Data breaches occur more often than we’d like them to. As businesses embrace remote work practices, IT resources are more at risk than ever before. Oracle Identity and Access Management (IAM) is an essential tool for protecting enterprise resources against cybersecurity threats. Join Lois Houston and Nikita Abraham, along with Rohit Rahi, as they examine IAM and the key aspects of this service, and discuss how you can control who has access to your resources.   Oracle MyLearn: https://mylearn.oracle.com/ Oracle University Learning Community: https://education.oracle.com/ou-community X (formerly Twitter): https://twitter.com/Oracle_Edu LinkedIn: https://www.linkedin.com/showcase/oracle-university/   Special thanks to Arijit Ghosh, Kiran BR, Rashmi Panda, David Wright, the OU Podcast Team, and the OU Studio Team for helping us create this episode.   --------------------------------------------------------   Episode Transcript: 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we’ll bring you foundational training on the most popular Oracle technologies. Let’s get started. 00:26 Nikita: Hello and welcome to the Oracle University Podcast. I’m Nikita Abraham, Principal Technical Editor with Oracle University, and with me is Lois Houston, Director of Innovation Programs. Lois: Hi everyone. Thanks for joining us for this Best of 2023 series, where we’re playing you six of our most popular episodes of the year.   00:47 Nikita: Today’s episode is #3 of 6 and is a throwback to a conversation with Rohit Rahi, Vice President of CSS OU Cloud Delivery, on Identity and Access Management, which is one of OCI’s top security features. So, let’s get straight into it. 01:03 Rohit: IAM stands for Identity and Access Management service. It's also sometimes referred to as fine-grained access control or role-based access control service.  There are two key aspects to this service. The first one is called authentication, or also referred to as AuthN. And the second aspect is referred to as authorization or also referred to as AuthZ. Authentication has to deal with identity or who someone is, while authorization has to deal with permission or what someone is allowed to do.  01:37 Rohit: So basically what the service ensures is making sure that a person is who they claim to be. And as far as authorization is concerned, what the service does is it allows a user to be assigned one or more pre-determined roles, and each roles comes with a set of permissions. Now, there are various concepts which are part of this service or various features which are part of this service, starting with identity domains, principles, groups, dynamic groups, compartments, et cetera. Now identity domains is basically a container for your users and groups. So think about this as a construct which represents a user population in OCI and the associated configurations and security settings.  02:30 Lois: So, how does this work in practice?  Rohit: Well, what we do first is we create an identity domain, and then we create users and groups within that identity domain. And then we write policies against those groups, and policies are scoped to a tenancy, an account, or a compartment. And of course, the resources are available within a compartment. And again, compartment is kind of a logical isolation for resources. So this is how the whole service works. 03:03 Rohit: And users and the groups, authentication is done by common mechanisms like username and password, and policies is basically where you provide this role-based access control. So you put these groups in one of the pre-determined roles, and then you assign some permissions against those roles. So this is how the service works in a nutshell.  Now anything you create in the cloud, all these objects, whether it's a block storage, it's a compute instance, it's a file storage, it's a database, these are all resources. And if these things are resources