Users with the ADMIN role can migrate all the user accounts associated with one authentication realm to another when adding or editing a realm.
Each user account is migrated along with the user's personal assets, such as Bookmarks and Searches.
Once migration is complete, overridden accounts are removed and can no longer be used.
Conditions for migrating a user account from an SSO realm to an internal realm
This type of migration only takes effect if both of the following conditions are met:
- An ADMIN user created the user in the Manage users administration interface.
- Registration is set to VERIFIED, and the user has activated their account. The migration does not take effect if registration is set to PUBLIC.
Condition for migrating a user account from an internal realm to an SSO realm
This type of migration only takes effect if the user's email address is correctly retrieved from the SSO provider and mapped to Fluid Topics (see Profile Mappers for OpenID Connect or for SAML 2.0).
In compliance with the OWASP Foundation's guidelines, Fluid Topics requires accurate profile mapping when migrating a user account from an internal realm to an SSO realm in order to prevent broken authentication.
Use case
An administrator wants to switch to a different authentication method. Their objective is to migrate all the users of the Google realm to a new SAML 2.0 realm.
In the Realms tab of the Authentication administration interface, the administrator selects SAML 2.0 from the Available types menu and configures the realm step-by-step by entering information into in each section of the drawer. In the last section, Migrate users, the administrator enters Google in the text box and saves the configuration. All user accounts previously associated with the Google realm are migrated to the new SAML 2.0 realm. When a user signs in for the first time with the new method, Fluid Topics creates a new profile for them and associates their assets with this new profile.