Company Profile · Identity Software
Strata Identity
The Boulder company that turned the thankless plumbing of enterprise login into a category - and got bought for it.
The Boulder company that turned the thankless plumbing of enterprise login into a category - and got bought for it.
The identity provider has gone dark. A few years ago that meant thousands of employees locked out, a help desk on fire, and a very long morning for the CISO. Now traffic quietly fails over to a backup, logins keep flowing, and most people never notice anything happened. The thing doing the quiet rerouting is software from a company most users have never heard of: Strata Identity.
Strata sells a product called Maverics. It is not an identity provider - it does not store your passwords or be the thing you log into. It sits one layer above all of that, in the awkward space between your applications and whatever login systems you happen to use. Okta over here. Microsoft Entra over there. A twenty-year-old on-prem system nobody wants to touch. Maverics speaks to all of them and makes them behave like one.
That sounds dull until you realize how much misery it removes. And misery, it turns out, is a large addressable market.
For decades, enterprise applications were built with identity baked in. The app didn't just use a login system - it married one. Want to switch from a legacy provider to a modern cloud one? You had to crack open every application and rewrite the part that handled who's-allowed-in. For a company with hundreds of apps, that is not a project. It is a career.
So companies didn't switch. They stayed on aging systems like Oracle Access Manager and CA SiteMinder long past their welcome, because the cost of leaving was measured in years. Identity vendors, for their part, were perfectly happy with this arrangement. Lock-in is a bug for the customer and a feature for the vendor, and nobody was rushing to fix it.
The insight was almost annoyingly simple. If you put an abstraction layer between apps and identity systems, the marriage breaks. Apps talk to the layer. The layer talks to whatever provider you want this week. Swap the provider underneath and the apps never know. Identity becomes a setting, not a rebuild.
Strata was founded in 2019 by three identity veterans who had, between them, roughly sixty years of arguing about this exact problem. CEO Eric Olden co-authored SAML - the standard that lets login systems pass credentials to applications - back when he was a student at Berkeley. People in the field call him the father of modern identity management, which is the kind of title you can only earn by caring about something deeply unfashionable for a very long time.
He brought along Topher Marie as CTO and Eric Leach as Chief Product Officer. All three had held senior roles at Oracle. All three had watched enterprises suffer through identity migrations. The founding bet was that the standards-writing crowd could do it again - not by inventing another identity provider, but by inventing the layer that makes providers interchangeable.
The platform's cleverest trick is making hard things look like assembling a sandwich. Strata calls them Orchestration Recipes - multi-step workflows for onboarding a user, retiring a legacy provider, or routing around an outage. Architects build them without writing code, which is the difference between a migration that takes a weekend and one that takes a fiscal year.
The distributed abstraction layer. Connects any app to any identity provider across on-prem, hybrid, and multi-cloud - no app rewrites.
No-code, runtime workflows that automate onboarding, offboarding, and migration off legacy IDPs like Oracle Access Manager and SiteMinder.
Automatic failover that keeps authentication working when a primary identity provider goes down. The thing that made the 9 a.m. outage a non-event.
A runtime control point that authenticates, authorizes, and watches every action an AI agent takes against upstream services - including across Model Context Protocol.
The skeptic's question for any platform company is simple: does anyone actually run this in production? Strata's answer is a list of organizations that do not casually adopt unproven identity software - among them Navy Federal Credit Union, 3M, Syniverse, Concentrix, PTC, and the State of Minnesota.
The grocery giant Kroger reportedly saved hundreds of thousands of hours that would otherwise have gone into rewriting apps by hand. That is the number that makes a CFO lean forward. Strata also did the unusually patient thing of publishing a book to explain its own category to CISOs - a move that is either generous or a sign that a new idea needs a lot of explaining. Probably both.
Strata's stated vision is oddly specific: a world where identity managers are heroes. It is a small, human goal hiding inside infrastructure software. The people who run identity at large companies are usually invisible until something breaks, at which point they are extremely visible for all the wrong reasons. Strata's whole pitch is to flip that - to make swapping providers, surviving outages, and modernizing apps boring enough that the identity team gets to look competent instead of besieged.
The values the company lists - openness, honesty, transparency, accountability - are the sort of thing every company lists. What is more telling is that the founders kept open-sourcing the hard parts. IDQL and the Hexa project are free for anyone, which is a strange move for a company that could have hoarded them. It suggests they believe the category matters more than any single moat.
Just as Strata got its abstraction layer working for humans, the ground shifted. AI agents arrived - software that acts on its own, calls other services, and very much needs to be told what it is and is not allowed to do. Gartner started tracking agentic identity as emerging tech and named Strata as a sample vendor. In late 2025 the company shipped the AI Identity Gateway to authenticate and govern every move an agent makes.
This is where the layer pays off. An abstraction built to make human login providers interchangeable turns out to be exactly the right place to stand when you need to watch and control non-human actors too. The plumbing was general-purpose all along.
In June 2026, the data-security company Rubrik acquired Strata, folding Maverics into a broader push it calls Identity Resilience - the idea that identity itself should be recoverable, not just your files. For a company founded on the premise that identity should be swappable, being absorbed into a resilience story is a fitting next chapter.
So return to that bank, 9 a.m., the provider dark. The morning that used to be a crisis is now a footnote in a status log. The identity manager doesn't get a phone call. The help desk stays quiet. Somewhere a wave-shaped logo keeps spinning between the apps and the login systems, doing the unglamorous work of making sure that switching, failing over, and now governing the agents all feel like nothing happened at all. Which, for infrastructure, is the highest possible compliment.
For product demos and founder interviews, see Strata's YouTube channel and the Frontlines podcast linked above.