Alpha and Bravo Realms

Overview

The Alpha and Bravo realms are the two default realms that are included as part of an Identity Cloud tenant. These realms are configurable, unlike the top-level realm that Identity Cloud configures for administrator identities.

Identity Cloud currently does not support more than two realms in the same tenant.

The Alpha and Bravo realms are nearly identical, with the exception of delegated administration.

idcloudui identities manage alpha bravo

End-user sign-in

End users access their sign-in page using a URL that specifies the realm they belong to.For example:

  • Alpha realm members use https://<tenant-name>.forgeblocks.com/login/?realm=alpha/#/

  • Bravo realm members use https://<tenant-name>.forgeblocks.com/login/?realm=bravo/#/

Administrators cannot authenticate using these realm-specific login URLs, see Administrator sign-in.

Delegated administration

The Bravo Realm does not support delegated administration.

In the Alpha realm you can set up internal roles for delegated administration using a custom set of privilege attributes.You can then assign those internal roles to users, so that Alpha realm users can act as delegated administrators and perform actions on the custom set of attributes specified by the role.

You can assign the internal roles in two different ways using the Identity Cloud Admin UI:

  • To add an internal role to a user, go to Identities > Manage > Realm - Users.Select a user, then select the Authorization Roles tab, then click the Add Authorization Roles button:

    idcloudui identities user authorization roles tab

  • To add a user to an internal role, go to Identities > Manage > Internal Roles.Select a role, then select the Members tab, then click the Add Members button:

    idcloudui identities internal role members tab

However, in the Bravo realm, while you can also set up internal roles for delegated administration, you cannot use them.You cannot add a user to an internal role, and even though it appears possible to add an internal role to a user, this will not correctly link the user to the role.If you attempt this, the user will not be listed in the internal role Members tab.

The following table summarizes these differences:

Action Alpha Realm Bravo Realm

Create internal role for the purposes of delegated administration

Yes

Yes

Add user to internal role

Yes

No

Add internal role to user

Yes

⚠️ ️
appears possible but will not work