Extend Azure AD to On-Prem Apps with Consistent Access Policies

strata_consistent access policy


Enterprises adopting hybrid and multi-cloud strategies struggle with fragmented identity systems and lock-in to legacy on-premises systems. The high cost of migration away from legacy identity systems and the adoption of multiple cloud identity systems leaves identity fragmented and makes enforcing consistent access policies challenging.

Strata extends Microsoft Azure Active Directory to protect on-premises applications by enforcing consistent access policies, keeping identities in sync, and making it simple to transition applications from legacy identity systems to standards-based authentication and access control provided by Azure AD. Strata’s unique approach to distributed identity management gives enterprises the power to quickly transition from legacy to Azure AD without rewriting applications.

Challenge with Maintaining Consistent Access Policies

  • 87% of enterprises have adopted a hybrid cloud strategy.
  • 93% of enterprises have adopted two or more clouds.
  • 74% of enterprises move apps to the cloud and then back on-premises.

Enterprises face the challenge of running multiple identity systems to support hybrid and multi-cloud environments. Maintaining each separate identity system results in inconsistent access policies and identity data when each identity system expects to be the authoritative system of record. The result is fragmentation, loss of control, and complexity that hinders a strong security posture and puts the enterprise at risk.

Transitioning on-premises applications from legacy identity systems to a standards-based cloud identity system typically requires costly application rewrites and significant changes for operational teams. This is further complicated when you need to provide these on-premises applications to remote workers.

Solution Overview

Strata seamlessly extends Azure AD’s authentication and access control to on-premises applications that are tightly integrated with legacy identity systems such as CA SiteMinder or Oracle Access Manager. Strata’s unique approach to last-mile application integration means that those apps can transition to using Azure AD with no user experience changes and no burden on application teams. Strata extends access policies to enforce consistent access across hybrid cloud environments.

How Strata and Azure AD Work Together to Achieve Consistent Access Policies

  1. Strata discovers the identities, policies, and configurations in your legacy WAM product and detects how apps are integrated.
  2. Strata proxies access to on-premises applications and redirects users previously authenticated using CA SiteMinder or Oracle Access Manager to authenticate against Azure AD using built-in SAML and OIDC Connectors for Azure AD.
  3. Using Azure AD’s authenticated session, Strata retrieves and sends the user attributes each application requires to control access. Using Strata’s built-in Javascript and Golang service extensions allows for complex attribute combinations retrieved from any attribute provider.

If required, Javascript and Golang service extensions enforce fine-grained access to application resources based on any arbitrary logic, context about the user, or conditions detected at the time of a request.


strata and microsoft azure


  1. Saves millions of dollars by avoiding costly application rewrites required to move to standards-based authentication and SSO.
  2. Improves security by seamlessly adding multi-factor and risk-based authentication and access control to legacy password-protected apps.
  3. Reduces fragmentation by retiring redundant, complex, fragile, and extremely high-cost legacy identity software before it reaches its end of life.

Why Strata + Azure AD for Consistent Access Policies

Strata’s Identity Orchestration Platform delivers a unique distributed identity management architecture that allows enterprises to seamlessly transition on-premises applications to use Azure AD for authentication and access control. This helps customers break the decade-old lock-in that has prevented a broader transition of enterprise workloads to public cloud infrastructure such as Azure. The combined power of Strata and Azure AD makes it easy for customers to future-proof the way apps consume identity and strengthen the authentication and access control process. Additionally,  together they help expose applications to remote workers that can no longer exclusively consume resources from within the corporate firewall.

LEARN MORE: Find Strata on the Azure AD App Gallery.

Microsoft and Strata Partnership