To divide administrative responsibilities, your deployment can be divided into smaller units called security domains. Security domains typically represent a company’s internal business units, for example, departments.
Security domains are organized in a hierarchical tree. You can create up to 1,000 security domains, and transfer users, user groups, and so on, between security domains as necessary.
After you create the security domain hierarchy and link the identity source to the system, all users are added to the top-level security domain. To help you organize users, manage the deployment, and limit administrative scope, you may want to move users to another security domain in the hierarchy.
Just as you have likely created security domains to match either your organization’s structure or geographic locations, you can use the Security Console to transfer users from each department or location to their respective security domains.
For example, if the top-level security domain is named SystemDomain, and you have lower-level security domains named Boston, New York, and San Jose, you would likely move users from SystemDomain to their respective security domains.
Each security domain has policies assigned to it that dictate requirements. For example, the password policy determines when users may become locked out.
You can create custom policies for each security domain, or use the default policies. Default policies are assigned to each new security domain.