App
A configuration unit in the Orchestrator that represents a workload. Apps have a type that determines their behavior: HTTP Proxy, OIDC, SAML, MCP Bridge, or MCP Proxy. Some app types (such as HTTP Proxy) define Routes for path-based request handling, while others (such as OIDC or MCP Bridge) operate at the app level without routes.Audit Log
A record of actions and events captured by the Console and Orchestrator. Console audit logs track API-level administrative actions (configuration changes, deployments, user management) while the Orchestrator emits structured logs for runtime authentication and authorization events as part of its telemetry output. See Console Audit Logs and Orchestrator Telemetry.Break-Glass
Emergency procedures for making Orchestrator configuration changes outside the normal Console workflow when Console access is unavailable. Break-glass trades some security guarantees for operational continuity. See Break-Glass procedures.Cache
A storage backend used by the Orchestrator for temporary data such as session state, tokens, and IdP metadata. Supported cache backends include Redis. See Caches reference.Claim
A user identity attribute — such as email, name, roles, or group membership — passed from identity providers to applications inside tokens or assertions. The Orchestrator can enrich claims by pulling additional attributes from LDAP directories, databases, or APIs, and map them into the format each application expects.Cluster
A high-availability configuration where multiple Orchestrator instances form a distributed group with shared state. Cluster members discover each other via gossip protocol and share session and cache data through a dedicated data plane. Currently an experimental feature enabled via feature flag. See Clusters reference.Config Bundle
A compiled package of Orchestrator configuration published from the Console. Config bundles are cryptographically signed (ECDSA P-256) before deployment, and the Orchestrator verifies the signature as part of its validation before applying the new configuration. See Config Publishing.Config Source
The location from which the Orchestrator loads its configuration. Supported sources include local files, environment variables, the Console, S3, Azure Blob Storage, GCS, GitHub, and GitLab. See Config Sources reference.Connector
An integration that connects the Orchestrator to an external identity provider (IdP). Connectors abstract the protocol details (OIDC, SAML, LDAP) so the Orchestrator can work with any provider through a uniform interface. See Identity Fabric reference.Console
The cloud-hosted (SaaS) management interface for Maverics. Provides visual configuration, deployment management, and audit logging at maverics.strata.io. See Console reference.Custom API
An HTTP endpoint defined directly in the Orchestrator configuration using service extensions. Custom APIs receive the full Orchestrator interface — sessions, caches, secrets, and connectors — for building health endpoints, webhooks, or custom integration logic. See Custom APIs reference.Deployment
A managed Orchestrator instance in the Console that pairs configuration with one or more running Orchestrator nodes. Deployments are typically named by purpose (e.g., “Auth Provider”, “AI Identity Gateway”, “xyz-app-proxy”). An environment may contain multiple deployments, and Console organizations can be used to separate environments.Failover
Automatic fallback from a primary identity provider to one or more backup providers when the primary becomes unavailable. The Orchestrator tries connectors in configured order, routing authentication to the next available provider without requiring application changes. See Concepts.Feature Flag
A configuration toggle that enables experimental or gated features in the Orchestrator. Feature flags prevent accidental use of alpha or beta capabilities in production. See Feature Flags reference.Identity Fabric
An architectural pattern where a lightweight abstraction layer (the Orchestrator) sits between applications and identity providers. The Identity Fabric decouples applications from specific vendors, enabling incremental migration, protocol translation, and policy-based routing.MCP (Model Context Protocol)
An open standard protocol for AI agent-to-tool communication. MCP enables AI agents to discover and invoke tools through a structured interface. The Orchestrator supports MCP through its AI Identity Gateway mode. See AI Identity Gateway.MCP Bridge
An AI Identity Gateway capability that translates REST APIs into MCP tools. The Orchestrator reads OpenAPI specifications and automatically generates MCP tool definitions, allowing AI agents to discover and call REST APIs through the MCP protocol without any API changes. See MCP Bridge reference.MCP Proxy
An AI Identity Gateway capability that proxies connections to existing MCP servers while injecting identity context and enforcing authorization on every tool invocation. Used when MCP servers already exist but need identity awareness. See MCP Proxy reference.MRN (Maverics Record Number)
A unique identifier assigned to every resource managed by the Maverics platform. MRNs follow a colon-delimited format that encodes region, organization, resource type, and resource ID:maverics:<region>:<org-id>:<resource-type>:<resource-id>. For example: maverics:us-east:05951629-da9a-41e6-8364-5b0dc4b95884:deployments:2a476eb8-03b5-43d2-afc8-8c44c5a8a304.