The Orchestrator
The Orchestrator is a lightweight, self-hosted runtime deployed alongside your applications. It coordinates identity workflows — authentication, authorization, and protocol translation — without requiring changes to application code. The Orchestrator is stateless by design. It pulls its configuration from the Console (as signed bundles) or from local YAML files, making it easy to scale horizontally and deploy in any environment. A single Orchestrator instance can operate in one or more of five modes simultaneously — OIDC Provider, SAML Provider, HTTP Proxy, LDAP Provider, and AI Identity Gateway. Each mode addresses a specific identity protocol or deployment pattern.The Console
The Console is Strata Identity’s cloud SaaS management platform, available at maverics.strata.io. It provides a visual interface for configuring Orchestrators, managing deployments, and monitoring identity workflows. The Console is multi-tenant and multi-region. It publishes signed configuration bundles to Orchestrators — ensuring that runtime configuration is cryptographically verified and tamper-resistant. Key capabilities include visual point-and-click configuration, deployment management across environments, and audit logging for compliance and troubleshooting.Deployment Modes
The Orchestrator runs in one or more modes simultaneously on a single instance. Each mode is purpose-built for a specific identity protocol or pattern:- OIDC Provider — Modern web and mobile SSO with OpenID Connect, including claim enrichment and IdP failover
- SAML Provider — Legacy enterprise federation with SAML 2.0 protocol translation
- HTTP Proxy — Protect applications without code modification by intercepting HTTP traffic
- LDAP Provider — Virtual directory for LDAP-dependent applications migrating to modern identity
- AI Identity Gateway — AI agent identity via MCP Bridge and MCP Proxy