Client is looking for best practical approach/strategy/phase-vice steps for migration of 1000 apps from IDN to ISC

Diagnosis

[Replace this text with the diagnosis of the problem addressing]

Solution

[Replace this text with the solution to the problem you are addressing]

Can you provide more information?

Are you moving from an original IDN tenant to a new ISC tenant?

Are you moving your authoritative sources as well, needing their Identity Profiles?

Some considerations to be aware of.

• Every object in SailPoint (Source, Access Profile, Identity) has a unique 32-character ID. You cannot move these to the new tenant.
• SailPoint APIs and Configuration Hub exports never include sensitive data (passwords, API tokens, client secrets). Plan for a “Credential Injection” phase. More than likely someone must manually enter credentials for 1000 sources, or script a prompt to input them during the build process.
• On-premise connectors (AD, JDBC, LDAP) require a VA Cluster. The VA Cluster ID in the new tenant is different. Source JSON configuration, you must programmatically replace the cluster attribute. Do not try to migrate the VA configuration itself; build new VAs and point the Sources to them.
• Standard “Connector Rules” (like BuildMap or JDBC Provisioning rules) often live in the SailPoint backend, not in the user UI. These are not visible in API exports.
• Audit your “Rule” objects early. If you see rules that are not “Cloud Managed” (i.e., you can’t edit them in the UI), you must log a support ticket with SailPoint Expert Services to manually copy these rules to the new tenant.
• Strictly enforce migration order:
  1. Identity Profiles & Transforms
  2. Governance Groups
  3. Sources (without entitlements)
  4. Access Profiles
  5. Roles
  6. Lifecycle States / Workflows

@solshe you have mentioned migration from IDN to ISC. Both refers to the SaaS based IGA platform provided by SailPoint. Are you planning to migrate from one tenant to another?

Hi @solshe ,

Can you please let us know are you planing to migrate from SaaS to SaaS migration of ISC or on prem to saas migration
Based on this suggestions / best practices will varies

Thanks in advance
Avinash Mulpuru

Hi @solshe to give the best answer you have to clearify few point to go ahead as your question means a lot What are you actually migrating?

Which one is it?

A) Tenant-to-tenant move (existing IdentityNow/ISC tenant → new ISC tenant)
B) IdentityIQ → ISC migration
C) Same tenant, just “rebuilding” / re-onboarding sources

2) What does “applications” mean in your count of ~1000?

Are these:

• ISC Sources / connectors, or

• Connected apps behind an AD/SSO source, or

• Access items (entitlements / access profiles / roles)?

3) What’s in scope besides the connector objects?

Check all that apply:

• Identity Profiles / Transforms

• Access Profiles / Roles

• Workflows / Lifecycle

• Certifications / Policies

• Reports / Saved searches

4) What connector mix are we dealing with?

Rough split:

• % SaaS sources vs % on-prem sources (VA required)

• Any high-impact systems (AD, Entra ID, SAP, Workday, JDBC)?

5) What outcome defines “success”?

• Keep governance only? (aggregate + certify)

• Or must provisioning work on day 1?

• Required cutover window + rollback expectations?

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.