Before jumping into the topic, let me take you to three questions which generally comes into my mind.
1. Is IDCS user and local users are same
2. Is OCI and IDCS same
3. What exactly is IDCS
OCI is Oracle Cloud infrastructure and it's cloud computing solutions same as MS azure or amazon AWS, but offered by Oracle and it's providing various services such as servers, storage, network, applications and services through a global network of Oracle Corporation managed by different data center around the world.
IAM refer to Identity and Access Management this is services allow you to control who can access to cloud resource and even control what type of access they have, and to which specific resource, there is different Components of IAM such as resource, user, group and more you can check Oracle documentation that provide also examples here
IDCS refer to Oracle Identity Cloud Service and it's consider as Identity-as-a-Service (IDaaS) solution, Oracle Identity Cloud Service provides identity management, single-sign-on (SSO) and identity governance for applications on-premise, in the cloud and mobile applications . Oracle IDCS integrates directly with existing directories and identity management system, making it easier for users to access applications. Providing a platform that is robust and secure, allows users to access, develop and deploy their applications.
For details, you can refer the Oracle docs:-https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/overview.htm
Now coming back to the actual demonstration, on how we can create local users and IDCS users and then how we can restrict users to particular resources. I have created the following resources
Compartment TEST
Group TEST_GROUP
A policy TEST_POLICY
Now in the identity federation menu option, create a local user and assign it to the group created above.
Once the user is created, an auto generated mail will be sent and user will be able to reset the password. As there is a policy assigned to this group, user will only be able to create the resources under compartment TEST.
Now coming to IDCS users.
Click on
federation>and then click on the identity provider
Create IDCS
group
Created the TEST group. Now i will create the IDCS users using the option
once the users are created, assign it to the newly created group TEST.
Now we will make the mapping of OCI group and IDCS user group and thus policy attached to the OCI group will also be applicable to IDCS group
Click on group mapping
Note: When we create an IDCS user, it is always advisable to have the local IAM user created also. In cases where if IDCS doesn't work, then atleast users will be able to login via local IAM credentials.
