close icon
Illustration created by Martin Diaz Colodrero.
IAM Solution

How To Migrate Users From One Identity System To Another

Embarking on a user migration project can be costly and stressful, here are some things to consider

March 24, 2020

Illustration created by Martin Diaz Colodrero.

Today, large corporations spend over $1 million annually on password-related support costs, according to Forrester. With some large enterprises supporting 200+ SaaS applications, these costs can spiral out of control.

SaaS applications are essential to the success of most businesses. 97% of IT executives see managing these applications as a business priority. These critical tools present a great deal of business opportunity, but introduce the headache of managing thousands (perhaps millions) of user identities. How to do this is a dilemma faced by most companies. Some try to do it internally but usually find this too difficult, expensive, and time consuming. There are many identity-as-a-service (IDAAS) providers but this necessitates user migrations.

Navigating the process of managing user identity while maintaining security and usability without costs spiralling out of control is a delicate balance. There are many things to carefully consider. Let’s take a look at some of those.

User Migration Your Way

Download the eBook
Credential Stuffing Attacks

Accelerate Your Migration

Migration Drivers

There are many scenarios that call for migrating from one Identity and Access Management system to another. What are some of these drivers?

  1. Mergers & Acquisition (M&A): Whether your identity system manages internal or external users, the likely result of an M&A situation is a need to simplify and consolidate. Whether customers need to access your services or you need a common view of all your customers in one location, these user migrations usually need to occur quickly.
  2. Compliance & Regulations: As we’ve seen, governments and regulatory agencies are becoming increasingly vigilant and proactive in regards to data privacy and data security. In fact, the FTC recently made data security a board and C-suite level concern. Many in-house identity and access management (IAM) systems cannot keep pace with shifting regulations and we’ve seen this as a big driver to outsource identity management.
  3. Internal Security Requirements: The need to outsource identity can also come from internal security professionals. Their key mandate is protecting user data through various mechanisms like better password policies, stronger encryption, and advanced authentication methods which can be beyond the capabilities of many organizations.
  4. Resource Constraints: Many companies try to build IAM solutions in-house. Pressing business needs can help in getting these projects off the ground but conflicting priorities and resource allocation issues can result in many of these projects being stalled.
  5. Build vs Buy: Identity professionals are not always available in-house and systems built internally can rapidly become out of date in terms of advanced security capabilities. External providers have the expertise and resources available to continually improve on things like passwordless, MFA, and SSO.
  6. Standard Customizations: Most enterprise environments are mixed environments. You have legacy systems, new software for current technology needs and you need it to work as your unique situation requires. Finding a solution that can function out-of-the-box while giving you the time to customize as you see fit can be a challenge.

"Migration drivers like a M&As or compliance requirements could mean forced password resets. Learn why it doesn’t have to be that way."

Tweet

Tweet This

Seamless Migration of Users Can Make or Break a IDaaS Implementation

The idea of migrating users between systems can fill a lot of identity professionals with dread. The goal for most companies is a fast and seamless process, with little to no impact on customers, and isn’t too costly.

The most valuable asset for most companies are their customers. It takes a lot of effort, both time and money, to acquire them. The last thing they want to do is to create unnecessary hurdles in their customer relationships. This is what some migration methods can introduce, in the form of password resets. Password resets are not only costly in terms of money but can also result in you losing the trust and faith of your customer base. They may question why they’re being forced to reset their password. Has there been a security breach? Maybe they should no longer trust you? Also, the extra step of having to reset a password introduces an extra step where they can simply walk away. So what are your options?

Your IAM Solution Should Save You Time, Money, and Customers

Automatic Migration

Automatic migration (sometimes referred to as trickle or lazy migration) is just that, it’s automatic. It allows user migration to happen in real-time, in the background, without the user’s knowledge or awareness. When a user logs into your application, their account is ported over behind the scenes –– including their password. No resets required. Many of our customers maintain the same UI so that the experience really is completely seamless for customers and occurs during their normal interactions with the business. In this scenario, customers maintain both their legacy and new system for a period of time, allowing the migrations to occur gradually.

Bulk Migration

Bulk migration enables companies to rapidly migrate their users to the new system, on a predetermined date. The migration process quickly imports users and their passwords and enables companies to turn off their legacy systems immediately, thereby eliminating the cost and effort of maintaining them. Auth0 enables you to bulk import the most common password hashing algorithms. As a result, the majority of companies can bulk import their users, with their passwords, while providing a smooth experience for end users. This process reduces complexity and costs to customers and greatly speeds up their move to better security and compliance.

No Password Resets

There is no right or wrong answer on which is the better migration method –– this is completely driven by business needs. Some things to think about:

  1. How long do you want to pay to manage two systems?
  2. Is there a need for employees on this identity project to move to other higher priority initiatives?
  3. Is there a compliance need requiring you to quickly move off of your current system?
  4. Are there internal alignment hurdles that need to be resolved before turning off a legacy system?
  5. Is this initiative a part of a larger, complex project that needs coordination?

An identity and access management system is critical to securing identities and customers and these are just some of the things to consider when embarking on this journey.

"Automatic Migration vs Bulk Migration — how to figure out which one works best for your specific needs."

Tweet

Tweet This

Migrate To Stronger Security

There are many drivers that propel companies to migrate users from one IAM to another. Whether it’s an acquisition situation, a need for the latest in security protocols, or internal resource constraints, the goal for most companies are to do it quickly, at minimal cost, while still supporting business operations. If you’d like to learn more about user migrations, talk to an Auth0 resource. With the appropriate migration path, determined by your own business strategies and priorities, there’s no reason why companies cannot safely migrate and secure users while maintaining continuity for their customers.

  • Twitter icon
  • LinkedIn icon
  • Faceboook icon