From dbdd3f3adb511dc5a1c97812ac378607e33a6215 Mon Sep 17 00:00:00 2001
From: Thomas Pham <thomas.pham@sicpa.com>
Date: Mon, 7 Aug 2023 17:30:53 +0200
Subject: [PATCH] chore(docs): describe usage of a Custom Identity Domain
 within an OCI subcompartment

Signed-off-by: Thomas Pham <thomas.pham@sicpa.com>
---
 docs/src/SUMMARY.md               |  1 +
 docs/src/guide/identity.md        |  4 +++-
 docs/src/guide/identity_domain.md | 16 ++++++++++++++++
 3 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 docs/src/guide/identity_domain.md

diff --git a/docs/src/SUMMARY.md b/docs/src/SUMMARY.md
index 3466e238..42571f5e 100644
--- a/docs/src/SUMMARY.md
+++ b/docs/src/SUMMARY.md
@@ -8,6 +8,7 @@
   - [Identity](./guide/identity.md)
     - [Policies](./guide/identity_policies.md)
     - [Tags](./guide/identity_tags.md)
+    - [Identity Domain](./guide/identity_domain.md)
   - [Network](./guide/network.md)
     - [Subnets](./guide/network_subnets.md)
     - [Network Security Groups](./guide/network_nsgs.md)    
diff --git a/docs/src/guide/identity.md b/docs/src/guide/identity.md
index 7aae0181..48d3679f 100644
--- a/docs/src/guide/identity.md
+++ b/docs/src/guide/identity.md
@@ -1,3 +1,5 @@
 # Identity
 
-Optional creation of Identity Dynamic Groups, Policies, and Tags.
+## IAM without Identity Domains
+
+Optional creation of Identity [Dynamic Groups](https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm), [Policies](https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingpolicies.htm), and Tags.
diff --git a/docs/src/guide/identity_domain.md b/docs/src/guide/identity_domain.md
new file mode 100644
index 00000000..29e5eb70
--- /dev/null
+++ b/docs/src/guide/identity_domain.md
@@ -0,0 +1,16 @@
+# IAM with Identity Domains
+
+Creation of Identity [Dynamic Groups](https://docs.oracle.com/en-us/iaas/Content/Identity/dynamicgroups/managingdynamicgroups.htm), [Policies](https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingpolicies.htm), and Tags.
+
+
+## Context
+
+While you might not have the necessary policy permissions to provision OKE clusters directly at Tenancy level (ROOT compartment) and you have full control only under a sub-compartment, the following parameters will allow you to reference an existing and custom `identity domain` at this sub-compartment level. The `Dynamic Groups` will be then created in this Identity Domain while the policies will be created at the sub-compartment level and their statements using the `dynamic group` in your `identity domain`
+
+Moreover, You can use this Identity Domain, to create service account users for your Kubernetes/OKE controllers or operators.
+
+## Usage
+
+```javascript
+{{#include ../../../examples/iam/vars-subcompartment-iam-identitydomain.auto.tfvars:4:}}
+```