App Identity Modernization

How to migrate from SiteMinder to a modern identity provider in 5 steps

Image of path at sunrise

Some versions of SiteMinder have reached their end of service or end of life (EOL) date. Many customers running on end-of-service versions have been left with the decision of either migrating to a new, modern identity provider or staying and dealing with the hefty lock-in fees. 

If you’ve been avoiding that elephant in the room, you’re not alone. 

In this post, we’ll look at the challenges keeping enterprises from migrating their apps and identities off legacy identity providers like SiteMinder. We’ll also introduce Strata’s 5-step process for app and identity migration from SiteMinder. This process will give you a clear path forward so you can put your mind at ease.

Apps on legacy IDPs are incompatible with modern identity systems

According to the 2023 State of Multi-cloud Report, 79% of enterprises use two or more identity providers (IDPs), an 18% increase from 2022. They are also having to manage a hybrid state of on-prem and multi-cloud.

Only one-fifth of enterprise organizations in the report have been able to get the majority of their workloads off legacy, on-premises identity systems to the cloud, and just 20% believe they will ever be able fully to move to the cloud. 

The harsh reality for many enterprises is the consistent struggle with identity modernization barriers like source code and resourcing, with 78% of respondents still facing those hurdles. Why? Because moving apps and identities is hard — since old, on-premises systems aren’t built for modern cloud systems. Traditionally, before an app could be moved, the code needed to be rewritten to be compatible with a cloud system. For some apps, it simply isn’t possible to recode.

What are the challenges of moving applications off a legacy, on-premises IDP?

Migrating apps off legacy systems like SiteMinder is difficult and riddled with complications. Here are a few of the challenges you’ll deal with:

Apps are stuck in legacy, on-premises systems
The first big challenge is that apps are stuck. Since you started developing apps, hundreds — if not thousands — of applications have been installed and integrated with your company’s legacy identity environment.

These applications can’t be moved to the cloud, because they’re tied into the legacy IDP and running on-premises. It would take a major code rewrite to make the apps adaptable to the cloud.

Modernization can be lengthy and costly
The second challenge is the cost — both time and money. It’s incredibly expensive to rewrite applications, and it typically takes at least six months per app. Those numbers add up quickly, especially with hundreds or thousands of applications.

Sometimes it isn’t even possible to rewrite applications because you don’t have source code. Even if you custom-built the application, you may not have the technical bandwidth or a team with the knowledge to rewrite the application.

Moving apps to the cloud is complicated
Each application uses a different language to handle the user session, so IDPs can’t speak to each other. In the modern world, apps use SAML or OpenID Connect, while legacy systems use headers, cookies, and Kerberos.

The challenge here is that there are many different ways that the application expects to consume identity; it’s just not a straightforward path.

Should you use a “big-bang” or “lift & shift” approach to migrating apps and identities off on-prem IDPs?

There are two ways to approach an app modernization project: “big-bang” or “lift-and-shift.” A big-bang approach may seem like a good idea when there is a need for speed, but it almost always backfires. Inevitably, there will be a hiccup, and you’ll have to start from scratch.

The lift-and-shift approach involves moving apps and identities incrementally. Not doing everything all at once allows the two worlds of the cloud and on-premises to coexist. From this perspective, you need to be able to work with both identity systems simultaneously.

The 5-step process for app and identity modernization

Identity Orchestration is a new approach that automates the modernization of applications and users to the cloud. Our 5-step process for app and identity modernization includes:

  • Discovery
  • User migration
  • App migration
  • Hybrid coexistence
  • Retire legacy

Identity orchestration software automates much of the process and enables enterprises to move off SiteMinder without rewriting apps. 

Let’s explore the details of this 5-step app and identity modernization process.

Step 1: Discover identities and applications

First, take an inventory of all the identities and applications in your SiteMinder deployment. Use the Maverics Platform to look at the data inside of SiteMinder.

Think of Maverics like an x-ray for your SiteMinder environment. It connects, then discovers how your applications are configured and determines which ones could be risky or complex migrations.

Maverics also gives you the information to catalog your identity structures. From your servers to your agents, you’ll know how your environment looks so that you can plan a deliberate and predictable migration.

Step 2: Migrate users from SiteMinder

Migrate all of the different identity sources that are on-premises. This includes everything, whether it’s on SiteMinder, connected, LDF, directories and databases, or applications with APIs.

Maverics pulls data from your multiple identity sources and creates a unified identity space. It then replicates those accounts in a modern identity provider like Entra ID.

This part of the process gives you the opportunity to harden your user accounts, like adding 2-step verification or multi-factor authentication (MFA) to protect them better off-premises.

Step 3: Migrate apps from SiteMinder

Once the users are migrated, migrate the applications. With Maverics, there is no need to rewrite any apps to get them off SiteMinder to the cloud.

Maverics uses a configuration and no-code approach to make the application think that it’s talking to the legacy system. Instead, the app is talking to a modern identity provider without changing any of the application’s code itself.

Identity Orchestration works with applications that run on-premises, in a public cloud on Entra ID, and with SaaS-based applications.

Step 4: Go to a hybrid coexistence

An incremental move to the cloud means you need to operate in a hybrid coexistence mode — some apps and data are in the cloud and some are on-premises. In coexistence mode, both the new identity provider and SiteMinder are running during the transition to the cloud.

Run Maverics on the edge of the enterprise where the identities can live with the identity provider. Users sign into the identity provider, and it connects to Maverics. Maverics then passes the session into the application and ties into the coexistence of SiteMinder.

During this step, Maverics extends multi-factor authentication to your applications without any rewriting.

Step 5: Retire legacy identity systems

Now it’s time to shut down and retire your legacy identity systems. The big benefit here is that you can decommission your expensive and bulky legacy infrastructure and save money on licensing support.

Just as important, your teams doing this can now focus on more interesting work that can propel your company forward instead of having to deal with a 20-plus-year-old legacy environment.

What are the benefits of Identity Orchestration when migrating off a legacy IDP?

Moving your legacy applications from a legacy IDP may not be optional for your organization. But saving years and millions of dollars doing it is an option. 

An Identity Orchestration platform lets you speed up the process of moving applications and identity from on-premises identity systems by eliminating the need to rewrite apps. It runs IDPs like SiteMinder simultaneously with cloud identity from a modern identity provider as long as you need to run both systems. Then, when you’re ready, you can retire your legacy system and enjoy the benefits of the modern cloud world.

Ultimately, making the move from a legacy IDP to a modern one is a strategic step toward more agile, secure, and efficient identity management. By following this structured, five-step process, organizations can navigate the complexities of migration, ensuring a smooth transition to a modern IDP that aligns with their evolving business needs.

Talk to the Strata team today about how the Maverics Identity Orchestration platform can help with modernization.

Modernize any app with any IDP in minutes. Join the 'Orchestration Kitchen' workshops.