Implementing Multi-Cloud Federation Across Microsoft Azure and Oracle Cloud: A Single Sign-On Solution

A ClinicMeta project (for a Clinical Trials Management Company)

Introduction

In the ever-evolving landscape of cloud computing, I recently undertook an engaging project to design and implement a multi-cloud architecture. The client’s setup involved Oracle Cloud Infrastructure (OCI) and Microsoft Azure, and my task was to create a Single Sign-On (SSO) system for both platforms. In this blog post, I’ll share the challenges faced and the solutions implemented to achieve this federation between the two cloud services.

The Challenge

Dual Cloud Ecosystem

The company was leveraging Oracle Cloud Infrastructure and Microsoft Azure for their operations. While beneficial, this dual-cloud environment introduced complexities, particularly in user management and authentication.

Inconsistent Authentication

Technology teams were dispersed across the two platforms; for example, database work would often occur on OCI, while Azure was more favoured for networking tasks. This led to cumbersome management of multiple credentials.

Security Concerns

The scenario of managing multiple credentials for different platforms always comes with its own set of security risks and complexities.

The Solution

Utilising Azure Active Directory and OCI’s IAM Service

To bridge the two platforms, I used Azure Active Directory on the Microsoft Azure end and OCI’s Identity and Access Management (IAM) service on the Oracle end.

Implementing Single Sign-On (SSO)

With the core services identified, I focused on creating an SSO system that would provide seamless authentication across both cloud platforms. The same username and password could now be used to log into both OCI and Azure.

Using SAML

In the architecture of this multi-cloud federation solution, Security Assertion Markup Language (SAML) played a pivotal role. SAML is an open standard that enables the secure exchange of authentication and authorisation data between parties. I configured SAML-based assertions between Microsoft Azure Active Directory and Oracle Cloud Infrastructure’s IAM service in this specific scenario.

This facilitated the Single Sign-On (SSO) process, allowing the technology teams to authenticate using a single set of credentials for both platforms. By employing SAML, I ensured that the authentication process was streamlined and secure, meeting the stringent security requirements that are paramount in any federated system.

Federation for User and Group Mapping

After integrating OCI, I set up federation services to map users and groups directly from Azure. This meant that once a user was added or modified in Azure Active Directory, the changes would automatically propagate to OCI, simplifying user management across the platforms.

Testing and Validation

I conducted rigorous testing to ensure that all integrations worked as intended. User mappings were checked, and the SSO functionality was validated across different scenarios and user roles.

Conclusion

The project proved to be an insightful experience, successfully navigating the intricacies of multi-cloud federation and security. By using Azure Active Directory and Oracle’s IAM service, I implemented a robust Single Sign-On system that simplified user management and enhanced security protocols. Team members can now effortlessly switch between Microsoft Azure and Oracle Cloud Infrastructure using just one set of credentials, streamlining operations and reducing potential security risks.