Identity Orchestrations > Application + identity migrations

Migrate apps from legacy to cloud identity without rewriting them

Migrating apps from legacy identity systems — such as SiteMinder, Oracle Access Manager, RSA ClearTrust, IBM, Ping, and Active Directory — is complex, time-consuming, and costly. Rewriting each legacy app to work with standards-based, modern cloud identity isn’t realistic. With Maverics, you don’t have to rewrite to make legacy apps work with your cloud identities.

Get Free Demo

Strata Overview - Distributed Multi-Cloud Identity Management

Migrate hundreds of apps in record time

Maverics’ App Migration enables you to move your apps off of legacy identity systems and onto modern cloud identity systems — without the time-consuming and costly task of rewriting apps. Use Maverics’ Identity Orchestrations to incrementally migrate apps to the Cloud. Achieve seamless coexistence during the transitions and decommission legacy identity systems.


spent on app migration

Automatically discover policy and identity configuration in minutes and translate legacy policy into modern policy in seconds. Maverics’ no-rewrite technology reduces migration projects from months to hours.


within 90 days

Expedite your cloud migration by moving your legacy apps to the cloud faster. The Maverics identity abstraction layer sets up a migration factory enabling you to move hundreds of apps in weeks.


in migration costs

Save millions in custom coding for the initial migration and maintenance costs long-term. The Maverics Connector Catalog has prebuilt integrations that connect all your identity systems.


Break lock-in with identity orchestration

Maverics breaks identity lock-in. Decouple apps from legacy identity and change the identity provider to a cloud identity system. Our abstraction layer isolates apps from identity enabling you to easily swap one identity system out for another.

Discover apps and transform policies

Analyze your legacy identity system and apps to uncover dependencies and analyze policies. Maverics automatically translates legacy policy into cloud identity policies. Maverics can tell you which policies are in use and what applications are accessed most to prioritize your migrations.

Move apps without rewriting them

Decouple your apps from your legacy identity. With Strata’s patent-pending, distributed architecture, you don’t need to touch your apps, and there’s no need for app owners to do anything to migrate. Maverics supports virtually any integration pattern, including OIDC, SAML, cookies, HTTP headers, and tokens.

Enjoy flexible deployment options

Rip and replace web agents and decommission your legacy identity infrastructure — with minimal disruption to your apps. Maverics can be installed on any cloud platform and on-premises. You can run Maverics as a proxy between your apps and identity. Alternatively, you can directly integrate Maverics with your web and application servers. 

Migrate hundreds of apps in weeks

Automate the identity migration process. Maverics enables you to move dozens of apps off legacy identity and onto cloud identity at scale. Use Maverics Identity Orchestration to build a migration factory to migrate dozens, hundreds — even thousands — of apps.

Enforce your legacy policies in the cloud

Fill the policy and feature gaps between the cloud and legacy identity systems by using Maverics Identity Orchestration to apply overlay policy. This Strata-level policy overlays the needed policy enforcement functionality on top of what the cloud identity system provides. 

Enable incremental migrations

Migrate your apps incrementally, avoiding any risky, “Big Bang” cutovers. Move groups of apps in batches on your timelines and maintain coexistence of legacy and cloud identity during the transition.

Validate automated migration

To validate a seamless migration, Maverics provides application validation to automatically test whether the new policy enforcement and app interaction is the same as the legacy setup dramatically speeding testing and validation.

How to use Identity Orchestrations for application identity migrations


Discovery is run against the legacy identity system. Policies are extracted and automatically converted into cloud identity policies.


The legacy app and its SSO code is “lifted-and-shifted” to the cloud platform. This example app uses legacy session cookies.


Users are directed to authenticate against the cloud identity system that then creates a session for the user using OIDC or SAML.


Maverics transforms the OIDC token from the cloud identity system into the legacy token format that the application is expecting.


Personalization data is packaged for the user session into HTTP headers for use by the application without any changes.


MFA checks and additional user data collected from attribute providers, apps, and other identity systems (optional).


Validate that the migrated app is working as expected, then automating QA testing and certification (optional).


Repeat the steps above until all apps are migrated and then the legacy identity system can be decommissioned.

Ready to get started?

Intrigued by Maverics and ready for the next step? Great. Choose to either watch the demo video below or get more info.

Watch a recorded demo

I’m Still Skeptical