Identify data migration

Introduction

In this case study, we will look at how you can export data like users, user passwords, connections, claims, and organizations etc. from an existing tenant and import it to a tenant of the latest version.

Preparation

  1. Your source instance is of version 5.5.
  2. You have created a new Identify instance named idpfreshim57 whose version is 5.7 (which was the latest version by the time this guideline was written).

Export data from the source Identify instance

  1. Run the Identify Configurator 5.7
  2. Choose to upgrade your source Identify instance to version 5.7

identify-upgrade-tenant55

  1. Continue to go the next step to complete the upgrade process

identify-upgrade-tenant55-continue

  1. Finish the upgrade process

identify-upgrade-tenant55-finish

  1. Go back to the action step and select the "Export data from the source Identify instance" action

identify-export-tenant55

  1. Choose a folder for storing export data. Tick on the "Select all" checkbox to export all data:

identify-export-tenant55-data-selection

  1. Choose Next to finish the data export process.

identify-export-tenant55-finish

Correct the data before import

Depending on what types of resources that you have in your source instance, you may need to correct the data before continuing to import it to the destination tenant.

Claim definition

If a claim definition is set "Restrict Elevation" in the source instance, when importing users having that claim, you may encounter a error that reads "You do not have enough permission to update values of restricted claim...".
You can solve it by opening the ClaimDefinitions_tenantid.json file in the export folder and replacing the avoidUpsize attribute from True to False.

Note: After finishing importing data, you may want to use the Admin interface to reset the avoidUpsize setting of that claim definition back from False to True.
You can use Notepad++ to replace "avoidUpsize": true with "avoidUpsize": false.

identify-export-tenant55-claim-correction

Protocol connection

If one of your OAuth2.0 protocol connections has the tokenEndpointAuthenticationMethod setting set to NotSpecifiedYet, it will fail connection import.
You can solve it by opening the ProtocolConnections_tenantid.json file in the export folder and replacing the value of the "tokenEndpointAuthenticationMethod" parameter from NotSpecifiedYet to another temporary one, e.g PrivateKeyJwt.
You can use Notepad++ to replace "tokenEndpointAuthenticationMethod": "NotSpecifiedYet" with "tokenEndpointAuthenticationMethod": "PrivateKeyJwt".

identify-export-tenant55-protocol-correction

Import data to the destination Identify instance

  1. Run the Identify Configurator 5.7
  2. Choose to import data to the destination Identify instance: idpfreshim57

identify-import-tenant57

  1. Choose a folder containing data to import. Tick on the "Select all" checkbox to export all data:

identify-import-tenant57-data-selection

  1. Choose Next to finish the data import process.

identify-import-tenant57-finish

  1. As some data might be failed to import, we highly recommend that you verify logs at C:\IdentifyLogs\ and C:\IdentifyLogs\FaultyImportData_idpfreshim57 to see if there is any error and correct them.

identify-import-tenant57-data-fault

Correct data on the destination Identify instance

If you have made some temporary changes to your importing data as described previously, you may need to update your data in the destination instance after import.

  1. If you have some connections that you have had to temporarily change the TokenEndpointAuthenticationMethod setting from NotSpecifiedYet to PrivateKeyJwt previously, we will need to revert them back to NotSpecifiedYet.
    You can either do that manually or use the SQL script below. Remember to replace the #SCHEMA with your instance schema.

  1. You need to reset the application pool of the Identify instance after that.
  2. To revert the avoidUpsize setting, you need to log in to your destination instance, go to the claim list, and update the discrete claim definitions' avoidUpsize setting from True to False.