← Back to Recipes

How to add modern authentication to any app still using NTLM over LDAP for authentication

Still using Active Directory to authenticate users? Secure your legacy mission-critical apps with a modern IDP instead — without refactoring.

Read the docsTry this in Maverics
  • Modernize any app to Microsoft Entra ID using the Active Directory Authentication Facade.
  • Add any modern services — like MFA — so your app meets current cybersecurity requirements.
  • Create a single user access experience consistent with the rest of your apps.
Ingredients
Modern Authentication
LDAP

What the organization gains

Active Directory is not a sufficient form of day-to-day user authentication anymore — it’s not secure enough. Extending Microsoft Entra ID to legacy applications gives them all the advantages and protections of a modern IDP — while still allowing you to retain access to Active Directory user attributes and fail over to it in case of emergency.

  • Comply with cybersecurity mandates. Using a modern IDP allows you to protect your app without rewriting it.
  • Retire Active Directory from its authentication duties. The Maverics orchestrators sit on either side of your app. Instead of ‘talking’ to Active Directory, the app ‘talks’ to the orchestrators.
  • Convenient failover. Your apps can fail over to Active Directory in case of emergency.

What the user sees

App users don’t care what identity provider you use to authenticate them — they care that it works and that they don’t have to remember multiple logins. Use Identity Orchestration to protect users and ensure that logging into every app is consistent.

  • Common login. Users now head to the same login screen as the rest of their apps, start the access workflow, and use their modern IDP for authentication.
  • Invisible redirection. Behind the scenes, Maverics evaluates the app policy in the config and directs the user to your new modern IDP.
  • Quick authentication. The user enters their IDP details, gets authenticated, and logs in. Everything in the app looks the same as before.

What the admin does

Stop maintaining separate login credentials in Active Directory. Use Identity Orchestration to extend Microsoft Entra ID to any app — even the extremely technically complex ones.

  • Prepare your work surface. Define the upstream application and the port Maverics will use to communicate with the app.
  • Set the rules. Define the basic policy that enforces authentication to your new modern IDP and define how Maverics will provide context to the upstream application.
  • Configure. Set Maverics up as an authentication gateway and give it the right permissions to direct users correctly.

Solve more modernization challenges with ready-to-deploy recipes

Modern Authentication
Multiple IDPs
Secure & control cross-border access to a global resource

Keep your employee data sovereign, local and resident. Support your multi-national operations with region-specific IDPs that give users controlled access to common apps.

Modern Authentication
LDAP
How to add modern authentication to any app still using NTLM over LDAP for authentication

Still using Active Directory to authenticate users? Secure your legacy mission-critical apps with a modern IDP instead — without refactoring.
Migration
CyberArk
Non-standard App
How to move from your legacy IDP to CyberArk Identity without refactoring a thing

Break up with your outdated IDP, keep the complex access policies you love, and replace it with modern authentication and passwordless protection from CyberArk Identity — all without rewriting your apps.

View all recipes

Ready to cook up your perfect identity modernization solution?

Stop juggling disparate identity services. Unleash the power of Strata’s orchestration recipes.
Whether you’re dealing with legacy app modernization or controlling multi-cloud access, Orchestration Recipes have got you covered.

Read the docsTry this in Maverics