration, authentication, and security settings. It provides the administrative boundaries for managing:

  • Users
  • Roles
  • Federation
  • Single Sign-On (SSO)
  • Multi-Factor Authentication (MFA)
  • Advanced IAM features

Each OCI tenancy includes a default identity domain created in the root compartment. However, organizations can create additional identity domains to support more granular access and environment separation.

Why Use Multiple Identity Domains?

Creating multiple identity domains is ideal when you want to isolate user groups for different environments or services. For example:

  • One domain for development
  • Another domain for production
  • A separate domain for external contractors or third-party apps

This separation improves security, simplifies management, and helps organizations maintain clear boundaries between use cases and environments.

Types of OCI Identity Domains

OCI provides five types of identity domains, each designed to serve different organizational and application requirements:

1. Free Identity Domain (Default)

  • Automatically provisioned with every OCI tenancy
  • Supports basic IAM functionality for managing access to OCI resources
  • Ideal for standard cloud access control without advanced needs

2. Oracle Apps Identity Domain

  • Designed for organizations using Oracle SaaS, PaaS, or GBU (Global Business Unit) applications
  • Enables seamless user authentication across Oracle Cloud apps
  • Supports single sign-on for Oracle-hosted services

3. Oracle Apps Premium Identity Domain

  • Adds support for hybrid IAM scenarios
  • Integrates with on-premises or OCI-hosted Oracle apps (e.g., Oracle E-Business Suite, PeopleSoft, Oracle Database)
  • Ideal for enterprises looking to extend IAM beyond the cloud

4. Premium Identity Domain

  • Offers the full suite of IAM features
  • Supports all Oracle applications and unlimited third-party integrations
  • Best suited for organizations with complex access control requirements across cloud and external apps

5. External User Identity Domain

  • Tailored for consumer-facing or non-employee use cases
  • Scales to support millions of external users, such as contractors or customers
  • Ideal for public-facing applications and B2C platforms

Summary

OCI identity domains provide a flexible and scalable way to manage identities and access across your Oracle Cloud ecosystem. By leveraging different domain types, organizations can:

  • Enforce environmental separation (e.g., dev vs. prod)
  • Integrate with Oracle SaaS and on-premises apps
  • Enable hybrid IAM scenarios
  • Support external user management at scale

Whether you’re running internal enterprise workloads or external consumer apps, OCI’s identity domain framework ensures you have the tools needed to manage identity and access securely and efficiently.

Ready to get started?
Explore your tenancy’s default identity domain or provision a custom one to tailor your IAM strategy to your organization’s specific needs.