Identity Fabric

Every organization has an identity fabric — it’s the collection of identity providers, directories, and authentication systems that together determine who can access what. For most enterprises, this fabric is not a single system. It’s Entra ID for cloud apps, Active Directory for on-prem resources, an LDAP directory for legacy systems, maybe Okta or PingFederate from an acquisition. Different protocols, different vendors, different eras of technology — all serving the same fundamental purpose. The Maverics Orchestrator connects to your identity fabric through connectors. Each connector integrates with one identity provider or attribute source, abstracting the protocol details (OIDC, SAML, LDAP) behind a uniform interface. This means the Orchestrator can authenticate users against any provider, pull attributes from any directory, and translate between protocols — without your applications knowing or caring which systems are involved upstream.

Console terminology: In the Maverics Console, this section is called Identity Fabric. The YAML configuration uses the connectors key to define identity provider integrations.

Available Connectors

The Orchestrator ships with connectors for the identity providers and directories enterprises use most.

Connector	Protocol	Use Case
1Kosmos (SAML)	SAML	1Kosmos passwordless MFA
Amazon Cognito (OIDC)	OIDC	Cognito user pool SSO, AWS identity
Auth0 (OIDC)	OIDC	Auth0 SSO federation, tenant migration
Continuity	Failover aggregation	IdP failover, zero-downtime migration
Generic OIDC	OIDC	Any OIDC-compliant provider
Generic SAML	SAML 2.0	Any SAML-compliant provider
CyberArk (OIDC)	OIDC	CyberArk Identity SSO
CyberArk (SAML)	SAML 2.0	CyberArk Identity SAML federation
Duo (SAML)	SAML 2.0	Duo Security MFA federation
Google Workspace (OIDC)	OIDC	Google Workspace SSO (uses generic OIDC)
HYPR	HYPR	HYPR passwordless authentication
Keycloak (OIDC)	OIDC	Keycloak SSO federation
LDAP Authentication	LDAP/LDAPS	LDAP bind authentication for end users
LDAP Attribute Provider	LDAP/LDAPS	LDAP attribute lookups for enrichment
Microsoft Active Directory	LDAP (via AD)	Active Directory integration
Microsoft ADFS (SAML)	SAML 2.0	ADFS-to-cloud migration, hybrid federation
Microsoft Entra ID (OIDC)	OIDC	Entra ID SSO, hybrid identity
Microsoft Entra ID (SAML)	SAML 2.0	Entra ID SAML-based federation
Microsoft Entra ID Attribute Provider	Graph API	Entra ID attribute enrichment via Microsoft Graph
Microsoft Windows Client Authenticator	Windows auth	Windows desktop credential authentication via IIS
Okta (OIDC)	OIDC	Okta SSO consolidation, legacy app bridging
Okta (SAML)	SAML 2.0	Okta SAML-based federation
Okta Attribute Provider	Okta API	Okta attribute enrichment via API
Oracle Identity Cloud Service (OIDC)	OIDC	Oracle IDCS SSO
Oracle Universal Directory (LDAP)	LDAP/LDAPS	Oracle OUD directory integration
PingFederate (OIDC)	OIDC	PingFederate on-premises federation
PingFederate (SAML)	SAML 2.0	PingFederate SAML-based federation
Trusona (OIDC)	OIDC	Trusona identity verification
WSO2 Identity Server (OIDC)	OIDC	WSO2 Identity Server SSO

Mode Compatibility

Identity Fabric connectors work with all five Orchestrator modes. The connector determines which protocol the Orchestrator uses to communicate with your identity provider. The mode determines which protocol the Orchestrator uses to communicate with your application. These are independent — an OIDC connector can feed a SAML Provider mode app, and a SAML connector can feed an OIDC Provider mode app. The Orchestrator handles all protocol translation.

OIDC connectors (Microsoft Entra ID, Okta, Auth0, PingFederate, Amazon Cognito, Generic OIDC) — Used with all modes. Most common for OIDC Provider and HTTP Proxy.
SAML connectors (Generic SAML, Microsoft ADFS, Entra ID SAML, Okta SAML, PingFederate SAML, CyberArk SAML, Duo) — Used primarily with SAML Provider and HTTP Proxy. The Orchestrator translates SAML upstream to any downstream protocol.
LDAP connectors (LDAP, Microsoft Active Directory, Oracle Universal Directory) — Used primarily as attribute providers (enriching claims with directory data). Most common with HTTP Proxy and LDAP Provider modes.
Continuity connector — Mode-agnostic. Wraps other connectors to provide IdP failover.

See the connector compatibility matrix for the full matrix showing which connectors are commonly paired with which modes.

Setup

Console UI
Configuration

To create an Identity Fabric connector in the Maverics Console:

Navigate to Identity Fabric in the Console sidebar.
Click Create to open the connector type selection dialog.
Select the connector type that matches your identity provider (e.g., Microsoft Entra ID (OIDC), Okta (OIDC), Generic SAML).
Fill in the required fields for your selected connector type — see the individual connector pages for field-by-field instructions.
Click Save.

