Strata’s Maverics Identity Orchestration Platform provides an abstraction layer that decouples apps from identity and natively integrates with cloud platforms, cloud identity systems, and on-premises identity and app infrastructures. The Maverics Orchestrator can also run as a standalone on-premises instance to manage identity for your identity and app infrastructures.
Maverics Identity Orchestrator users
Maverics is used by traditional IT operators of legacy identity systems, cloud architects, and platform administrators. It is particularly useful for those working on legacy identity modernization or migration projects and those working on managing identity across a set of distributed cloud platforms.
The Maverics platform can:
Modernize app IAM or IDPs: Switch clouds, swap IDPs, or deploy the next big thing in identity — without touching the apps.
Add MFA & passwordless to any app: Deploy modern authentication for hundreds of apps in hours — without leaving any unprotected.
Layer identity resilience into your IDPs: Add always-on protection against unexpected outages — without building it yourself.
Bridge identity and policy between clouds: Scale your architecture and secure apps with multi-cloud and multi-identity options — without refactoring.
Build orchestrated user journeys: Create a seamless, secure identity experience for every user — without writing any code.
Setting up the Maverics platform involves the following steps:
Once you’ve signed up for a Maverics account, you can add and invite other users to your account, view subscriptions, and monitor your applications and identity services. You only pay for the components deployed to production environments.
Environments define storage buckets where you can deploy user flow configuration and the orchestrators that will read that configuration for your applications. Create environments (e.g. dev, test, staging, and production), configure cloud storage containers, and assign orchestrators to those environments in the Maverics user interface or manually using environment variables.
Orchestrators are lightweight services that deploy in the cloud or on-premises. Each orchestrator runs as a service on Linux, Windows, or in a container runtime, and is configured through a YAML file or via the Maverics Identity Orchestration Platform. Mac OS X amd64 binaries are also available for evaluation purposes.
Orchestration Recipes are no-code solutions for specific identity use cases. These recipes automatically configure identity fabric and app integrations to create simple but complete user flows. Examples of Orchestration Recipes include protecting legacy apps with passwordless authentication, migrating off legacy IDPs, managing access across multiple clouds, and building identity resilience.
The identity fabric integrates on-premises identity systems such as CA SiteMinder or Oracle Access Manager; LDAP directories and SQL databases; cloud identity systems such as Microsoft Azure AD, Okta, Auth0, and HYPR; and threat intelligence providers. The Maverics platform walks you through the process of configuring the identity fabric with several types of authentication providers and attribute providers, or you can configure them manually as connectors and attribute providers.
Applications provide a declarative model for defining the relationships between users, applications, and identity systems, allowing you to route users to any identity system for authentication, create and enforce policies, pass identities and attributes between identity systems, or pass that identity information to applications. Applications can also be configured manually as AppGateways.
User flows have a 1-to-1 relationship with applications and are used to define policy details that are associated with an application. You must have at least one authentication provider and one application configured before creating a new user flow.
The Maverics platform can be extended using service extensions, which are custom, pre-compiled Golang code that support arbitrary functionality such as retrieving and constructing complex attributes or defining and evaluating policies with logic not pre-built into an orchestrator.
Use our developer documentation to understand the end-to-end process of manually configuring an orchestrator and running it on-premises.
Use RP & IDP orchestrators
Orchestrators can be deployed to proxy upstream applications and use configuration to control how authentication and authorization is performed by different identity systems connected to the orchestrator's fabric. You can also deploy orchestrators on the same host as any web server as a local proxy to handle authentication and enforce policies for applications running on those web servers. Find out how to deploy RP & IDP orchestrators or how to deploy a web server with a local orchestrator.