> ## Documentation Index
> Fetch the complete documentation index at: https://docs.strata.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

Orchestration is the core of the Maverics platform -- the layer that connects your applications to your [identity fabric](/reference/orchestrator/identity-fabric), translates between protocols, enforces access policies, and routes authentication traffic. Rather than modifying each application to work with each identity provider, orchestration handles all of that centrally.

The **Maverics Orchestrator** is the runtime that provides this. It's a lightweight, self-hosted binary deployed in your infrastructure that processes every identity transaction -- evaluating policies, transforming tokens, and routing requests across protocols without requiring changes to your existing applications.

## Key Capabilities

* **Protocol translation** -- Convert between OIDC, SAML, LDAP, and HTTP-based authentication without modifying applications
* **Identity fabric integration** -- Connect to your organization's [identity fabric](/reference/orchestrator/identity-fabric) -- Entra ID, Okta, Active Directory, LDAP directories, and others -- through a uniform connector interface
* **Identity routing** -- Direct authentication requests to the appropriate identity provider based on configurable policies, with automatic failover between providers
* **Session management** -- Maintain user sessions across multiple applications with configurable [storage backends](/reference/orchestrator/sessions)
* **Credential injection** -- Supply legacy applications with the credentials they expect while using modern identity providers
* **AI identity governance** -- Secure AI agent and MCP tool access through identity-aware policies and the [AI Identity Gateway](/reference/modes/ai-identity-gateway) mode

## Modes

The Orchestrator's mode determines which identity protocol it speaks to your applications. A single Orchestrator can run multiple modes simultaneously:

* [**AI Identity Gateway**](/reference/modes/ai-identity-gateway) -- Secures AI agent access with identity-aware MCP bridge and proxy capabilities
* [**OIDC Provider**](/reference/modes/oidc-provider) -- Acts as an OpenID Connect provider for modern web applications
* [**SAML Provider**](/reference/modes/saml-provider) -- Acts as a SAML identity provider for enterprise applications
* [**HTTP Proxy**](/reference/modes/http-proxy) -- Intercepts and modifies HTTP traffic for legacy application integration
* [**LDAP Provider**](/reference/modes/ldap-provider) -- Serves LDAP queries backed by modern identity sources

## Deployment Options

The Orchestrator supports multiple deployment models to fit your infrastructure:

* **Standalone binary** -- Run directly on Linux, macOS, or Windows as a single process
* **Docker container** -- Deploy as a containerized service with standard Docker tooling
* **Kubernetes** -- Run as a Kubernetes deployment with Helm charts
* **High availability** -- Deploy multiple instances behind a load balancer, or use [clustering](/reference/orchestrator/experimental/clusters) for shared state across nodes

See the [Installation reference](/reference/orchestrator/installation) for setup instructions across all deployment models.

## Related Pages

<CardGroup cols={2}>
  <Card title="Installation" icon="download" href="/reference/orchestrator/installation">
    System requirements, installation methods, and initial verification
  </Card>

  <Card title="Configuration" icon="gear" href="/reference/orchestrator/configuration">
    Delivery paths (Console bundles and YAML), secret providers, and runtime settings
  </Card>

  <Card title="Identity Fabric" icon="users" href="/reference/orchestrator/identity-fabric">
    Connectors for the identity providers and directories your organization uses
  </Card>

  <Card title="Architecture" icon="diagram-project" href="/introduction/architecture">
    Platform architecture and how the Orchestrator fits in
  </Card>
</CardGroup>
