> ## Documentation Index
> Fetch the complete documentation index at: https://docs.strata.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

The Authentication guides walk you through configuring single sign-on and federation with the Maverics Orchestrator. Start with [How Authentication Works](/guides/authentication/how-auth-works) for a conceptual overview of the authentication pipeline, then use [Choosing a Mode](/guides/authentication/choosing-a-mode) to pick the right Orchestrator mode for your applications. The step-by-step guides below walk you through configuration for each protocol.

## Understand Authentication

<CardGroup cols={2}>
  <Card title="How Authentication Works" icon="diagram-project" href="/guides/authentication/how-auth-works">
    Understand the shared authentication pipeline across all 5 Orchestrator modes -- from request interception through session establishment
  </Card>

  <Card title="Choosing a Mode" icon="compass-drafting" href="/guides/authentication/choosing-a-mode">
    Compare OIDC Provider, SAML Provider, HTTP Proxy, LDAP Provider, and AI Identity Gateway side-by-side to pick the right mode
  </Card>
</CardGroup>

## Step-by-Step Guides

<CardGroup cols={2}>
  <Card title="SSO with OIDC" icon="key" href="/guides/authentication/sso-with-oidc">
    Configure the Orchestrator as an OIDC Provider -- connect your identity provider, define an OIDC app, map claims, and issue tokens to your application
  </Card>

  <Card title="Federate SAML Apps" icon="shield-halved" href="/guides/authentication/saml-federation">
    Federate enterprise SAML applications through the Orchestrator as a SAML Provider -- configure connectors, register relying parties, and map assertion attributes
  </Card>

  <Card title="Add SSO to Web Apps" icon="server" href="/guides/authentication/http-proxy-auth">
    Deploy the Orchestrator as an identity-aware reverse proxy -- protect legacy applications with header-based authentication, no code changes required
  </Card>

  <Card title="Modernize LDAP Auth" icon="folder-tree" href="/guides/authentication/ldap-provider">
    Configure the Orchestrator as a virtual LDAP directory -- authenticate LDAP-dependent applications against modern cloud identity providers
  </Card>

  <Card title="Single Logout" icon="right-from-bracket" href="/guides/authentication/single-logout">
    Configure Single Logout to log out of all authenticated identity providers and terminate the Maverics session in one action
  </Card>

  <Card title="IdP Migration" icon="right-left" href="/guides/authentication/idp-migration">
    Migrate between identity providers with zero downtime -- configure dual connectors with Continuity-based failover and attribute normalization
  </Card>
</CardGroup>

## Related Pages

<CardGroup cols={2}>
  <Card title="OIDC Provider Reference" icon="book-open" href="/reference/modes/oidc-provider">
    Complete configuration reference for the Orchestrator's OIDC Provider mode -- claims, scopes, and token settings
  </Card>

  <Card title="Identity Fabric Reference" icon="rectangle-list" href="/reference/orchestrator/identity-fabric">
    Supported identity providers and connector configuration for Microsoft Entra ID, Okta, Auth0, and more
  </Card>

  <Card title="Authorization Reference" icon="shield-check" href="/reference/orchestrator/authorization">
    Rule-based access control with enforcement behavior, per-mode differences, and real-world patterns
  </Card>

  <Card title="Sessions Reference" icon="id-badge" href="/reference/orchestrator/sessions">
    Session management, lifetime configuration, and how sessions integrate with authentication
  </Card>

  <Card title="AI Guides" icon="robot" href="/guides/ai-identity/overview">
    Secure AI agent access to APIs and MCP tools with identity, authorization, and audit
  </Card>

  <Card title="Identity Continuity" icon="arrows-rotate" href="/guides/identity-continuity/overview">
    Set up automatic IdP failover with health monitoring, Schema Abstraction Layer, and simulation testing
  </Card>
</CardGroup>
