OCI — Creating a new User
Oracle Cloud Infrastructure is a Generation 2 cloud, built and designed with Enterprises and their vast security requirements in mind. OCI offers a vast amount of services in both IaaS, PaaS and SaaS. Oracle Identity Management or IAM is a big component of Security which, understandably can get confusing. So to clarify between different types of users I decided to write a short blog post.
When you first create your account, you will have only one user with root admin permissions. This means that you have control over whole account and access to everything. This user should be used to manage other Users, Groups and Policies. When you create a user you have two options, to create a Local User or a Federated user. The basic difference between them is that the Federated user has access to PaaS services and Security features in IDCS (Identity Cloud Service) and the Local user only has access to OCI IaaS services. This does not mean you cannot create user access to a PaaS service and grant a user explicit permission, however it means that you won’t be able to spin up a PaaS service like Oracle Blockchain Cloud Service or Oracle Management Cloud etc.
Local User
So how do we get started? Well first you need to have access to an Oracle Cloud Infrastructure account. If you don’t have one yet, grab a free 30 day trial by clicking here. Once you are logged in to your cloud console as the root admin, use the following actions:
1) Click Menu
2) Scroll Down to Identity under Governance and Administration Tab
3) Click Users
4) Click Create User
5) Follow on-screen instructions and fill out Name, Description and Email and click Create
This user will not be in any group by default so now you need to go to Groups and add the user to any group you may wish. I will go into more detail about creating groups and restricting permissions in another blogpost. For now lets just add the user to an Admin group:
1) Click Menu
2) Navigate to Identity
3) Click Groups
4) Click the desired group name
5) Click Add User to Group
6) Select your new user and click Add
Federated User
With this we have created a local user with Administrator access to OCI IaaS Services (with DB services included which technically are PaaS). But what if you want to create a user with more privileges? Well we need to create a federated user. The process is quite simple alike the one above with a slight difference. Follow the steps below:
1) Click Menu
2) Navigate to Identity under Governance and Administration
3) Click Federation
4) Click on OracleIdentityCloudService
5) Click Create User
6) Follow onscreen form
7) Add user to any of the desired groups
8) Send Email or copy the login details and provide it to the new user on the OCI account
Note: Once the user logs in for the first time you will see it Synced in the console
With this you will have created a federated user on the Oracle Cloud Infrastructure. I hope this helps those of you who have struggled with this and please leave a comment and a clap!
*All the views in this post are my own, not that of Oracle*
