How to seamlessly failover from Microsoft Entra ID to on-prem Active Directory (AD)

Keep your critical apps accessible. Use Identity Continuity to allow key users to securely authenticate with AD if Microsoft Entra ID ever becomes unavailable.

Read the docsTry this in Maverics
  • Protect against natural disasters, broken configurations, or network loss. Automatically failover to on-prem AD so users can access apps until the issue is fixed.
  • Protect against your IDP going offline. Use AD to continue accessing all mission critical apps. Keep using HYPR, Yubikey, or any other modern third-party MFA to secure your app when authenticating a user via AD.
  • Make attributes and policies consistent between Microsoft Entra ID and AD. Seamlessly map common attributes with the Schema Abstraction Layer™.

Don’t get caught with your apps down

Recipe details

This is how everything works together.

Diagram depicting a hybrid identity management architecture with Microsoft Entra ID and on-premises components such as LDAP, Active Directory, and key elements like Schema Abstraction Layer and Mavericks Orchestrator, featuring failover from Microsoft Entra ID to on-prem AD.

Setup details

Just add in your ingredients and deploy.

Screenshot of the Strata Identity management interface showing Continuity Strategy Configuration with options for Microsoft, Okta, and Failover from Microsoft Entra ID to on-prem Active Directory (AD). The sidebar has links to various service sections.

App users don’t care how they authenticate — they care about accessing apps exactly when they need to. Use Identity Continuity to give key users continuous access to the mission-critical apps that directly impact business function — during a natural disaster, if there’s an issue with config, or if your network goes offline.

  • Familiar login. Users log in via the Microsoft Entra ID portal and follow the authentication access flow.
  • Invisible redirection. Behind the scenes, Maverics makes sure that your Microsoft Entra ID instance is online and — if there are any challenges — directs the user to Active Directory.
  • Quick authentication. The user enters their details, gets authenticated and logs in. Everything in the app looks the same as before and access is granted.

Key users will need to access a mission-critical app even if there are network issues or your Microsoft Entra ID config is corrupted. Use Identity Continuity to automatically fail over to on-prem AD and allow users to authenticate that way.

  • Define your strategy. Set Microsoft Entra ID as your primary IDP and configure AD as your secondary IDP to define your failover strategy within the Maverics UI.
  • Define the attributes your application needs in the Schema Abstraction Layer™. Separately map them to claims available from Microsoft Entra ID and Active Directory.
  • Configure continuity. Set health check parameters for triggering failover, simulate outages, and pre-prepare your systems (and users) for any continuity scenarios. Maverics’ hybrid air-gap architecture ensures local orchestrator availability so that identity services are available even when the cloud is inaccessible.

Ready to cook up your perfect identity modernization solution?

Stop juggling disparate identity services. Unleash the power of Strata’s orchestration recipes.
Whether you’re dealing with legacy app modernization or controlling multi-cloud access, Orchestration Recipes have got you covered.

Read the docsTry this in Maverics