Search
⌃K

Quick start guide

Maverics is Strata's SaaS solution for identity orchestration. Maverics Cloud walks you through the process of creating an identity fabric configuration and identity orchestrator instance, and deploying the configuration to a shared storage container for the orchestrator instance to consume and run.
Maverics Cloud model
To use Maverics , you will need to do the following:
  1. 1.
    Create your identity fabric: configure the identity services you use with your applications.
  2. 2.
    Create your application: choose your application type (headers based or custom code), provide the app details, and define the applications resources.
  3. 3.
    Create user flows: connect the application to the identity fabric, and define the user experiences for authentication and authorization.
  4. 4.
    Get the Sonar sample app.
  5. 5.
    Set up environments and orchestrator instances.
  6. 6.
    Publish and test user flows.
This guide provides instructions on how to set up an Orchestrator instance and complete a user flow in Maverics.
Before you begin this evaluation, you will need the following:
  • Docker Desktop
  • An identity provider supported by Maverics (Azure, Okta, an OIDC provider)
    • An application set up in your identity provider
    • A user to test login scenarios
  • The Sonar and Canary test applications
  • An Amazon S3 bucket (You must also have access to the access key ID and secret access key)

Get access to Maverics

  1. 1.
    Go to https://maverics.strata.io
  2. 2.
    Sign up with HYPR or Google.
    • This is a no-obligation trial and no payment information will be collected.
  3. 3.
    Success! You should land on the dashboard!

Invite others to your account

This step is optional.
  1. 1.
    After you've signed up and logged into Maverics click Accounts in the left navigation bar.
  2. 2.
    Click your account name to edit.
  3. 3.
    Click Add Member and enter the email address of your colleague. When you go back to accounts you will see that the invitation is pending.
  4. 4.
    In order for your colleague to join, they must sign up for an account and go to the accounts section to accept the invitation.
  5. 5.
    To switch between accounts, hover over your email address in the upper right corner of the screen and click Switch Accounts to navigate to the Accounts area.
  6. 6.
    Click Use this Account button next to the account you’d like to use.

Set up the sample Sonar app locally

In this section, you will download our sample apps, edit your local etc/host settings, and download certificates for the apps.

Get the Sonar Docker Images

  1. 1.
    Install Docker Desktop so you can locally deploy the Canary and Sonar apps from https://www.docker.com/products/docker-desktop/
  2. 2.
    Get Canary and Sonar Apps by following instructions from Strata docs: https://docs.strata.io/quickstarts/sonar-canary-demo-apps

Redirect local traffic to Maverics and sample apps

Mac
  1. 1.
    Launch the Terminal app and paste this command: sudo nano /etc/hosts
  2. 2.
    Add this line to the bottom of the text: 127.0.0.1 maverics.sonarsystems.com app.sonarsystems.com
  3. 3.
    Type CTRL+X to close, and type YES to save.
Windows
  1. 1.
    Open the Windows Start menu and search for Notepad.
  2. 2.
    Right-click on Notepad and select Run as administrator.
  3. 3.
    In Notepad, click File and select Open.
  4. 4.
    In the file explorer window, go to the folder C:\Windows\System32\drivers\etc.
  5. 5.
    Change the file type filter to "All Files" and open the file named hosts.
  6. 6.
    At the end of the file, add a new line with the following text: 127.0.0.1 maverics.sonarsystems.com app.sonarsystems.com.
  7. 7.
    Save the file and close Notepad.
Linux
  1. 1.
    Type the command below, then key in your admin password: sudo su
  2. 2.
    To open the hosts file using Gedit, type the following command and press Enter: sudo gedit /etc/hosts
  3. 3.
    Add the following line and save your changes 127.0.0.1 maverics.sonarsystems.com app.sonarsystems.com
The changes you made to the hosts file should take effect immediately. Any attempts to access the websites maverics.sonarsystems.com and app.sonarsystems.com will be redirected to your own computer at 127.0.0.1.

Create the certificates for the sample Sonar app

In order to connect to the Orchestrator with your browser, you will need a TLS certificate. You can generate a self-signed certificate by running the following command:
openssl req -x509 -newkey rsa:4096 -keyout maverics.key -out maverics.crt -sha256 -days 365 -nodes -subj '/CN=maverics.sonarsystems.com'
This command generates two files called maverics.key and maverics.crt. Place them in a directory that you can refer to later when setting up the Orchestrator environment.

Configure your identity fabric

Your identity fabric is the collection of identity services you use with your apps.

