Skip to main content

Hybrid: Getting started

A SecureAuth hybrid deployment is available for new and existing customers, and for air-gapped organizations.

  • New customers: Administrators must use the SecureAuth IdP version 9.3 workflow to set up a hybrid deployment. The workflow gives context and descriptions for the tasks to be performed, and provides rich information that describes prerequisites and detailed steps.

  • Existing customers: Organizations upgrading from a previous SecureAuth IdP version can see the Upgrading section.

  • Organizations that are air-gapped must use SecureAuth IdP 9.2.x exclusively. See the 9.2.x Getting started guide for details.


Organizations currently using SecureAuth IdP can work with the Project Manager to perform an in-place upgrade. Get started by creating a support ticket and selecting I would like to upgrade or migrate to a new IdP version from the "Submit a request" dropdown. A SecureAuth Project Manager will contact you.

Recommended upgrade path with Professional Services

As SecureAuth works toward feature parity between the Classic Experience and the SecureAuth Identity Platform, we recommend contacting Professional Services to upgrade existing organizations. Professional Services engineers possess the deep product knowledge currently required to seamlessly upgrade organizations to the latest SecureAuth release.

Recommended upgrade path without Professional Services

Organizations that prefer to upgrade on their own and are using SecureAuth IdP 9.3 will have the smoothest experience because v9.3 introduced the New Experience user interface, which is the precursor to the Identity Platform. SecureAuth continues to work toward feature parity between the Classic Experience and the SecureAuth Identity Platform. For example, applications can be created in the Identity Platform and assigned policies, and in v19.07 existing applications in realms are automatically brought into the Identity Platform. As soon as the administrator assigns a policy to an application, the application is administered through the Identity Platform and is disabled in the realm.

Organizations using SecureAuth IdP 9.2 and earlier can upgrade to SecureAuth IdP 9.3 and then upgrade to the Identity Platform v19.07.

End-user workflow

End users can use the MFA methods that you have enrolled them in to log in with a desktop or mobile app.

Before logging in, end users must define answers to security questions, set up a YubiKey device, register a phone number to receive a call or text to obtain passcodes, or set up other MFA methods that allow them to log in. They can follow instructions customized by the administrator and sent to them in email.