Episode 087: 02‐13‐2025 Why Identity Orchestration Matters - GluuFederation/identerati-office-hours GitHub Wiki
Title: Why Identity Orchestration Matters
-
Host: Mike Schwartz, Founder/CEO Gluu
-
Guest: Eric Olden, Cofounder, CEO at Strata Identity
Description
Navigating the complex world of enterprise identity is more challenging than ever in an era of multiple clouds and diverse identity providers. For architects tasked with building secure, scalable solutions, traditional approaches often fall short. Enter Identity Orchestration which abstracts and unifies your identity topology, enabling you to seamlessly integrate and model whatever identity providers and authentication solutions your organization relies on—whether it’s Okta, Entra, Google, Duo, Hypr, or some other disparate conglomeration of vendors and technologies. Identity Orchestration virtualizes your identity aggregate into a coherent, adaptable strategy. It’s a methodology designed to help enterprises stay agile, secure, and future-proof in a fast-changing landscape.
Homework
- Connecting identity silos across multiple clouds
- How Identity Orchestration Enhances Amazon Verified Permissions
Takeaways
-
Identity Orchestration helps enterprises abstract identity across multiple IDPs: Entra, Google, Okta, Amazon... if you have more than one of the above, you need it! Identity orchestration is really good at abstracting utility IDP platforms, whether public or private. Do enterprises really need to care about the differences between an Entra and Google IDP?
-
In fact, there are some differences in how IDP platforms express policies. For AWS, you may use Cedar policies stored in Amazon Verified Permissions ("AVP") to protect resources. But in Okta, you may need OpenFGA policies. IDQL and Hexa were open sourced by Strata to enable enterprises to abstact policies across cloud providers. For example, it could be used with the Amazon API Gateway to control access to APIs or with the Azure App Services to ensure consistent access control across applications.
-
Watch out Radiant Logic! Strata has an LDAP interface, and can consolidate multiple Active Directory forrests.
-
Workload identity (i.e. non-human) is increasingly important. The tokens issued to workloads frequently need enrichment by the enterprise, which may happen in an identity orchestration layer.