Oracle Cloud Infrastructure Documentation

Adding Groups and Users for Tenancies Federated with Oracle Identity Cloud Service

This topic describes how to add groups and users for Oracle Cloud Infrastructure through the Oracle Identity Cloud Service.

When your tenancy is federated with Oracle Identity Cloud Service, you must perform administrative tasks for your users and groups in both Oracle Identity Cloud Service and Oracle Cloud Infrastructure.

In Oracle Identity Cloud Service you create the groups and users that you want to have access to Oracle Cloud Infrastructure.

In Oracle Cloud Infrastructure, you create policies to grant members of the groups access to the Oracle Cloud Infrastructure resources. Additionally, you manage specific Oracle Cloud Infrastructure user capabilities for federated users.

Each group you create in Oracle Identity Cloud Service must be mapped to a group in Oracle Cloud Infrastructure. Before you set up any new groups in Oracle Identity Cloud Service, ensure that you understand how to assign permissions to groups in Oracle Cloud Infrastructure. See Overview of Oracle Cloud Infrastructure Identity and Access Management.

Managing Groups: Overview

In Oracle Identity Cloud Service you create groups to correspond to the permissions a group of users will need. You can then create users and add them to the appropriate groups.

To give these groups access to Oracle Cloud Infrastructure, you create a group in the Oracle Cloud Infrastructure IAM service and write policy to define the permissions for the group.

You then map the group in Oracle Identity Cloud Service to the group in Oracle Cloud Infrastructure.

Adding Groups in Oracle Identity Cloud Service: Procedure

The following figure illustrates the task flow for adding a new group:

This image is a visual representation of the steps to add groups.

Tasks to Perform in the Identity Cloud Service Console

Add a new group in Oracle Identity Cloud Service

Tasks to Perform in the Oracle Cloud Infrastructure Console

Add a New Group in the Oracle Cloud Infrastructure Console
Map the IDCS Group to the OCI Group
Create a Policy to Grant the Group Permissions on OCI Resources

Adding Users

After you add a user in Oracle Identity Cloud Service, a user is also automatically provisioned in Oracle Cloud Infrastructure. This provisioned user can have the Oracle Cloud Infrastructure credentials. To understand this provisioning, see User Provisioning with Oracle Identity Cloud Service.

To add a user in Oracle Identity Cloud Service:

  1. Sign in to the Oracle Identity Cloud Service console through My Services.
  2. Click Users and then click Add.
  3. Enter the user’s information and click Next.

  4. In the Assign User to Groups step, select the check boxes for the groups you want to add the user to.

    Important

    For the user to have permissions in Oracle Cloud Infrastructure, you must assign the user to a group that is mapped to an Oracle Cloud Infrastructure group. Or, if you are also creating a new group, you can perform this mapping later. The user will not be able to sign in to the Console until the mapping is accomplished.

    Tip

    The OCI_Administrators group is set up by Oracle and configured with Administrator permissions in Oracle Cloud Infrastructure. To give a user administrator permissions, assign them to the OCI_Administrators group.

  5. Click Finish.

The user creation process generates an email that is sent to the address provided in the user setup. The email includes the new user's login and password to use with the Oracle Cloud Infrastructure Console.

To add API keys, auth tokens, customer secret keys, or SMTP credentials for this user, see Managing User Capabilities for Federated Users.