Maverics allows you to perform identity orchestration<\/a> through the configuration of simple App Gateways and Migration Gateways, which automates the
\nidentity and access policy synchronization process. Maverics also provides session abstraction capabilities that enable you to leverage the new identity systems’ authentication providers using a range of session types including SAML, OIDC, headers and more. As a result, Maverics is a faster, more flexible, and cost-effective way to migrate your apps.<\/p>\nOkay, let’s get started with the demo. What you have here is the Legacy Identity System, Oracle Access Manager often known as O-A-M. Within Oracle Access Manager, we have an application domain called pd-demo. This application domain contains our Sonar application that includes several protected resources including, dashboard, cost centers, projects, and reports.<\/p>\n
I want to highlight the authorization policies for this application. If you go to the responses, you’ll see that we’re setting the last name and first name as part of header responses so that the application can welcome the user. We’re extracting and retrieving the names from the currently integrated OAM directory.<\/p>\n
Here, you have the modern identity system, Azure AD. Notice we have some default users here, but we are missing one important user, and that’s our demo user for today\u2014named Allan Adkins. The very first use case we’re going to demonstrate is the automated identity migration from OAM to Azure AD using our migration orchestration flow.<\/p>\n
What you just saw here is a login request for the Sonar Systems application. Maverics has determined that the user hasn’t been migrated yet and therefore directed the authentication to Oracle Access Manager to verify who the user is.<\/p>\n
Next, let’s go ahead and log in as Allan Adkins\u2026.and authenticate. Once I authenticate, Maverics will know who the user is. Behind the scenes, Maverics runs the migration gateway\u2014 I’ll show you what that looks like when we review the YAML configuration. The migration gateway automatically migrates the user into the Azure AD tenant. Let’s take a look at Azure A-D now…and you see that Allan Adkins has been migrated in a just-in-time fashion from OAM to Azure AD.<\/p>\n
Now that I’ve migrated the user has to Azure AD, we will show Maveric\u2019s session abstraction. Session abstraction is what allows you to delegate the authentication into Azure AD. In essence, it lets you authenticate through Maverics and then have that session passed to your app using what\u2019s known as \u201c last-mile\u201d integration. Session abstraction can also send header-based information and attributes to the application. Shortly, you will see the user being orchestrated by Maverics into the Sonar Systems application, the application will receive the user and display the user’s first name and last name.<\/p>\n
Let’s go ahead and show the session abstraction now\u2026And there you have it, the Orchestrator said, “Oh, I see that Allan Adkins has been migrated to Azure AD, therefore, I’m going to direct the user\u2019s authentication to use Azure AD to authenticate the user.” So let’s go ahead and authenticate as Allan Adkins\u2026.And there you go, the user seamlessly accesses the app using the Maverics App Gateway. You can see that I’m welcomed into the application as Allan Adkins. More to come on the App Gateway later when we review the Maverics configuration.<\/p>\n
Next, let’s take a behind-the-scenes look at how this is configured. What you see here is the Orchestrator’s configuration. Maverics uses an easy to configure YAML- based model that is very similar to Kubernetes. The configuration that I want to highlight is the OAM to Azure AD migration<\/p>\n
Migration Gateway: the first configuration I\u2019d like to highlight is the OAM to Azure AD migration gateway. Maverics uses a declarative model to define that when the user attempts to access the Sonar app, migrate her from the source \u2013 OAM \u2013 to the target \u2013 Azure AD. The migration gateway declares that the OAM LDAP connector should be used as the attribute provider that supplies the user profile attributes needed to create a valid user in Azure AD. The migration gateway makes is easy to map these attributes across the completely different schemas \u2013 or namespaces \u2013 of these two identity systems. It\u2019s that simple!<\/p>\n
Now, I’d like to highlight App Gateways. App Gateways are the way that the Maverics performs the last mile integration into the application, in this case, Sonar Systems. A few important things to highlight about the App Gateway.<\/p>\n
