# Mirket Architecture Overview

### **Overview**

The **Mirket Unified Identity Security Platform** delivers a holistic approach to identity protection, combining **Multi-Factor Authentication (MFA)**, **Single Sign-On (SSO)**, **Secure Self-Service**, **Identity and Access Management (IAM)**, and **AI-driven Identity Threat Detection and Response (ITDR)** in a single, cloud-managed framework.

The platform is designed for **modern, hybrid environments** enables **multi-tenant operations**, making it ideal for **MSSPs** and large enterprises managing multiple clients or business units from a unified dashboard.\
\
**Architecture Components**

<figure><img src="/files/7iKyuvnCJmHo1xlOAVye" alt=""><figcaption></figcaption></figure>

#### **Gateway Layer (Deployed in Customer Environment)**

Three lightweight gateways are deployed inside the customer’s internal network to ensure seamless integration, secure communication, and zero exposure of internal credentials to the cloud:

**a. Radius Gateway**

Installed as the **Mirket Radius Service**, this gateway acts as a RADIUS server, enabling MFA for VPNs, network access devices, and other systems that rely on RADIUS-based authentication.

**b. LDAP Gateway**

The **LDAP Gateway** performs:

* User synchronization from LDAP directories (e.g., Active Directory).
* Primary credential validation (password verification) during authentication.

Credentials are verified locally — **username and password never leave the customer network**. Service account credentials for LDAP integration are stored securely on this gateway.

**c. Proxy Gateway**

The **Proxy Gateway** intercepts LDAP authentication traffic, enabling MFA enforcement for **any application supporting LDAP authentication** without modification. This gateway enables **transparent MFA injection** across legacy and custom applications.

All gateways communicate **one-way over HTTPS (SSL)** with the Mirket Cloud (`admin.mirketsecurity.com`), ensuring secure, outbound-only communication with no inbound exposure.

#### **Agent Layer**

Mirket provides multiple endpoint agents that extend MFA and session monitoring into operating systems and specific authentication flows:

| **Agent Type**       | **Functionality**                                                              |
| -------------------- | ------------------------------------------------------------------------------ |
| **OS Logon Agent**   | Adds MFA to Windows login, RDP, SSH, and privilege elevation (UAC) operations. |
| **OWA Agent**        | Protects OWA and ECP logins with MFA.                                          |
| **ADFS Agent**       | Integrates as an MFA adaptor to secure ADFS-based authentication.              |
| **ActiveSync Agent** | Enforces MFA for Exchange ActiveSync connections.                              |

All agents communicate securely and one-way via HTTPS with `admin.mirketsecurity.com`.

#### **Directory & Identity Sources**

Mirket integrates with diverse identity sources, offering flexibility for hybrid environments:

* Local User Directory
* **Microsoft Active Directory**
* **OpenLDAP**
* **Microsoft Entra ID (Azure AD)**
* **Google Workspace**
* Third-party Identity Providers (via SAML, OIDC, or LDAP)

This allows unified identity management and MFA enforcement across **cloud, on-premise, and hybrid ecosystems**.

### **Product Family**

The Mirket platform is composed of five core modules that operate under a unified architecture:

1. **Multi-Factor Authentication (MFA)** — [Learn more](https://mirketsecurity.com/multi-factor-authentication)\
   Adaptive MFA for all access types, from VPNs to OS logins. Supports context-aware and risk-based MFA enforcement with offline and privilege elevation support.
2. **Single Sign-On (SSO)** — [Learn more](https://mirketsecurity.com/single-sign-on)\
   Provides seamless access to all applications through one identity. Supports SAML, OAuth, and OpenID Connect federation.
3. **Secure Self-Service Portal** — [Learn more](https://mirketsecurity.com/self-service-portal)\
   Empowers users to reset passwords, unlock accounts, and manage MFA devices securely without IT intervention.
4. **Identity Access Management (IAM)**\
   Centralized control of user provisioning, roles, and lifecycle management across cloud and on-prem systems.
5. **AI-Driven Identity Threat Detection and Response (ITDR)** — [Learn more](https://mirketsecurity.com/mirket-itdr)\
   Uses AI and behavioral analytics to continuously detect, analyze, and respond to identity-based attacks.\ <br>

   ### **AI-Driven ITDR — In-Depth**

   Mirket ITDR forms the **intelligent defense layer** of the architecture, continuously analyzing user behavior, detecting anomalies, and responding to threats in real-time.

   #### **Core Capabilities**

   * **Behavior Analytics**\
     Continuous user behavior analysis identifies deviations in interaction patterns, highlighting compromised or malicious accounts.
   * **Deception Technology**\
     Deploys **identity-based honeypots** and decoy credentials to lure attackers, exposing lateral movement and privilege escalation attempts.
   * **CTI & MITRE ATT\&CK Mapping**\
     Integrates Cyber Threat Intelligence (CTI) and maps detections to **MITRE ATT\&CK techniques**, enabling contextual understanding of the attack phase.\
     Also inspects request origins (TOR, VPN, Proxy, Cloud) for risk scoring.
   * **Anomaly & ATO Detection**\
     Detects identity-based threats across all stages — from **credential harvesting** to **privilege escalation** and **account takeover (ATO)**.
   * **AI-Based Risk Scoring**\
     Assigns both **Threat Score** and **Certainty Score** to each detection and user account, allowing prioritization and automated responses.
   * **Automated Response Actions**\
     Supports real-time mitigation actions such as **account isolation, forced password reset**, or **adaptive MFA challenges**.

### **Multi-Tenant Architecture**

Mirket is **built for MSSPs and large enterprises** managing multiple tenants from a **single centralized portal**.

* Each tenant is isolated, ensuring data and policy segmentation.
* MSSPs can assign licenses from shared pools, with **monthly billing and usage-based flexibility**.
* Administrators can manage multiple organizations, monitor identities, and deploy policies seamlessly across environments.

### **Communication Flow**

All components — Gateways, Agents, and Tenant Consoles — communicate with **Mirket Cloud** (`admin.mirketsecurity.com`) via **outbound HTTPS**.\
There are **no inbound ports** required, simplifying deployment and ensuring security.

### **Summary**

The **Mirket Unified Identity Security Platform** delivers an end-to-end identity protection architecture combining **strong authentication, intelligent detection, and unified management**.\
With its **multi-tenant, cloud-managed, and privacy-preserving design**, Mirket provides scalable and resilient identity security for organizations of all sizes — protecting users, devices, and applications across every layer of access.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.mirketsecurity.com/mirket-help-center/mirket-help-center/mirket-saas-platform/mirket-architecture-overview.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.