Orchestrating Last-Mile Integration to On-Prem Apps with Okta and Strata

hybrid and multi-cloud identity


Enterprises adopting hybrid and multi-cloud identity strategies struggle with fragmented identity systems and lock-in to legacy on-premises systems. The high cost of migration away from legacy identity systems and the adoption of multiple cloud identity systems leaves identity fragmented.

The combination of Strata and Okta gives enterprises a unique way to transition from legacy WAM products to Okta’s market-leading IDaaS with no changes to the user experience or application rewrites leveraging Strata’s Zero Code, Zero Touch approach to building truly distributed identity management.


  • 87% of enterprises have adopted a hybrid cloud strategy.
  • 93% of enterprises have adopted two or more clouds.
  • 43% of enterprises say moving on-prem software to SaaS is a top priority in 2020.


Running hybrid and multi-cloud identity infrastructure leads to fragmentation. Applications are locked into on-premises identity systems, which often pushes the solution to fragmentation out of reach.

With identity systems proliferating across multiple clouds and on-premises, some enterprises use federated SSO to bridge some of the gaps. But if you plan to migrate away from legacy on-premises identity system to the cloud, and you don’t want to get stuck with coexistence long term, you need another solution

Solution Overview

Strata provides seamless live migration from legacy on-premises identity systems such as CA SiteMinder and Oracle Access Manager. Strata migrates users with no change to the user experience and provides last-mile integration to on-premises apps so that you can move them to Okta with no rewrites.

Okta provides standards-based authentication, SSO, and multi-factor authentication for all your enterprise applications, whether running on premises, on public cloud, SaaS.

How Strata and Okta Work Together

  1. Strata discovers the identities, policies, and configurations in your legacy WAM product and detects how apps are integrated.
  2. Strata connects to okta and policies and configs are migrated automatically.
  3. Strata orchestrates the legacy WAM login and seamlessly migrates users from onpremises WAM + directories/databases into Okta Universal Directory.
  4. Strata reroutes login requests from legacy WAM to Okta. Okta signs in the user with OIDC or SAML and Strata emulates the proprietary session cookies of the legacy WAM.
  5. Apps transition from legacy WAM to Okta with no rewrites or refactoring, saving millions of dollars in development and migration costs


  1. Saves millions of dollars by avoiding costly application rewrites required to move to standards-based authentication and SSO.
  2. Improves security by seamlessly adding multi-factor and risk-based authentication and access control to legacy password-protected apps.
  3. Reduces fragmentation by retiring redundant, complex, fragile, and extremely high-cost legacy identity software before it reaches its end of life.

Why Strata + Okta

Strata’s unique Zero Touch, Zero Code, Zero Trust approach to building distributed identity management allows enterprises to discover, connect, and orchestrate identity in hybrid and multi-cloud with no disruption to the user experience and without rewriting apps.

Migrating on-premises applications to use Okta allows our joint customers to quickly transition legacy apps to standards such as OpenID Connect or SAML, add critical security features such as multi-factor authentication and risk based access control, and creates a unified approach to protecting legacy on-premises and SaaS applications.