Identity and Access Management in OCI

The OCI IAM allows you to control what type of access a group of users can have  and to which specific resources.

The fundamental IAM building blocks in  OCI are:

Groups: collection of users who all need the same type of access to a particular set of resources or compartment.

Users: individuals  that need to manage or use  Oracle Cloud Infrastructure resources

Compartments: Compartments are logical containers that aim to organize and isolate  cloud resources. A common approach is to create a compartment for each department of a organization or for different Projects. More about how to set up a Tenancy here

Policies: A document that specifies who can access which resources, and how. Access is granted at the group and compartment level, which means you can write a policy that gives a group a specific type of access within a specific compartment, or to the tenancy itself.

-Dynamic Groups: special type of groups that contain resources (such as compute instances) that match rules that you define . These instances act as “principal” actors and can make API calls to services according to policies that you write for the dynamic group.

Take a look here how Policies work and how a typical IAM example scenario looks like.

Oracle Cloud Infrastructure supports federation with Oracle Identity Cloud Service and Microsoft Active Directory (via Active Directory Federation Services (AD FS)), and any identity provider that supports the Security Assertion Markup Language (SAML) 2.0 protocol.

To federate, an administrator has to go  through a short process to set up a relationship between the Identity Provider (IdP) and Oracle Cloud Infrastructure (commonly referred to as a federation trust). After an administrator sets up that relationship, any user who goes to the Oracle Cloud Infrastructure Console is prompted with a “single sign-on” experience provided by the IdP. The user signs in with the login/password that they’ve already set up with the IdP. The IdP authenticates the user, and then that user can access Oracle Cloud Infrastructure.

When working with your IdP, your administrator defines groups and assigns each user to one or more groups according to the type of access the user needs. Oracle Cloud Infrastructure also uses the concept of groups (in conjunction with IAM policies) to define the type of access a user has.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s