<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00008qWgNjCAKOkta Classic EngineDirectoriesAnswered2023-02-27T16:35:31.000Z2023-02-23T17:30:14.000Z2023-02-27T16:35:31.000Z

User16589292289208727719 (Customer) asked a question.

February 23, 2023 at 5:30 PM
Spoke and Hub model

Hello community.

We have designed our architecture using Spoke and hub model.

We have more regions and each of region is represented by spoke (org)

Each region have its own infra: Active Directory, AD domain and local applications (local app versus corporate applications). Each region AD is integrated with the spoke representing this region.

Corporate org is represented by hub . The hub is providing access to the corporate applications which are used (shared) by all regions.

With this architecture all works fine.

 

Now, we plan to migrate the existing AD architecture from the different region ADs (with different domains) to one centralized AD with one domain which include all region users and groups. Each region will be represented by OU in this new centralized AD.

 

Having said that, do you think that the spoke and hub architecture is the correct solution regarding our AD architecture migration? Does that make sense to keep Hub and spoke model in place? or do you think that we can make the architecture more simple (with one tenant for all regions integrated with one centralized AD)?

Thanks

 

 

  • 3 answers
  • 642 views

  • Mihai N. (Okta, Inc.)

    Hi @User16589292289208727719 (Customer)​ , Thank you for reaching out to the Okta Community!

     

    It all really depends on your organizational needs. 

    On the one hand I always like things simple, so having all under one "roof" might do that.  

    On the other hand, the spoke and hub model might offer some degree of separation to allow things like individual org customizations while still provisioning users from the main hub AD.  

    Maybe a cost/benefit analysis might be in order as well, but that would be a discussion that you need to have with your Okta Account Executive.

     

    I'll leave this question open to the Community as well to pitch in with opinions and experiences.

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

    --------------------------------

    Community members help others by clicking Like or Select as Best on responses. Try it today.

    Expand Post

  • User16589292289208727719 (Customer)

    Hi Mihai and thanks for response.

    Do you have some examples or use cases for customization you told about, that require Hub and Spoke model?

    Thanks

     

This question is closed.
Loading
Spoke and Hub model