Create an identity fabric component

To complete the following steps, log into Maverics.
  1. 1.
    From the dashboard, click Configure identity fabric. Alternatively, from the sidebar, click Identity Fabric, select an identity service, and click Add.
  2. 2.
    Choose an identity provider you can use for authentication.
  3. 3.
    Configure your identity provider service with the values required by your IdP.
  4. 4.
    Click Create.

Configure an application

Applications are the resources and tools your users access. The instructions below are specifically to configure the Sonar sample app provided by Strata.
  1. 1.
    From the dashboard, click Configure application. Alternatively, from the sidebar, click Applications and click Create under Header-based. You will be configuring a proxy to a non-standard app that relies on HTTP headers.
  2. 2.
    Configure the following:
    • Name: Sonar
    • Upstream URL: https://sonar.stratademo.io
    • Base Path: /
    • Host Name (Optional): maverics.sonarsystems.com
    • Unauthorized Page (Optional): https://maverics.sonarsystems.com/notallowed
    • Error Page (Optional): maverics.sonarsystems.com/error
    • Preserve Host: Preserve Host is used to determine if the Host header should be preserved on outbound requests. By default, the Orchestrator sets the host header to match the upstream's host. This field is often used when the Orchestrator is forwarding traffic to another reverse proxy such as Apache.
  3. 3.
    Click Create.
  4. 4.
    (Optional) You can add resources in the Resources box by entering the name and clicking Add. For the Sonar app, you can created /reports and /calendar to test different policies.

Create a user flow

User flows have a 1-to-1 relationship with applications and are used to define policy details that are associated with an application. You must have at least one identity fabric and one application configured before creating a new user flow.
  1. 1.
    From the dashboard, click Create user flow. Alternatively, from the sidebar, click User Flows, and click New.
  2. 2.
    Enter a name for the user flow and select an application to use. Click Create.
  3. 3.
    Select an IdP for the Authentication Provider. Click Add.
  4. 4.
    Under Access Control, select a resource and click Add.
    1. 1.
      Select Allow traffic if user is authenticated by [your IdP] under Authentication and Allow all access under Access Controls. Click Create.
    2. 2.
      Scroll down to Headers.
    3. 3.
      Add attributes, provider, and claims for the Sonar app and click Add after each one:
      • Attribute: firstname | Provider: azure | Claim: givenname
      • Attribute: lastname | Provider: azure | Claim: surname
      • Attribute: SM_username | Provider: azure | Claim: any default claim supported by your IdP.
  5. 5.
    Click Back to go to the User Flow.
  6. 6.
    Click Save draft as new revision.

Set up a remote storage bucket

Create an environment

  1. 1.
    From the sidebar, click Infrastructure and Environments, and click New.
  2. 2.
    Configure the following:
    • Name: A friendly name for your environment. For this example, let’s use AWS-staging.
    • Description: Additional description of the environment.
  3. 3.
    Scroll to the bottom of the page where the Example shared storage provider configuration section appears and use the example configuration code block based on your remote storage selection from the bottom of the screen.
  4. 4.
    Click Create.

Run a Maverics Orchestrator

  • Download the lastest Maverics Orchestrator software and follow the instructions to install based on your operating system:
  • Start the Orchestrator
The Orchestrator instance will then attempt to read the configuration from your shared storage container, but it will fail until you've deployed the Orchestrator in the next section.

Deploy your user flow

  1. 1.
    Log back into Maverics.
  2. 2.
    From the sidebar, click User Flows, and select the user flow you want to use.
  3. 3.
    Scroll down to the Configuration section, and click Save as New Revision.
  4. 4.
    After the revision has saved, click Publish.
  5. 5.
    On the Deploy screen, choose the environment you created.
  6. 6.
    If you’re using auto-reload, Maverics will automatically consume the published configuration. If it doesn't, go back to the Maverics terminal window to restart it:
    • Type CTRL+C to quit Maverics.
    • Start the Orchestrator instance again with the following command: ./maverics
  7. 7.
    Open a browser window to access the Sonar app at https://maverics.sonarsystems.com.
  8. 8.
    You will be prompted to sign in with your IdP credentials.
  9. 9.
    Go to the Versions tab to examine the headers passed through.
Congratulations! You have successfully set up Maverics. You can now check your Orchestrator logs in the terminal to see how the user flow was executed by authenticating with Azure, the claims provided, and the attributes created in headers.
Get Started - Previous
Maverics Overview
Next - Maverics Orchestrator
Product Capabilities
Last modified 30d ago