How to seamlessly failover from Okta to on-prem Active Directory (AD)

Keep your critical apps accessible. Use Identity Continuity to allow key users to securely authenticate with AD if Okta goes down.

Read the docsTry this in Maverics
  • Protect against natural disasters, broken configurations, or network loss. Automatically failover to on-prem AD so users can access apps until the issue is fixed.
  • Protect against your IDP going offline. Use AD to continue accessing all mission critical apps. Keep using HYPR, Yubikey, or any other modern third-party MFA to secure your app when authenticating a user via AD.
  • Make attributes and policies consistent between Okta and AD. Seamlessly map common attributes with the Schema Abstraction Layer™. .

Don’t get caught with your apps down

Recipe details

This is how everything works together.

A diagram illustrating the integration of Okta with an on-premises system via a schema abstraction layer, highlighting on-premises failover from Microsoft Entra ID to Active Directory (AD), LDAP, App Resilience, and Mavericks Orchestrator.

Setup details

Just add in your ingredients and deploy.

Screenshot of a web application displaying an interface for managing identity services with sections for different identity fabrics, including Okta and CyberArk integrations, a Learning Center for resources, and options to failover from your cloud IDP to a backup cloud IDP.

App users don’t care how they authenticate — they care about accessing apps exactly when they need to. Use Identity Continuity to give key users continuous access to the mission-critical apps that directly impact business function — during a natural disaster, if there’s an issue with config, or if your network goes offline.

  • Familiar login. Users log in via the Microsoft Entra ID portal and follow the authentication access flow.
  • Invisible redirection. Behind the scenes, Maverics makes sure that your Microsoft Entra ID instance is online and — if there are any challenges — directs the user to Active Directory.
  • Quick authentication. The user enters their details, gets authenticated and logs in. Everything in the app looks the same as before and access is granted.

Key users will need to access a mission-critical app even if there are network issues or your Okta config is corrupted. Use Identity Continuity to automatically fail over to on-prem AD and allow users to authenticate that way.

  • Define your strategy. Set Okta as your primary IDP and configure AD as your secondary IDP to define your failover strategy within the Maverics UI.
  • Define the attributes your application needs in the Schema Abstraction Layer™. Separately map them to claims available from Okta and Active Directory.
  • Configure continuity. Set health check parameters for triggering failover, simulate outages, and pre-prepare your systems (and users) for any continuity scenarios. Maverics’ hybrid air-gap architecture ensures local orchestrator availability so that identity services are available even when the cloud is inaccessible.

Ready to cook up your perfect identity modernization solution?

Stop juggling disparate identity services. Unleash the power of Strata’s orchestration recipes.
Whether you’re dealing with legacy app modernization or controlling multi-cloud access, Orchestration Recipes have got you covered.

Read the docsTry this in Maverics