Each connector type has its own configuration form. See the individual connector pages linked below for detailed Console UI walkthroughs specific to each provider.

maverics.yaml

connectors:
  - name: azure
    type: azure
    oauthClientID: "{{ env.AZURE_CLIENT_ID }}"
    oauthClientSecret: <vault.azure_client_secret>
    oidcWellKnownURL: "https://login.microsoftonline.com/{{ env.AZURE_TENANT_ID }}/v2.0/.well-known/openid-configuration"
    oauthRedirectURL: "https://app.example.com/callback"
    scopes: "openid profile email"
    tls: "idp-tls"
    healthCheck:
      enabled: true
      interval: "30s"
      timeout: "5s"
      healthyThreshold: 3
      unhealthyThreshold: 3

  - name: corporate-ldap
    type: ldap
    url:
      - "ldaps://ldap.example.com:636"
    serviceAccountUsername: "cn=maverics,ou=services,dc=example,dc=com"
    serviceAccountPassword: <vault.ldap_password>
    baseDN: "dc=example,dc=com"
    usernameSearchKey: "uid"
    userAttributes:
      - "cn"
      - "mail"
      - "memberOf"
    attributeMapping:
      email: "mail"
      name: "cn"
    tls: "ldap-tls"

Connector Pages

1Kosmos (SAML)

1Kosmos passwordless MFA

Amazon Cognito (OIDC)

OIDC connector for AWS Cognito user pools

Auth0 (OIDC)

OIDC connector for Auth0 by Okta

Continuity

Failover connector for IdP high availability

Generic OIDC

Generic OpenID Connect connector

Generic SAML

Generic SAML 2.0 connector

CyberArk (OIDC)

CyberArk Identity OIDC SSO

CyberArk (SAML)

CyberArk Identity SAML federation

Duo (SAML)

Duo Security MFA federation

Google Workspace (OIDC)

Google Workspace SSO using generic OIDC

HYPR

HYPR passwordless authentication

Keycloak (OIDC)

Keycloak SSO federation

LDAP Authentication

LDAP bind authentication for end users

LDAP Attribute Provider

LDAP attribute lookups for enrichment

Microsoft Active Directory

Active Directory connector via LDAP

Microsoft ADFS (SAML)

ADFS federation via SAML

Microsoft Entra ID (OIDC)

OIDC connector for Microsoft Entra ID

Microsoft Entra ID (SAML)

SAML connector for Microsoft Entra ID

Microsoft Entra ID Attribute Provider

Entra ID attribute enrichment via Microsoft Graph

Microsoft Windows Client Authenticator

Windows desktop credential authentication via IIS

Okta (OIDC)

OIDC connector for Okta

Okta (SAML)

SAML connector for Okta

Okta Attribute Provider

Okta attribute enrichment via API

Oracle Identity Cloud Service (OIDC)

Oracle IDCS SSO

Oracle Universal Directory (LDAP)

Oracle OUD directory integration

PingFederate (OIDC)

OIDC connector for PingFederate

PingFederate (SAML)

SAML connector for PingFederate

Trusona (OIDC)

Trusona identity verification

WSO2 Identity Server (OIDC)

WSO2 Identity Server SSO

Config Sources

Where the Orchestrator reads its configuration

Secret Providers

How the Orchestrator retrieves secrets at runtime

Sessions

Session storage options and production support status

Console Administration

Orchestration

Available Connectors

Mode Compatibility

Setup

Connector Pages

1Kosmos (SAML)

Amazon Cognito (OIDC)

Auth0 (OIDC)

Continuity

Generic OIDC

Generic SAML

CyberArk (OIDC)

CyberArk (SAML)

Duo (SAML)

Google Workspace (OIDC)

HYPR

Keycloak (OIDC)

LDAP Authentication

LDAP Attribute Provider

Microsoft Active Directory

Microsoft ADFS (SAML)

Microsoft Entra ID (OIDC)

Microsoft Entra ID (SAML)

Microsoft Entra ID Attribute Provider

Microsoft Windows Client Authenticator

Okta (OIDC)

Okta (SAML)

Okta Attribute Provider

Oracle Identity Cloud Service (OIDC)

Oracle Universal Directory (LDAP)

PingFederate (OIDC)

PingFederate (SAML)

Trusona (OIDC)

WSO2 Identity Server (OIDC)

Config Sources

Secret Providers

Sessions

Console Administration

Orchestration

​Available Connectors

​Mode Compatibility

​Setup

​Connector Pages

1Kosmos (SAML)

Amazon Cognito (OIDC)

Auth0 (OIDC)

Continuity

Generic OIDC

Generic SAML

CyberArk (OIDC)

CyberArk (SAML)

Duo (SAML)

Google Workspace (OIDC)

HYPR

Keycloak (OIDC)

LDAP Authentication

LDAP Attribute Provider

Microsoft Active Directory

Microsoft ADFS (SAML)

Microsoft Entra ID (OIDC)

Microsoft Entra ID (SAML)

Microsoft Entra ID Attribute Provider

Microsoft Windows Client Authenticator

Okta (OIDC)

Okta (SAML)

Okta Attribute Provider

Oracle Identity Cloud Service (OIDC)

Oracle Universal Directory (LDAP)

PingFederate (OIDC)

PingFederate (SAML)

Trusona (OIDC)

WSO2 Identity Server (OIDC)

​Related Pages

Config Sources

Secret Providers

Sessions

Available Connectors

Mode Compatibility

Setup

Connector Pages

Related Pages