Skip to main content

Hybrid: Getting started

A SecureAuth hybrid deployment is available for new and existing customers, and for air-gapped organizations.

  • New customers: Administrators must use the SecureAuth IdP version 9.3 workflow to set up a hybrid deployment. The workflow gives context and descriptions for the tasks to be performed, and provides rich information that describes prerequisites and detailed steps.

  • Existing customers: Organizations upgrading from a previous SecureAuth IdP version can see the Upgrading section.

  • Organizations that are air-gapped must use SecureAuth IdP 9.2.x exclusively. See the 9.2.x Getting started guide for details.


Organizations currently using SecureAuth IdP can work with the Project Manager to perform an in-place upgrade. Get started by creating a support ticket and selecting I would like to upgrade or migrate to a new IdP version from the "Submit a request" dropdown. A SecureAuth Project Manager will contact you.

Recommended upgrade path with Professional Services

Contact Professional Services to upgrade existing organizations. Professional Services engineers possess the deep product knowledge currently required to seamlessly upgrade organizations to the latest SecureAuth release.

Recommended upgrade path without Professional Services

Organizations that prefer to upgrade on their own and are using SecureAuth IdP 9.3 will have the smoothest experience. Organizations using SecureAuth IdP 9.2 and earlier can upgrade to SecureAuth IdP 9.3 and then upgrade to the Identity Platform v19.07 and later.

During migration, you will use the Identity Platform New Experience to reconfigure the data stores; all realms are brought over for versions 9.2 and later. Data stores, application integrations, policies, and all else set up in the v9.3+ New Experience are also copied into the new instance during the migration process.

End-user workflow

End users can use the MFA methods that you have enrolled them in to log in with a desktop or mobile app.

Before logging in, end users must define answers to security questions, set up a YubiKey device, register a phone number to receive a call or text to obtain passcodes, or set up other MFA methods that allow them to log in. They can follow instructions customized by the administrator and sent to them in email.