The Ultimate Guide to Identity Orchestration Recipes

Who doesn’t love a good recipe? When you’re cooking in the kitchen, a bunch of different ingredients with no plan doesn’t cut it (especially if you’re hungry.) You need to know it will all work together – preferably quickly and affordably — and that the end result will satisfy what you were hoping to dish up. 

Orchestration Recipes for identity and access management (IAM) are similar in concept. You already have the parts with which you need to work and want a clear picture of an action plan for creating your solution. 

For example, when you are cooking, if you have chicken, cheese, and tomato sauce in the fridge, you’ll look at a recipe that includes those three items. Perhaps chicken parmesan? With Identity Orchestration, you can think of ingredients as integrations with disparate identity services that you need to achieve a specific business outcome. 

Whatever identity services and IDPs you have in the mix, whatever you want to do with them, there’s a recipe to make it happen. Learn what use cases customers are solving today with Strata Identity’s Orchestration Recipes

What are Identity Orchestration Recipes? 

Strata Identity has created the first no-code/ low-code Orchestration Recipes to solve entire customer use cases. Orchestration Recipes allow you to create simple user journeys, enable passwordless authentication, legacy application modernization,  multi-cloud access control, and identity management resiliency. 

Identity Orchestration Recipes are a holistic approach to identity management that integrate end-to-end, automated use cases for your existing identity systems. Recipes simplify the complex, costly, and neverending task of managing identity in environments with multiple IDPs and identity services. All without ever having to rewrite your legacy apps. 

If you have Okta, SiteMinder, and a legacy application, you will need a recipe that shows you how to modernize legacy app authentication from SiteMinder to Okta. In this case, your use case is Modernization; your integrations are Okta, SiteMinder, and your legacy apps. So your recipe is “Move from SiteMinder to Okta,”

A recipe is a repeatable, no-code software solution for specific identity use cases that never requires you to rewrite apps to serve your final dish. Recipes are created on top of an organization’s identity fabric, which unifies otherwise incompatible and fragmented identity systems, IDPs, and ancillary identity services like MFA and passwordless authentication. 

View our menu of orchestration recipes for inspiration

How are Strata’s Orchestration Recipes different from identity connectors?

The most challenging aspect of identity management has always been making it work with your existing identity infrastructure and the many applications that are needed every day for operations. Every app is hard-coded to an IDP, so it can control user access, personalize the UX, or provide the appropriate service for a specific type of user. 

Originally in IAM, organizations had to have developers write bespoke code to integrate identity management systems with applications. When software as a service (SaaS) came along, apps had to be integrated through vendor-maintained connectors.

Connectors have created a tangled web of problems over the years. If you have a collection of connectors, it’s like taking random ingredients, throwing them at each other, and hoping for the best outcome. Connectors need a lot of custom code to accomplish complex use cases — and updating the custom code is a manual process that is difficult to maintain. 

With Orchestration Recipes now, no coding to apps is required, and the integration encapsulates the entire use case. Recipes take the custom work out of integration because Identity Orchestration, by nature, automates the “cooking” of the integrations and pulls your use case together through an identity fabric. 

The identity fabric is an abstraction layer that decouples identities from the apps themselves and translates whatever policy or standard is needed so that the apps work as intended.   

Recipes are a new solution and are only possible because of the introduction of Identity Orchestration. The concept of Recipes came about from customer feedback — people trying to solve big problems end-to-end and finding that those 1:1 connectors were no longer enough in today’s multi-cloud, multi-identity service world. 

Examples of Strata’s Orchestration Recipes

You can view some of Strata’s popular Recipes that address application and IDP modernization, passwordless deployment, risk-based user access, fraud prevention, and support for multiple IDPs on our inspiration page. 

However, these are certainly not conclusive, and additions are always in the works. New recipes come from a customer challenge that needs solving, followed by an investigation into whether other companies have the same use case. Then, we mix up integrations depending on what an organization has in its pantries’ identity infrastructure. 

Let’s look at some of these in greater depth below.

 

How to move from SiteMinder to Azure AD Recipe

The traditional method for moving a legacy application protected by SiteMinder to a new cloud IDP meant that you had to refactor the app first. It’s a painful process that would need to be repeated over and over again for each app and each new identity service.

With a Recipe and Strata’s Maverics Identity Orchestration platform, apps sitting behind SiteMinder can remain untouched, essentially unaware that they’re being served information from Azure. Maverics handles that handoff and securely translates what it gives the app, so it makes sense to both. View the SiteMinder to Azure AD Recipe

Also, check out other Application Modernization Recipes, including how to move from OAM to Okta recipe and how to move from OAM to Azure AD recipe.

How to Shift from RSA SecureID to Yubikey Recipe

Let’s look at another example of an Orchestration Recipe for a different identity use case. 

Moving from an older MFA technology to a modern cloud-based one used to be really challenging. However, Strata’s Identity Orchestration Recipes allow you to use two different technologies concurrently, just long enough to make the swap securely. 

As a huge bonus, you save valuable time and resources by eliminating the friction of having your employees meet with your security team to register for new technology and then spend hours learning how to make the switch securely. 

View the recipe for how to move from RSA SecureID to Yubikey (Yubico) in the how to Enable a Multiple MFA Selector Recipe.

How to support multiple, concurrent IDPs

You can also use recipes to make a contextual selection of an identity provider using a Recipe with the Maverics Identity Orchestration Platform. 

If you have an application that needs to be accessed by different populations of users, you can make intelligent authentication options via various identity services. 

Maverics uses other data to establish identity context, such as group membership, the region where the user is coming from, attributes stored about the user in a database or another database, etc. An application will be proxied by Maverics when a user tries to access it.  It happens at runtime, and no updates are necessary to the web application.

View the Multiple IDP Selector Recipe to learn more about contextual IDP routing.

How our Orchestration Recipes have helped others solve their IAM challenges

Recipes are rooted in real-world, universal customer challenges and are proven to solve the most challenging identity use cases. The common thread between recipes is that the use cases didn’t exist a few years ago when all identities were centralized. With the advent of multi-cloud, new problems involving the vast number of identity services that companies now have arisen. 

Kroger used a recipe to modernize over 400 apps from a legacy IDP to the cloud. Using Maverics, Kroger moved to AzureAD and retired SiteMinder. They scaled Maverics horizontally, making it highly available, resilient, and seamlessly integrated into the CI/CD pipeline.

In Kroger’s words: “I don’t like to think about what could have been without Strata. It could have been hundreds of thousands of hours redeveloping applications and reconfiguring [those things].”

Kroger’s success with the first recipe got them craving more, and they are looking to see how else they can leverage Identity Orchestration to further their modernization objectives. See Kroger’s case study

Ready to modernize any app in 10 minutes? 

Strata’s Identity Orchestration Recipes are a powerful way to modernize your applications without doing all the manual coding work. Rather than the alternative of depending on individual connectors that leave you wanting more, recipes satiate you and solve your whole use case. We’ve shown some examples of how Strata’s recipes can help you get started, but we want to hear from you! Do you have a use case for Identity Orchestration that you didn’t see? Get in touch and let us know – we’d love to help you. In the meantime, Bon appetite!

Connect with an Identity Orchestration expert