Migrating to the fully managed SecureAuth® Identity Platform

Read this guidance to decide if your site is ready to migrate to the fully managed Identity Platform on the SecureAuth Intelligent Identity Cloud. This information is relevant to customers working in SecureAuth IdP version 9.3 and earlier.

Customers using SecureAuth IdP 9.3 will have the smoothest experience because v9.3 is the precursor to the Identity Platform. Organizations using SecureAuth IdP 9.1 and earlier can upgrade to SecureAuth IdP 9.2 and then migrate to the Identity Platform v19.07.

Prerequisites

Use the following list to ensure your site is prepared to migrate to the Intelligent Identity Cloud:

  • Sites running the Identity Platform v19.07 and later on the Intelligent Identity Cloud or SecureAuth IdP v9.3 can contact SecureAuth Support, who will assess if your site is ready for migration. See Contact SecureAuth Support.

  • Sites running SecureAuth IdP version 9.1 and earlier must upgrade to v9.2. SecureAuth IdP versions 9.1 and earlier cannot be migrated to the Intelligent Identity Cloud. After sites upgrade to v9.2, they can be migrated to the cloud. See Contact SecureAuth Support.

Cloud migration considerations

Use the following list to consider if migration to fully managed cloud is right for your site:

  • Sites must install and configure the SecureAuth Connector, but no longer need to use or maintain SecureAuth IdP appliances, which are required for SecureAuth IdP version 9.3 and earlier.

    See SecureAuth Connector Installation to learn more.

  • The Identity Platform uses the New Experience user interface (UI) that was initially released in SecureAuth IdP v9.3. It also uses the Classic Experience UI.

  • The Classic Experience offers automated migration of web.config from hybrid to cloud. Manually re-create the data stores in the New Experience UI, and then assign the data stores in the Classic Experience realms that were copied over through the automated migration.

  • Limited data store support: The Identity Platform on the cloud supports Active Directory, Microsoft SQL Server, Azure AD, Oracle Database, and Generic LDAP connections.

  • Data stores:

    • Active Directory and Structured Query Language (SQL) are the supported data stores.

    • Pre-9.3 sites migrating to the Intelligent Identity Cloud must re-create data stores using the SecureAuth Connector because the SecureAuth IdP version 9.3 New Experience UI cannot be configured prior to migration.

    • 9.3+ sites migrating to the Intelligent Identity Cloud do not need to re-create data stores, but must re-enter the credentials after installing the SecureAuth Connector.

    • The following data resides on the SecureAuth data store that is physically located on your site:

      • First Name

      • Last Name

      • Groups

      • Email, up to 4 addresses

      • Phone, up to 4 numbers

      • Aux ID 1 - 104

        Profile fields stored in the Intelligent Identity Cloud are enabled by default and available based on configuration; for example, a configuration that includes Device Recognition is stored in the cloud and not in a site's directory.

    • Data stored on the Intelligent Identity Cloud includes profile data for SecureAuth authentication purposes.

  • Re-enrollment for features, such as TOTP, PIN, and other methods, is required because these values are now stored in the Intelligent Identity Cloud; re-enrollment is required If Biometric is enabled after initial enrollment.

  • TOTP in the Intelligent Identity Cloud is a true time-based one-time passcode. Once validated, end users cannot reuse the TOTP until the counter restarts.

  • The Identity Platform on the Intelligent Identity Cloud has its own domain name system (DNS) record that is different from the on-prem SecureAuth DNS.

  • The features in the Identity Platform Dashboard are available through the New Experience UI only.

  • The Radius service must be installed or migrated on a separate machine from the on-prem SecureAuth Connector.

Benefits of the SecureAuth cloud

The fully managed Identity Platform on the Intelligent Identity Cloud is a solution hosted and maintained by SecureAuth. The solution requires only a lightweight SecureAuth Connector, which connects to customers’ data store and directories. Some of the benefits of a migration include:

  • Infrastructure responsibility and workload shifted away from administrator because the Intelligent Identity Cloud Service and Identity Platform are hosted and managed by SecureAuth

  • Service level agreements (SLAs) managed with greater efficiency with SecureAuth hosting and managing the Intelligent Identity Cloud Service and Identity Platform

  • New product features and capabilities become the focus, instead of patching, updating, etc.

  • SecureAuth Intelligent Identity Cloud is always on and always current

  • Business value increases through lower operating cost and higher productivity

The following image shows the deployment architecture while the table outlines hosting and maintenance responsibilities for SecureAuth hybrid and SaaS deployments.

benes_sa_cloud.png

Delivery option

Identity Platform deployment environment

Identity Platform hosted by

Identity Platform maintained by

Intelligent Identity Cloud hosted and maintained by

SaaS

SecureAuth cloud

SecureAuth

SecureAuth

SecureAuth

Hybrid

Public cloud

Cloud provider

Customer

SecureAuth

Managed private cloud

Cloud provider

Customer

SecureAuth

Corporate private cloud

Customer

Customer

SecureAuth

Corporate data center

Customer

Customer

SecureAuth

Features not yet supported

The following list includes features not yet supported in the Identity Platform:

  • Integrated Windows Authentication (IWA): The Identity Platform on the cloud does not yet support IWA.

  • Customizations: The current SecureAuth IdP version must not be customized.

  • Simple Certificate Enrollment Protocol (SCEP): The Identity Platform on the cloud does not yet support SCEP.

  • Role-based Access Control (RBAC): The Identity Platform on the cloud does not yet support RBAC.

  • Integrations with Security information and event management (SIEMs) and other Log Reporting tools.

  • Link-to-accept email template configuration: The Identity Platform on the cloud does not yet support this feature.

Contact SecureAuth Support

When your site is ready to begin migration, get started by creating a support ticket and selecting I would like to upgrade or migrate to a new IdP version from the "Submit a request" dropdown. A SecureAuth Project Manager will contact you and assist you with the migration.

Alternatively, you can contact Support through email or telephone at support.secureauth.com or 1-866-859-1526.