chore(docs): describe usage of a Custom Identity Domain within an OCI subcompartment

Signed-off-by: Thomas Pham <[email protected]>

Author: thpham

docs/src/SUMMARY.md

@@ -8,6 +8,7 @@
   - [Identity](./guide/identity.md)
     - [Policies](./guide/identity_policies.md)
     - [Tags](./guide/identity_tags.md)
+    - [Identity Domain](./guide/identity_domain.md)
   - [Network](./guide/network.md)
     - [Subnets](./guide/network_subnets.md)
     - [Network Security Groups](./guide/network_nsgs.md)    

docs/src/guide/identity.md

@@ -1,3 +1,5 @@
 # Identity
 
-Optional creation of Identity Dynamic Groups, Policies, and Tags.
+## IAM without Identity Domains
+
+Optional creation of Identity [Dynamic Groups](https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm), [Policies](https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingpolicies.htm), and Tags.

docs/src/guide/identity_domain.md

@@ -0,0 +1,16 @@
+# IAM with Identity Domains
+
+Creation of Identity [Dynamic Groups](https://docs.oracle.com/en-us/iaas/Content/Identity/dynamicgroups/managingdynamicgroups.htm), [Policies](https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingpolicies.htm), and Tags.
+
+
+## Context
+
+While you might not have the necessary policy permissions to provision OKE clusters directly at Tenancy level (ROOT compartment) and you have full control only under a sub-compartment, the following parameters will allow you to reference an existing and custom `identity domain` at this sub-compartment level. The `Dynamic Groups` will be then created in this Identity Domain while the policies will be created at the sub-compartment level and their statements using the `dynamic group` in your `identity domain`
+
+Moreover, You can use this Identity Domain, to create service account users for your Kubernetes/OKE controllers or operators.
+
+## Usage
+
+```javascript
+{{#include ../../../examples/iam/vars-subcompartment-iam-identitydomain.auto.tfvars:4:}}
+```