You might wonder why I chose tire for my blog image. It represents Hub and Spoke very well. The tire's rim is connected to the central circle (let's call it Hub) using spokes. The engine rotates the Hub. As the Hub rotates, it rotates the rim of the tire.
Oracle has one of the most heterogeneous SaaS and PaaS services running on modern Gen-2 Cloud Infrastructure. While it improves customer experience by providing a unified cloud experience across the entire stack, it creates unique challenges for engineering to solve. However, I have learned over 13 years working in IT that no matter how complex the problems are, solutions are almost always simple. I usually rely on design patterns to solve such problems.
One such challenge is providing unified user management across SaaS and PaaS services. Customers do not want to manage Identities across many SaaS platforms. Whether they manage Identities in the Oracle cloud or outside the Oracle cloud, they want a single platform to manage Identities.
IDCS (Identity Cloud Service) is an Identity management solution on Oracle Cloud. It serves as an Identity platform for both SaaS and PaaS services. However, we did not want to overburden IDCS by storing application-specific user data. So, most of the SaaS services run their mini-Identity stacks. You can find more information about IDCS here.
To simplify Identity management across the Oracle cloud, all the services on Oracle cloud (SaaS, PaaS) integrate with IDCS for user authentication using SAML and user provisioning. It creates a pattern of Hub and Spoke. An IDCS instance acts as a hub doing authentication and coarse-grained authorization, and all other Identity stacks, whether IDCS used by GBU services or SaaS Identity stacks, are spokes. If you use an external Identity Provider, then you can extend the model. External Identity Provider integrates with the Hub IDCS instance both for Identity federation and Identity management. The hub instance integrates with all the spokes.
To set up Hub and Spoke Architecture, we must integrate IDCS with various SaaS Identity stacks and IDCS used by GBU services. Below are some references to know more about those integrations.