When we migrate from one Auth to Another and suppose we have some roles depended on old Auth Source , So now we need to change the Assign Criteria , What should be good practise ? Should I first disable it and change the criteria or directly I can change.
For example Earlier one of the critera was
Source name = A attributename= location value=Newyork
But now I wanted to change to
Source name = B attributename= location value=Newyork.
Let me know the right approach
Before you make any changes, please be sure that the data is correct and migrated as well, as you don’t want any access lost in this way. Disabling the role first ensure that the access is kept (i.e. no changes are made to the existing population).
You could also (temporarily) have the ‘Source name’ part of the criteria be an OR statement, so that you’d end up with:
Source name = A OR Source name = B
AND attributename= location
AND value=Newyork
That way, whatever happens from which Authoritative source the users come, they will get the access. Then when the migration is done, you can remove the ‘Source name = A’ part of the statement.
Hi @sauvee
I’ll agree with your point
Instead of disabling and changing, if we directly change the criteria, will we face any implications?
after disabling too the identities going to have the access of the role as individual entitlements right
It’s partially the chicken-and-the-egg situation.
If you migrate the users from Source A to B, then they will lose the access if you haven’t changed anything on the role (disable or criteria)
If you change the criteria (without the proposed OR statement), and haven’t migrated the users yet, they will lose the access as well.
Therefor disabling and/or changing the criteria with the proposed OR statement will be the best option in my opinion.
That makes perfect sense. Using the OR condition ensures a smooth transition without unintended access loss.
Thanks for the insight!
Hi @sbhagat
Kindly follow the below steps
1.Disable the role
2.Remove Entitlement
3.Change the Criteria
4. Save and Enable it and apply changes.
Now, Check in IDN and see changes if you don’t find any duplicates then
1.Add Entitlement.
2. Save the changes and apply the changes.
This will prevent adding same entitlements for the users.
Thank you!
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
