How to migrate data from an instance to another instance

Introduction

In this case study, we will look at how you can export data like users, user passwords, connections, claims, and organizations etc. from an existing tenant and import it to a tenant of the latest version.

Preparation

Your source instance is of version 5.5.
You have created a new Identify instance named idpfreshim57 whose version is 5.7 (which was the latest version by the time this guideline was written).

Export data from the source Identify instance

Run the Identify Configurator 5.7
Choose to upgrade your source Identify instance to version 5.7
Continue to go the next step to complete the upgrade process
Finish the upgrade process
Go back to the action step and select the Export data from the source Identify instance action
Choose a folder for storing export data. Tick on the Select all checkbox to export all data:
Choose Next to finish the data export process.

Correct the data before import

Depending on what types of resources that you have in your source instance, you may need to correct the data before continuing to import it to the destination tenant.

Claim definition

If a claim definition is set Restrict Elevation in the source instance, when importing users having that claim, you may encounter an error that reads "You do not have enough permission to update values of restricted claim...". You can solve it by opening the ClaimDefinitions_tenantid.json file in the export folder and replacing the avoidUpsize attribute from True to False.

Note: After finishing importing data, you may want to use the Admin interface to reset the avoidUpsize setting of that claim definition back from False to True. You can use Notepad++ to replace "avoidUpsize": true with "avoidUpsize": false.

Protocol connection

If one of your OAuth 2.0 protocol connections has the tokenEndpointAuthenticationMethod setting set to NotSpecifiedYet, it will fail connection import. You can solve it by opening the ProtocolConnections_tenantid.json file in the export folder and replacing the value of the "tokenEndpointAuthenticationMethod" parameter from NotSpecifiedYet to another temporary one, e.g PrivateKeyJwt. You can use Notepad++ to replace "tokenEndpointAuthenticationMethod": "NotSpecifiedYet" with "tokenEndpointAuthenticationMethod": "PrivateKeyJwt".

Import data to the destination Identify instance

Run the Identify Configurator 5.7
Choose to import data to the destination Identify instance: idpfreshim57
Choose a folder containing data to import. Tick on the Select all checkbox to export all data:
Choose Next to finish the data import process.
As some data might be failed to import, we highly recommend that you verify logs at *C:\IdentifyLogs* and C:\IdentifyLogs\FaultyImportData_idpfreshim57 to see if there is any error and correct them.

Correct data on the destination Identify instance

If you have made some temporary changes to your importing data as described previously, you may need to update your data in the destination instance after import.

If you have some connections that you have had to temporarily change the TokenEndpointAuthenticationMethod setting from NotSpecifiedYet to PrivateKeyJwt previously, we will need to revert them back to NotSpecifiedYet. You can either do that manually or use the SQL script below. Remember to replace the #SCHEMA with your instance schema.

******SQL UPDATE [Identify].[#SCHEMA].[ConfigurationEntry] SET [xml]=REPLACE([xml],N'TokenEndpointAuthenticationMethod="PrivateKeyJwt"',N'TokenEndpointAuthenticationMethod="NotSpecifiedYet"') WHERE id IN (SELECT configurationid FROM [Identify].[#SCHEMA].[Connection] WHERE [name] != 'Identify OAuth2 Token for REST APIs' AND [PlugInId] = '3A66CCAA-E403-4309-8C93-8B24603B8258')
You need to reset the application pool of the Identify instance after that.
To revert the avoidUpsize setting, you need to log in to your destination instance, go to the claim list, and update the discrete claim definitions' avoidUpsize setting from True to False.