Skip to main content
Orchestration is the core of the Maverics platform — the layer that connects your applications to your identity fabric, translates between protocols, enforces access policies, and routes authentication traffic. Rather than modifying each application to work with each identity provider, orchestration handles all of that centrally. The Maverics Orchestrator is the runtime that provides this. It’s a lightweight, self-hosted binary deployed in your infrastructure that processes every identity transaction — evaluating policies, transforming tokens, and routing requests across protocols without requiring changes to your existing applications.

Key Capabilities

  • Protocol translation — Convert between OIDC, SAML, LDAP, and HTTP-based authentication without modifying applications
  • Identity fabric integration — Connect to your organization’s identity fabric — Entra ID, Okta, Active Directory, LDAP directories, and others — through a uniform connector interface
  • Identity routing — Direct authentication requests to the appropriate identity provider based on configurable policies, with automatic failover between providers
  • Session management — Maintain user sessions across multiple applications with configurable storage backends
  • Credential injection — Supply legacy applications with the credentials they expect while using modern identity providers
  • AI identity governance — Secure AI agent and MCP tool access through identity-aware policies and the AI Identity Gateway mode

Modes

The Orchestrator’s mode determines which identity protocol it speaks to your applications. A single Orchestrator can run multiple modes simultaneously:
  • AI Identity Gateway — Secures AI agent access with identity-aware MCP bridge and proxy capabilities
  • OIDC Provider — Acts as an OpenID Connect provider for modern web applications
  • SAML Provider — Acts as a SAML identity provider for enterprise applications
  • HTTP Proxy — Intercepts and modifies HTTP traffic for legacy application integration
  • LDAP Provider — Serves LDAP queries backed by modern identity sources

Deployment Options

The Orchestrator supports multiple deployment models to fit your infrastructure:
  • Standalone binary — Run directly on Linux, macOS, or Windows as a single process
  • Docker container — Deploy as a containerized service with standard Docker tooling
  • Kubernetes — Run as a Kubernetes deployment with Helm charts
  • High availability — Deploy multiple instances behind a load balancer, or use clustering for shared state across nodes
See the Installation reference for setup instructions across all deployment models.

Installation

System requirements, installation methods, and initial verification

Configuration

Delivery paths (Console bundles and YAML), secret providers, and runtime settings

Identity Fabric

Connectors for the identity providers and directories your organization uses

Architecture

Platform architecture and how the Orchestrator fits in