Migrate user accounts to a different realm - Fluid Topics - 4.0

Fluid Topics Configuration and Administration Guide

Category
Reference Guides
Audience
public
Version
4.0

Users with the ADMIN role can migrate all the user accounts associated with one authentication realm to another when adding or editing a realm. Fluid Topics supports all migration scenarios (internal realm to SSO realm, SSO realm to internal realm, between two SSO realms, etc.).



- Once migration is complete, overridden accounts are removed and can no longer be used.

- The application does not migrate roles or groups originating from the former realm's post-authentication script to the new realm. However, the application does migrate roles or groups added manually by an administrator.

- When migrating to a non-SSO realm, the migration process is triggered when the user account is created. When migrating to an SSO realm, the migration is triggered when the user connects for the first time.



- Each user account is migrated along with the user's personal assets, such as Bookmarks and Searches.

- In compliance with the OWASP Foundation's guidelines, Fluid Topics cannot offer user migration for internal realms using the PUBLIC mode in order to prevent broken authentication.

Prerequisites

To migrate an existing user account from one realm to another, the following conditions must be met:

  • If migrating to or from an internal realm, the internal realm user has a properly configured email address.
  • The third-party authentication system is properly configured to provide an accurate email address (see Configure profile mappers).
  • The email addresses of the new user account and the existing user account match.
  • Only one user account with this email is found for the realms concerned by the migration.

Use case

An administrator wants to switch to a different authentication method. The objective is to migrate all the users of the existing Google realm to a new SAML 2.0 realm.

In the Realms tab of the Authentication administration interface, the administrator proceeds as follows:

  1. Selects SAML 2.0 from the Available types menu.
  2. Configures the realm.
  3. In the Migrate users section of the realm configuration drawer, enters the ID of the Google realm.
  4. Saves the configuration.

All user accounts previously associated with the Google realm are migrated to the new SAML 2.0 realm. When a user signs in for the first time with the new method, Fluid Topics creates a new profile for them and associates their assets with this new profile.

Additional considerations

A Fluid Topics administrator can decide to manually copy or merge user data in the Manage users administration interface under the following circumstances:

  • When migrating users from one realm to another, a user account was lost because it was still being created when the migration began.
  • When migrating a user from a non-SSO realm to an SSO realm, the administrator wants to create the new SSO account without having to wait for the user to activate it by connecting via an SSO mechanism.