Maverics Overview

Strata’s Maverics Identity Orchestration Platform provides an abstraction layer that decouples apps from identity and natively integrates with cloud platforms, cloud identity systems, and on-premises identity and app infrastructures. Maverics Identity Orchestrator is the software that makes it all happen.
Maverics Identity Orchestrator can:
  • connect to any identity system
  • abstract authentication and session management
  • transparently migrate users and credentials
  • replicate and synchronize policies and configurations
An Orchestrator is a lightweight service that deploys in the cloud or on-premises. Each Orchestrator runs as a service on a Linux or Windows server and is configured through a YAML file or via the Orchestrator Platform UI.

Orchestrator Capabilities

  • Consistent Access Policy: One of the hardest things to do in a hybrid multi-cloud environment that employs multiple distributed identity systems is to maintain consistent and enforceable access policies. Orchestrators read and write policies from various identity systems to automatically keep them in sync. In cases where legacy access policies don't map onto cloud identity system policies, Orchestrators can extend policy enforcement while proxying application access requests, redirecting to cloud identity systems for authentication, and abstracting session management away from legacy identity systems.
  • Consistent Identity Data: Use Orchestrators to keep identity data consistent and in-sync when systems of authority for different data and attributes are distributed across on-premises identity stores, legacy identity systems, and cloud identity systems. Orchestrators read identity data and attributes from identity stores and maintain state about that data in real-time while users access applications.
  • Session Abstraction: Session Abstraction makes it possible to transition applications integrated with a legacy identity system to use standards such as OpenID Connect or SAML to authenticate users. The Orchestrator acts on behalf of the legacy identity system by sending users to a cloud identity system to be authenticated and then emulating the legacy identity system's sessions required for controlling access to on-premises applications.
  • Identity and Application Migration: migration is the process of migrating users from a legacy, on-premises identity system - such as a web access management product that stores identities in one or more LDAP directories or databases - to a cloud identity system such as Azure Active Directory, Okta or others. The Orchestrator performs what is referred to as a "live migration," an incremental process that occurs when a user attempts to access an application and is authenticated by the legacy identity system. User credentials, profile attributes, and other data are collected by the Orchestrator and sent to the target cloud identity system. User identities are created via the appropriate user API (e.g., SCIM).

Orchestrator Features

Orchestrators use Connectors, App Gateways, Auth Providers, Attribute Providers, and Service Extensions to orchestrate behavior across identity systems and create an abstraction layer that applications use to integrate with any identity system without changing application code or modifying configurations. Orchestrators can move policies, configurations, and identities across any identity system. They are also used to route login requests to different identity providers or lookup and retrieve user attributes, groups, and other identity data from a variety of identity stores. Orchestrators can run in proxy mode or as a gateway that plugs into a web server or other application runtime.


Each Orchestrator incorporates Connectors to on-premises identity systems such as CA SiteMinder or Oracle Access Manager; LDAP directories and SQL databases; cloud identity systems such as Microsoft Azure AD, Okta, Auth0, and HYPR; and threat intelligence providers.
A connector is built into an Orchestrator and enabled through configuration.
Get acquainted with Connectors

App Gateways

App Gateways provide a declarative model for defining the relationships between users, applications and identity systems, allowing you to route users to any identity system for authentication, create and enforce policies, pass identities and attributes between identity systems, or pass that identity information to applications.
Get acquainted with App Gateways

Attribute Providers

Attribute Providers enable the Maverics Orchestrator to act as a source of user attributes. Attribute Providers can be leveraged to enhance a user's profile with additional data from multiple sources to provide a richer user experience.
Get acquainted with Attribute Providers

RP & IDP Orchestrators

Orchestrators can be deployed to proxy upstream applications and use configuration to control how authentication and authorization is performed by different identity systems connected to the Orchestrator's fabric. You may also deploy Orchestrators on the same host as any web server as a local proxy to handle authentication and enforce policies for applications running on those web servers.
Find out how to deploy RP & IDP Orchestrators Find out how to deploy a Web Server with a Local Orchestrator

Service Extensions

Components with the Orchestrator can be extended using Service Extensions, which are custom, pre-compiled Golang code or Javascript that support arbitrary functionality such as retrieving and constructing complex attributes or defining and evaluating policies with logic not pre-built into an Orchestrator.
Learn how to extend an Orchestator with Service Extensions

Maverics Identity Orchestrator Users

Maverics is used by traditional IT operators of legacy identity systems, cloud architects, and platform administrators. It is particularly useful for those working on legacy identity modernization or migration projects and those working on managing identity across a set of distributed cloud platforms.