First, App Gateways allow you to define one or mor IDPs to be your authentication and session provider. This is important for enforcing policies where you use one IDP for authentication and a second IDP for, say, a multi-factor challenge.<\/p>\n
Second, you may have one or many attribute providers. This is important if you want to add more attributes than you can get back in a claim from your authenticating IDP.<\/p>\n
Third, as you can see here, the App Gateway allows you to easily configure any header or header name and determine where the header value is coming from. In this example the app gateway gets it\u2019s attributes from the claims returned by Azure AD after authenticating the user. It\u2019s not unusual to add additional attributes, such as a group membership, from another enterprise directory or database.<\/p>\n
Maverics supports name spacing, so you can say Azure.family_name, in this case, for last name and you can say azure.name for first name, and for this other header OAM_REMOTE_USER, you can say azure.sub \u2013 meaning the ID of the authenticated user. If you had multiple providers here, you can easily reference the provider and then reference the attribute name to pass into any header you’d like to configure.<\/p>\n
Finally, the App Gateway supports a range of policies\u2014from very simple to highly complex policies. This policy example here is very simple. It\u2019s defining the root resource and all the resources under the root, and then instructing Maverics to allow any user authenticated by Azure AD to access that application\u2014in our case, the Sonar Systems Application. In conclusion, we can say that Strata offers all the advantages of identity and access management in one platform.<\/span><\/p>\nNow comes the fun part. Time for Maverics to decommission (or sunset) Oracle Access Manager. So what we’re going to do is we’re going to log into the admin console here in the live system. You see that the server is in an OK health status, and it’s running. We’re going to shut down Oracle Access Manager because we don’t need it anymore. We click, force shutdown now, then click on yes, and you can see FORCE SUSPENDING\u2014it’s shutting down the server…and now the state is in a shutdown state, which means the server itself is not reachable which is a good way to show how things behave once OAM is gone.<\/p>\n
Now, we’re going to see how Maverics uses the abstraction layer once more, this time accessing Sonar Systems leveraging an App Gateway using Azure Active Directory without OAM in the picture. As you can see, Maverics is delegating the authentication request to Azure AD. Allan Adkins is able to log in to the Sonar Systems, even though Oracle Access Manager has been decommissioned.<\/p>\n
Now, let\u2019s review what we just demonstrated\u2026 First, you saw a just-in-time user migration from a legacy identity system to the new identity system. You saw Maverics perform the session abstraction to manage access to the protected legacy application. Then you saw the dynamic access policy capabilities via Maverics\u2019 service extensions. And finally, you saw app run seamlessly after the legacy system was decommissioned. As you saw, the user experience is unchanged and the app was completely unchanged as well.<\/p>\n
That concludes today’s demo. Please reach out to us with questions at sales@strata.io or sign up to get a personalized demo on strata.io\/demo. Ask about Strata\u2019s Express, 3-day Proof of Concept option to see Maverics work in your environment with your apps.<\/p>\n
We at Strata look forward to helping you modernize your identity infrastructure and move to the future of multi-cloud. Thank you.[\/vc_column_text][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"[vc_row][vc_column][vc_video link=”https:\/\/www.youtube.com\/watch?v=IFvEQqshmNQ” align=”center”][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text] Modernize any app with any IDP in minutes. Join the ‘Orchestration Kitchen’ workshops. Discover sessions [\/vc_column_text][vc_column_text]With Strata’s Maverics Identity Orchestrator\u2122, you can migrate and modernize your identity systems without painful application rewrites. You’ll save hundreds of hours, and millions of dollars on your upcoming project. In the spirit of transparency, we think…","protected":false},"author":2,"featured_media":1730,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"categories":[47,31],"tags":[],"hashtags":[],"acf":[],"yoast_head":"\n
The Maverics Identity Orchestration Express Demo - Strata.io<\/title>\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\t\n\n\n