Realm settings
Overview
Realms let you manage different sets of identities and applications within the same Identity Cloud tenant. Each realm is fully self-contained and operates independently of other realms within a tenant.
The identities and applications in one realm cannot by default access those in another realm. However, you can grant conditional access across realms.
A typical example of realm management is when a company divides its identities into two realms: one for employees, and one for customers, each with a distinct set of identities and registered applications. The realms provide the means to keep customers from accessing employee information, while allowing employees conditional access to customer information.
Manage realm settings
-
In the Identity Cloud admin UI (upper left), open the Realm menu.
-
Go to Realm Settings > Details.
-
On the Details page:
-
The Status bar indicates whether the realm is Active or Inactive.
-
To take the realm out of service, click Deactivate.
When a realm is deactivated, users and devices contained in the realm will not be able to access its applications. Identity and app information is still registered to your identity platform. -
Name: The realm name is non-configurable.
-
(Optional) DNS Aliases: Alternative display names for the realm’s URL.
-
Use Client-based Sessions: Enable this option to allow signing and encryption of the JWT in the global session service.
-
When you’re satisfied with your changes, click Save.
Override realm authentication attributes
This is useful when you want to adjust the core authentication properties that apply to a realm. For example, you might want to extend the time limit for responding to an authentication verification email. Use the AM admin UI to make this kind of change.
-
In the Identity Cloud admin UI, click Native Consoles > Access Management.
-
In the AM admin UI, go to Authentication > Settings.
For detailed property information, see Core Authentication Attributes.