Migrating to the SecureAuth® Identity Platform on the cloud

Read this guidance to decide if your site is ready to migrate to the fully managed Identity Platform on the SecureAuth Intelligent Identity Cloud. This information is relevant to customers working in SecureAuth IdP version 9.3 and earlier.

Customers using SecureAuth IdP 9.3 will have the smoothest experience because v9.3 is the precursor to the Identity Platform. Organizations using SecureAuth IdP 9.1 and earlier can upgrade to SecureAuth IdP 9.2 and then migrate to the Identity Platform v19.07.

Prerequisites

Use the following list to ensure your site is prepared to migrate to the Intelligent Identity Cloud:

  • Sites running the Identity Platform v19.07 and later on the Intelligent Identity Cloud or SecureAuth IdP v9.3 can contact SecureAuth Support, who will assess if your site is ready for migration. See Contact SecureAuth Support.

  • Sites running SecureAuth IdP version 9.1 and earlier must upgrade to v9.2. SecureAuth IdP versions 9.1 and earlier cannot be migrated to the Intelligent Identity Cloud. After sites upgrade to v9.2, they can be migrated to the cloud. See Contact SecureAuth Support.

Cloud migration considerations

Use the following list to consider if migration to fully managed cloud is right for your site:

  • Sites must install and configure the SecureAuth Connector, but no longer need to use or maintain SecureAuth IdP appliances, which are required for SecureAuth IdP version 9.3 and earlier.

    See SecureAuth Connector Installation to learn more.

  • The Identity Platform uses the New Experience user interface (UI) that was initially released in SecureAuth IdP v9.3. It also uses the Classic Experience UI.

  • The Classic Experience offers automated migration of web.config from hybrid to cloud. Manually re-create the data stores in the New Experience UI, and then assign the data stores in the Classic Experience realms that were copied over through the automated migration.

  • Limited data store support: The Identity Platform on the cloud supports Active Directory, Microsoft SQL Server, Azure AD, Oracle Database, and Generic LDAP connections.

  • Data stores:

    • Active Directory and Structured Query Language (SQL) are the supported data stores.

    • Pre-9.3 sites migrating to the Intelligent Identity Cloud must re-create data stores using the SecureAuth Connector because the SecureAuth IdP version 9.3 New Experience UI cannot be configured prior to migration.

    • 9.3+ sites migrating to the Intelligent Identity Cloud do not need to re-create data stores, but must re-enter the credentials after installing the SecureAuth Connector.

    • The following data resides on the SecureAuth data store that is physically located on your site:

      • First Name

      • Last Name

      • Groups

      • Email, up to 4 addresses

      • Phone, up to 4 numbers

      • Aux ID 1 - 104

        Profile fields stored in the Intelligent Identity Cloud are enabled by default and available based on configuration; for example, a configuration that includes Device Recognition is stored in the cloud and not in a site's directory.

    • Data stored on the Intelligent Identity Cloud includes profile data for SecureAuth authentication purposes.

  • Re-enrollment for features, such as TOTP, PIN, and other methods, is required because these values are now stored in the Intelligent Identity Cloud; re-enrollment is required If Biometric is enabled after initial enrollment.

  • TOTP in the Intelligent Identity Cloud is a true time-based one-time passcode. Once validated, end users cannot reuse the TOTP until the counter restarts.

  • The Identity Platform on the Intelligent Identity Cloud has its own domain name system (DNS) record that is different from the on-prem SecureAuth DNS.

  • The features in the Identity Platform Dashboard are available through the New Experience UI only.

  • The Radius service must be installed or migrated on a separate machine from the on-prem SecureAuth Connector.

Contact SecureAuth Support

When your site is ready to begin migration, get started by creating a support ticket and selecting I would like to upgrade or migrate to a new IdP version from the "Submit a request" dropdown. A SecureAuth Project Manager will contact you and assist you with the migration.

Alternatively, you can contact Support through email or telephone at support.secureauth.com or 1-866-859-1526.