Migration Approach in ISC using Configuration Manager for Greenfield Implementations

Identity Security Cloud (ISC) ISC Community Knowledge Base
1

Problem

How to Migrate the Packages of SailPoint ISC from Lower Tenants to High Tenants of SailPoint ISC using Configuration Hub. (Greenfield Implementation)

Diagnosis

  1. While initially using configuration hubs, faced a lot of referencing issues due to dependency of the artifacts on each other.
  2. Hence, having a structured approach will help you to reduce the dependency issues and perform the migration/deployment of artifacts in much faster rate.

Solution

The high level steps which you can perform in order to perform migration of artifacts from lower instance to higher ISC instance (specially for a green field implementation) is as follows.

  1. Migration of Transforms (Least Dependent artifacts) - Using Configuration Hub
  2. Migration of Connector Rules - Using Configuration Hub
  3. Migration of Cloud Rules (In case cloud rules does not have any APIs used in which Source IDs were used as inputs) - Using Configuration Hub
  4. Manual changes in Transforms wherever required. Specifically for transforms which uses the “identity” APIs in which Source IDs and Source Names are used to extract certain details such as Manager DN (In AD), Manager Username (in SNOW), etc. - Manual
  5. Raising the SailPoint ISC - Expert Services Tickets for CLOUD RULE deployment (where changes in code was performed specific to PROD tenant) - Through SailPoint
  6. Search Attributes Migration. - Using Configuration Hub
  7. Identity Attribute Migration. - Using Configuration Hub
  8. Source Migration. - Using Configuration Hub
  9. Setup the VA Cluster of respective tenant and re-enter the source credentials. - Manual
  10. Test connections of each source and perform entitlement/account aggregations to test it. - Manual
  11. Migration of Access Profiles - Using Configuration Hub
  12. Migration of Roles - Using Configuration Hub
  13. Migration of Workflows/Forms - Using Configuration Hub
  14. Deletion of all Accounts and Entitlements from each source - Manual
  15. Migration of Identity Profiles. - Using Configuration Hub
  16. Perform Authoritative Source account aggregation - Manual
  17. Perform Authoritative Source entitlement aggregation - Manual
  18. Validate the Identity Creations and account correlations - Manual
  19. Enable the access profiles and roles in a structured manner - Manual
  20. Validate the provisioning to downstream systems - Manual