Infosys’ blog on industry solutions, trends, business process transformation and global implementation in Oracle.

« Building customizations (RICEFW) on Oracle SaaS | Main | »


Welcome to the final part of this series. Here we look at some real life scenarios about how integration work with SaaS based applications. I have taken Kronos, a leading Workforce Management solution provider, as an example to help us in understanding the concepts. We also touch upon access control integrations as a scenario.

A Kronos example


Let us take a workforce management example in Kronos to understand how it all plays out in a real-life scenario.

In a typical workforce management implementation, the scene is not so straight forward as depicted in the figure above. The first thing that strikes is the hybrid integration architecture that is chosen here. We see a conventional flat file integration through a middleware (optional) and an API data interchange, both in the same context. How is this chosen? Let's look back at the integration considerations.

A workforce management system, which in this case is Kronos, liaises with various external entities such as HR, payroll, store planning, enterprise business intelligence (BI), and time recording devices, which are in some cases, supplied by a different vendor. Not all data are the same. Not all carry the same weight in terms of size and priority. So, picking one integration solution for the mix may not be an optimal solution. The ones that are heavy in volume and lower in priority (priority here is assumed to be urgency) can be interfaced through the traditional integration architecture (Extract, Transform, Load (ETL) or a flat file through middleware) with a minor tweak. The slight change here will be that an additional layer of security must be given to the data using encryption technologies such as Pretty Good Privacy (PGP) as these may be transmitted to the cloud via public internet channels.

On the other hand, data that is lighter and need to be interfaced real-time or near real-time can be transmitted through Kronos exposed XML API framework. The XML requests and responses get transmitted through secured http links between the client and the Kronos application servers. Along with every such request, a session cookie has to be sent to duly authenticate the request, thus ensuring data and access controls.

Identity management in cloud


Integration is not always just about business data. Identity management and access control are extremely critical integration components that needs to be dealt with utmost care. Needless to say, when dealing with cloud, security is paramount.

The above illustration shows the entry point architecture for a Kronos SaaS application. Cloud is accessible from almost anywhere in the world. This exposes the applications that are hosted on the cloud to hackers and eavesdroppers. Kronos or any other human capital management (HCM) system carries quite some personally identifiable information that needs to be protected. In the illustration, once can see how a cloud system authenticates an entry attempt via different channels. Cloud can be integrated with various authentication mechanisms such as Security Assertion Markup Language (SAML) and Lightweight Directory Access Protocol (LDAP), enabling single sign-on from the organization's network with firewalls opening up for specific URL entries. Similarly, externally accessible devices can be made to authenticate through application-specific authentication mechanisms.


With the cloud fever catching up with many organizations, the need is to first tackle multiple challenges. The topics discussed above are few among the many challenges. To summarize, integration models with cloud need to be carefully chosen and discussed to vet out all possible current and future scenarios.

All considerations listed here may need to be looked upon when arriving at key architectural decisions. The final architectural decisions still needs to be analyzed and fitted based on the organization's IT landscape and orientation towards cloud.

*****End of Part-3 and the series*****

 Link to part 1:

 Link to part 2:

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Please key in the two words you see in the box to validate your identity as an authentic user and reduce spam.

Subscribe to this blog's feed

Follow us on

Blogger Profiles