Table: oci_identity_domain - Query OCI Identity Service Groups using SQL
Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) service lets you control who has access to your cloud resources. An identity domain is used to manage users and groups, integration standards, external identities, and secure application integration through Oracle Single Sign-on (SSO) configuration.
Table Usage Guide
The oci_identity_domain table provides insights into the groups within OCI Identity and Access Management (IAM). As a security analyst, you can explore domain-specific details through this table, including the type of domain, license type, replica regions, and other associated metadata. Use it to discover information about domains.
Examples
Basic info
Explore which identity domain have been created in your OCI environment, along with their lifecycle states, to understand their current status and when they were established. This could be useful for auditing purposes or for maintaining an overview of your security settings.
select display_name, id, description, lifecycle_state, time_createdfrom oci_identity_domain;select display_name, id, description, lifecycle_state, time_createdfrom oci_identity_domain;List of Identity Domains that are not in Active state
Discover the segments that consist of identity domain not currently in an active state. This is beneficial in identifying and managing inactive domains within your Oracle Cloud Infrastructure.
select display_name, id, lifecycle_statefrom oci_identity_domainwhere lifecycle_state <> 'ACTIVE';select display_name, id, lifecycle_statefrom oci_identity_domainwhere lifecycle_state <> 'ACTIVE';List of Identity Domains without application tag key
Determine the areas in which identity domains lack an application tag key. This is useful for identifying potential gaps in your tagging strategy, helping to ensure all domains are properly categorized and managed.
select display_name, idfrom oci_identity_domainwhere not tags :: JSONB ? 'application';select display_name, idfrom oci_identity_domainwhere json_extract(tags, '$.application') is null;Get replication details for the domains
Discover the domains that have multiple replicas. This query can be used to get an overview of the replication status of identity domains, helping in effective management and maintenance, for security assessments and ensuring that replication aligns with the organization's security policies, to verify that data replication meets regulatory requirements, especially in cases where data sovereignty and regional compliance are important, to confirm that replicas are available and in the expected state across designated regions.
select display_name, id, r ->> 'region' as replica_region, r ->> 'state' as replication_state, r ->> 'url' as replication_urlfrom oci_identity_domain, jsonb_array_elements(replica_regions) as r;select display_name, id, json_extract(r.value, '$.region') as replica_region, json_extract(r.value, '$.state') as replication_state, json_extract(r.value, '$.url') as replication_urlfrom oci_identity_domain, json_each(replica_regions) as r;Schema for oci_identity_domain
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| compartment_id | text | The OCID of the Tenant in which the resource is located. | |
| defined_tags | jsonb | Defined tags for resource. Defined tags are set up in your tenancy by an administrator. Only users granted permission to work with the defined tags can apply them to resources. | |
| description | text | The identity domain description. You can have an empty description. | |
| display_name | text | = | The mutable display name of the identity domain. |
| freeform_tags | jsonb | Free-form tags for resource. This tags can be applied by any user with permissions on the resource. | |
| home_region | text | The home region for the identity domain. | |
| home_region_url | text | = | Region-specific identity domain URL. |
| id | text | = | The OCID of the identity domain. |
| is_hidden_on_login | boolean | = | Indicates whether the identity domain is hidden on the sign-in screen or not. |
| license_type | text | = | The license type of the identity domain. |
| lifecycle_details | text | Any additional details about the current state of the identity domain. | |
| lifecycle_state | text | = | The domain's current state. |
| replica_regions | jsonb | The regions where replicas of the identity domain exist. | |
| tags | jsonb | A map of tags for the resource. | |
| tenant_name | text | The name of the Tenant in which the resource is located. | |
| time_created | timestamp with time zone | Date and time the identity domain was created, in the format defined by RFC3339. | |
| title | text | Title of the resource. | |
| type | text | = | The type of the identity domain. |
| url | text | = | Region-agnostic identity domain URL. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- ociYou can pass the configuration to the command with the --config argument:
steampipe_export_oci --config '<your_config>' oci_identity_domain