Skip to main content

What Is the Orchestrator

The Maverics Orchestrator is the core runtime of the Maverics platform — a lightweight, self-hosted binary that sits between your applications and identity providers to manage authentication, authorization, and identity routing. The Orchestrator processes every identity transaction in your environment — evaluating policies, transforming tokens, and routing requests across protocols without requiring changes to your existing applications.

Key Capabilities

The Orchestrator provides a comprehensive set of identity management capabilities:
  • Protocol translation — Convert between OIDC, SAML, LDAP, and HTTP-based authentication without modifying applications
  • Identity routing — Direct authentication requests to the appropriate identity provider based on configurable policies
  • Session management — Maintain user sessions across multiple applications with configurable storage backends
  • Credential injection — Supply legacy applications with the credentials they expect while using modern identity providers
  • AI identity governance — Secure AI agent and MCP tool access through identity-aware policies and the AI Identity Gateway mode

Orchestrator Modes

The Orchestrator operates in distinct modes depending on the protocol and use case. Each mode defines how the Orchestrator interacts with applications and identity providers:
  • OIDC Provider — Acts as an OpenID Connect provider for modern web applications
  • SAML Provider — Acts as a SAML identity provider for enterprise applications
  • HTTP Proxy — Intercepts and modifies HTTP traffic for legacy application integration
  • LDAP Provider — Serves LDAP queries backed by modern identity sources
  • AI Identity Gateway — Secures AI agent access with identity-aware MCP bridge, proxy, and plugin capabilities
See the individual Modes reference pages for detailed configuration and usage.

Deployment Options

The Orchestrator supports multiple deployment models to fit your infrastructure:
  • Standalone binary — Run directly on Linux or macOS as a single process
  • Docker container — Deploy as a containerized service with standard Docker tooling
  • Kubernetes — Run as a Kubernetes deployment with Helm charts and operator support
  • High availability — Deploy multiple Orchestrator instances behind a load balancer with sticky sessions

Installation

System requirements, installation methods, and initial verification

Configuration

Config file structure, environment variables, and runtime settings

Getting Started

Quick-start guide to install, configure, and run the Orchestrator

Architecture

Platform architecture and how the Orchestrator fits in