Modes
The Orchestrator operates in five modes, each addressing a different identity protocol or deployment pattern.| Mode | Protocol | Use Case |
|---|---|---|
| OIDC Provider | OpenID Connect | Modern web and mobile SSO with claim enrichment and IdP failover |
| SAML Provider | SAML 2.0 | Legacy enterprise federation with protocol translation |
| HTTP Proxy | HTTP | Protect applications without code modification |
| LDAP Provider | LDAP | Virtual directory for LDAP-dependent applications |
| AI Identity Gateway | MCP | AI agent identity via MCP Bridge and MCP Proxy |
Interfaces
Two interfaces configure the same Orchestrator — choose the one that fits your workflow.| Interface | Best For | Description |
|---|---|---|
| Console UI | Visual configuration | Web-based management at maverics.strata.io — point-and-click setup, deployment management, audit logging |
| Configuration (YAML) | Declarative configuration | Local configuration files checked into version control — ideal for GitOps workflows |
Deployment Models
The Orchestrator is designed to run wherever your applications run. Three deployment models cover the most common environments:- Cloud — Orchestrator runs in cloud infrastructure (AWS, Azure, GCP) alongside cloud-native applications. Ideal for teams with fully cloud-based identity stacks.
- On-premises — Orchestrator runs in data centers alongside legacy applications. Critical for enterprises with mainframe, LDAP, or on-prem web applications that cannot migrate to the cloud.
- Hybrid — A mix of cloud and on-premises Orchestrators managed from a single Console. This is the most common model for enterprises modernizing incrementally.