Strata in the News

Hexa Open Source Project for Multi-Cloud Policy Orchestration Accepted as CNCF Sandbox Project

Open Source Identity Standard and Policy Orchestration Software Unifies Multi-Cloud Access Policy Management

BOULDER, Colo., Sep. 13, 2022 —Strata Identity, the Identity Orchestration for multi-cloud company, today announced the Hexa and IDQL (Identity Query Language) open source project that enables organizations to apply consistent access policy across any application on multiple cloud platforms has been accepted as a sandbox project by the Cloud Native Computing Foundation (CNCF):

“Cloud Identity is extremely fragmented with no clear path for orchestrating policy management across different service provider platforms,” said Gary Rowe, principal consulting analyst, and CEO of TechVision Research. “IDQL represents a major step forward in providing a standards-based approach for cloud-based IAM governance.” 

CNCF is a non-profit organization under the Linux Foundation committed to managing open-source cloud-native projects. The authors and working group members of IDQL and Hexa include Strata Identity, Kroger, Versa Networks, S&P Global, Cummins, and MEF. Others interested in supporting the Project can find more information at

Currently, each cloud platform (AWS, Google, Microsoft Azure, etc.) uses a proprietary identity system with its own policy language, all of which are incompatible with each other. Meanwhile, each application must be hard-coded to work with a specific identity system. According to the 2022 State of Multi-Cloud Identity report, this is a major challenge for organizations, with only 25% of respondents stating that they have visibility into multi-cloud access policies. 

Strata Identity has spearheaded the Hexa and IDQL project based on the company founders’ experience co-authoring the SAML standard for SSO Federation. The vision for this new project is to usher in a well-conceived open-source policy orchestration framework that expands the possibilities for businesses, consumers, and software vendors to benefit from the transition to a modern, transparent and passwordless approach to identity.

“Managing access policy across incompatible cloud identity systems is a major stumbling block for organizations and is slowing down digital transformation and modernization projects,” said Eric Olden, CEO of Strata Identity and one of the co-authors of the ubiquitous SAML internet identity standard for single sign-on. “IDQL and Hexa eliminate identity silos without requiring cloud providers and application owners to make any modifications to their systems. With the support of the CNCF and our growing community of working group members, we believe Hexa will transform cloud identity.”

IDQL and Hexa enable any number of identity systems to work together as a unified whole without making any changes to them or to applications. Together this open source project provides the following benefits:

Policy discovery

  • Analyzes and performs inventory of key apps, data, and policies
  • Uncovers which apps exist and where they are
  • Finds what policies, users, and roles exist

Policy translation

  • Translates native, imperative policies into declarative IDQL policies during policy discovery
  • Translates declarative IDQL policies into native, imperative policies of the target system(s) during policy orchestration

Policy orchestration

  • Distributes policies to be enforced by identity providers (IdPs), clouds, IaaS, and network systems
  • Works via a cloud-based architecture that does not require an agent, proxy, or local code
  • Uses an extensible, open-source model that supports custom connector integrations

About IDQL/Hexa Project

IDQL and HEXA are managed under a vendor-neutral working group, and an open source, open governance model and will remain independent from any company or company-sponsored project. Interest in building open standards for cloud identity is being driven by global multi-cloud adoption and incompatibility between cloud identity systems. The authors of IDQL and Hexa include Strata Identity, Kroger, Versa Networks, S&P Global, Cummins, and MEF. Others interested in supporting the Project can find more information at

About Strata

Strata Identity is the leader in Identity Orchestration for hybrid and multi-cloud environments. The orchestration recipe-powered Maverics platform enables organizations to connect and control incompatible identity systems without changing the user access experience. By decoupling applications from identity, Maverics makes it possible to implement modern authentication like passwordless and enforce consistent access policies without refactoring source code. The company’s founders created the IDQL (Identity Query Language) standard and Hexa open-source software for multi-cloud policy orchestration, and are co-authors of the SAML standard for SSO federation. For more information, visit us on the Web and follow us on LinkedIn and Twitter.

Read the press release on PR Newswire.

# # #