Modes
The Orchestrator operates in five modes, each addressing a different identity protocol or deployment pattern.| Mode | Protocol | Use Case |
|---|---|---|
| OIDC Provider | OpenID Connect | Modern web and mobile SSO with claim enrichment and IdP failover |
| SAML Provider | SAML 2.0 | Legacy enterprise federation with protocol translation |
| HTTP Proxy | HTTP | Protect applications without code modification |
| LDAP Provider | LDAP | Virtual directory for LDAP-dependent applications |
| AI Identity Gateway | MCP | AI agent identity via MCP Bridge and MCP Proxy |
Interfaces
Two interfaces configure the same Orchestrator — choose the one that fits your workflow.| Interface | Best For | Description |
|---|---|---|
| Console UI | Visual configuration | Web-based management at maverics.strata.io — point-and-click setup, deployment management, audit logging |
| Configuration (YAML) | Declarative configuration | Local configuration files checked into version control — ideal for GitOps workflows |
Deployment Models
The Orchestrator is designed to run wherever your applications run. Three deployment models cover the most common environments:- Cloud — Orchestrator runs in cloud infrastructure (AWS, Azure, GCP) alongside cloud-native applications. Ideal for teams with fully cloud-based identity stacks.
- On-premises — Orchestrator runs in data centers alongside legacy applications. Critical for enterprises with mainframe, LDAP, or on-prem web applications that cannot migrate to the cloud.
- Hybrid — A mix of cloud and on-premises Orchestrators managed from a single Console. This is the most common model for enterprises modernizing incrementally.
What’s Next
Getting Started
Deploy your first Orchestrator and route an authentication request in minutes.
Modes Reference
Detailed reference documentation for each Orchestrator mode.