Data (identity) management

In Identity Cloud, data management covers a wide-range of activities including:

Item	Description
Identity object schema	The model for your data including users, roles, and applications. Create new objects or modify existing ones so that each object represents the properties your organizations requires.
Organizations	Create organizations when you want to group identities to suit your business needs. For example, you can build an organization structure modeled after your brand hierarchy. This lets you control access to business applications with tailored login experiences. You can also use organizations to delegate user administration.
Roles	Roles define privileges for user and device identities. Roles let you automatically assign and update privileges in numerous identity profiles. For further information about roles and assignments, refer to Roles and assignments. The role object is a managed object type that uses the relationships mechanism to link the role to the managed object to which it applies.
Applications	While you can use applications for authentication, applications are also used for provisioning and synchronization.

Item

Description

Identity object schema

The model for your data including users, roles, and applications. Create new objects or modify existing ones so that each object represents the properties your organizations requires.

Organizations

Create organizations when you want to group identities to suit your business needs.

For example, you can build an organization structure modeled after your brand hierarchy. This lets you control access to business applications with tailored login experiences. You can also use organizations to delegate user administration.

Roles

Roles define privileges for user and device identities. Roles let you automatically assign and update privileges in numerous identity profiles. For further information about roles and assignments, refer to Roles and assignments.

The role object is a managed object type that uses the relationships mechanism to link the role to the managed object to which it applies.

Applications

While you can use applications for authentication, applications are also used for provisioning and synchronization.

The use cases in this section focus on data management in a holistic way:

Use case	Description
Create test users and roles	Create test users and roles, assign users to roles, and log in to the Identity Cloud End User UI as one of the users.
Assign roles to users dynamically	Dynamically assign a user to a role based off a criteria being met.
Provision data between Identity Cloud and PingDirectory	Provision accounts to and from Identity Cloud and PingDirectory.
Create organizations to delegate administration	Configure Identity Cloud to group users into organizations. Use organizations to delegate user administration to different groups of users.
Provision users from Microsoft Entra ID (Azure AD)	Provision accounts from Microsoft Entra ID (formerly Azure AD) into Identity Cloud.
Provision data from Active Directory (AD) using RCS	Provision accounts from an on-premise Active Directory (AD) server into Identity Cloud.

Use case

Description

Create test users and roles

Create test users and roles, assign users to roles, and log in to the Identity Cloud End User UI as one of the users.

Assign roles to users dynamically

Dynamically assign a user to a role based off a criteria being met.

Provision data between Identity Cloud and PingDirectory

Provision accounts to and from Identity Cloud and PingDirectory.

Create organizations to delegate administration

Configure Identity Cloud to group users into organizations. Use organizations to delegate user administration to different groups of users.

Provision users from Microsoft Entra ID (Azure AD)

Provision accounts from Microsoft Entra ID (formerly Azure AD) into Identity Cloud.

Provision data from Active Directory (AD) using RCS

Provision accounts from an on-premise Active Directory (AD) server into Identity Cloud.